diff options
| author | nyanloutre <paul@nyanlout.re> | 2019-02-06 15:46:00 +0100 |
|---|---|---|
| committer | nyanloutre <paul@nyanlout.re> | 2019-02-06 16:21:07 +0100 |
| commit | 4a5f1bb9bc7ae9a77b144bcc8b0570ea838d6ebb (patch) | |
| tree | 3f987ffdfaf6cf04d1170faaceb79584df9ae685 /nixos | |
| parent | eb753318b3716921d3ab3b1887385a5ee92b1884 (diff) | |
| download | nixpkgs-4a5f1bb9bc7ae9a77b144bcc8b0570ea838d6ebb.tar nixpkgs-4a5f1bb9bc7ae9a77b144bcc8b0570ea838d6ebb.tar.gz nixpkgs-4a5f1bb9bc7ae9a77b144bcc8b0570ea838d6ebb.tar.bz2 nixpkgs-4a5f1bb9bc7ae9a77b144bcc8b0570ea838d6ebb.tar.lz nixpkgs-4a5f1bb9bc7ae9a77b144bcc8b0570ea838d6ebb.tar.xz nixpkgs-4a5f1bb9bc7ae9a77b144bcc8b0570ea838d6ebb.tar.zst nixpkgs-4a5f1bb9bc7ae9a77b144bcc8b0570ea838d6ebb.zip | |
nixos/tests/matrix-synapse: generate ca and certificates
Diffstat (limited to 'nixos')
| -rw-r--r-- | nixos/tests/matrix-synapse.nix | 50 |
1 files changed, 43 insertions, 7 deletions
diff --git a/nixos/tests/matrix-synapse.nix b/nixos/tests/matrix-synapse.nix index 8504a7c0d05..882e4b75814 100644 --- a/nixos/tests/matrix-synapse.nix +++ b/nixos/tests/matrix-synapse.nix @@ -1,4 +1,32 @@ -import ./make-test.nix ({ pkgs, ... } : { +import ./make-test.nix ({ pkgs, ... } : let + + + runWithOpenSSL = file: cmd: pkgs.runCommand file { + buildInputs = [ pkgs.openssl ]; + } cmd; + + + ca_key = runWithOpenSSL "ca-key.pem" "openssl genrsa -out $out 2048"; + ca_pem = runWithOpenSSL "ca.pem" '' + openssl req \ + -x509 -new -nodes -key ${ca_key} \ + -days 10000 -out $out -subj "/CN=snakeoil-ca" + ''; + key = runWithOpenSSL "matrix_key.pem" "openssl genrsa -out $out 2048"; + csr = runWithOpenSSL "matrix.csr" '' + openssl req \ + -new -key ${key} \ + -out $out -subj "/CN=localhost" \ + ''; + cert = runWithOpenSSL "matrix_cert.pem" '' + openssl x509 \ + -req -in ${csr} \ + -CA ${ca_pem} -CAkey ${ca_key} \ + -CAcreateserial -out $out \ + -days 365 + ''; + +in { name = "matrix-synapse"; meta = with pkgs.stdenv.lib.maintainers; { @@ -8,23 +36,31 @@ import ./make-test.nix ({ pkgs, ... } : { nodes = { # Since 0.33.0, matrix-synapse doesn't allow underscores in server names serverpostgres = args: { - services.matrix-synapse.enable = true; - services.matrix-synapse.database_type = "psycopg2"; + services.matrix-synapse = { + enable = true; + database_type = "psycopg2"; + tls_certificate_path = "${cert}"; + tls_private_key_path = "${key}"; + }; }; serversqlite = args: { - services.matrix-synapse.enable = true; - services.matrix-synapse.database_type = "sqlite3"; + services.matrix-synapse = { + enable = true; + database_type = "sqlite3"; + tls_certificate_path = "${cert}"; + tls_private_key_path = "${key}"; + }; }; }; testScript = '' startAll; $serverpostgres->waitForUnit("matrix-synapse.service"); - $serverpostgres->waitUntilSucceeds("curl -Lk https://localhost:8448/"); + $serverpostgres->waitUntilSucceeds("curl -L --cacert ${ca_pem} https://localhost:8448/"); $serverpostgres->requireActiveUnit("postgresql.service"); $serversqlite->waitForUnit("matrix-synapse.service"); - $serversqlite->waitUntilSucceeds("curl -Lk https://localhost:8448/"); + $serversqlite->waitUntilSucceeds("curl -L --cacert ${ca_pem} https://localhost:8448/"); $serversqlite->mustSucceed("[ -e /var/lib/matrix-synapse/homeserver.db ]"); ''; |