nixos/wordpress: generate secrets locally

Use /dev/urandom to generate keys and salts instead of downloading them
from https://api.wordpress.org/secret-key/1.1/salt/

1 files changed, 5 insertions, 6 deletions

diff --git a/nixos/tests/wordpress.nix b/nixos/tests/wordpress.nix
index 774ef6293b5..c6acfa6c1f3 100644
--- a/nixos/tests/wordpress.nix
+++ b/nixos/tests/wordpress.nix
@@ -20,12 +20,6 @@ import ./make-test.nix ({ pkgs, ... }:
       };
 
       networking.hosts."127.0.0.1" = [ "site1.local" "site2.local" ];
-
-      # required for wordpress-init.service to succeed
-      systemd.tmpfiles.rules = [
-        "F /var/lib/wordpress/site1.local/secret-keys.php 0440 wordpress wwwrun - -"
-        "F /var/lib/wordpress/site2.local/secret-keys.php 0440 wordpress wwwrun - -"
-      ];
     };
 
   testScript = ''
@@ -37,6 +31,11 @@ import ./make-test.nix ({ pkgs, ... }:
 
     $machine->succeed("curl -L site1.local | grep 'Welcome to the famous'");
     $machine->succeed("curl -L site2.local | grep 'Welcome to the famous'");
+
+    $machine->succeed("systemctl --no-pager show wordpress-init-site1.local.service | grep 'ExecStart=.*status=0'");
+    $machine->succeed("systemctl --no-pager show wordpress-init-site2.local.service | grep 'ExecStart=.*status=0'");
+    $machine->succeed("grep -E '^define.*NONCE_SALT.{64,};\$' /var/lib/wordpress/site1.local/secret-keys.php");
+    $machine->succeed("grep -E '^define.*NONCE_SALT.{64,};\$' /var/lib/wordpress/site2.local/secret-keys.php");
   '';
 
 })