nixos/tests/letsencrypt: Hardcode certs and keys

In 0c7c1660f78e4f6befe0a210e1a9efae783a1733 I have set allowSubstitutes
to false, which avoided the substitution of the certificates.

Unfortunately substitution may still happen later when the certificate
is merged with the CA bundle. So the merged CA bundle might be
substituted from a binary cache but the certificate itself is built
locally, which could result in a different certificate in the bundle.

So instead of adding just yet another workaround, I've now hardcoded all
the certificates and keys in a separate file. This also moves
letsencrypt.nix into its own directory so we don't mess up
nixos/tests/common too much.

This was long overdue and should finally make the dependency graph for
the ACME test more deterministic.

Signed-off-by: aszlig <aszlig@nix.build>

1 files changed, 1 insertions, 1 deletions

diff --git a/nixos/tests/common/resolver.nix b/nixos/tests/common/resolver.nix
index a1901c5c816..6be8d1d18e6 100644
--- a/nixos/tests/common/resolver.nix
+++ b/nixos/tests/common/resolver.nix
@@ -18,7 +18,7 @@
       defining this option needs to be explicitly imported.
 
       The reason this option exists is for the
-      <filename>nixos/tests/common/letsencrypt.nix</filename> module, which
+      <filename>nixos/tests/common/letsencrypt</filename> module, which
       needs that option to disable the resolver once the user has set its own
       resolver.
     '';