blob: d7452744e17b2e0d05b66c8a744b4f31f722d177 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
|
let
commonConfig = { config, lib, pkgs, nodes, ... }: {
networking.nameservers = [
nodes.letsencrypt.config.networking.primaryIPAddress
];
nixpkgs.overlays = lib.singleton (self: super: {
cacert = super.cacert.overrideDerivation (drv: {
installPhase = (drv.installPhase or "") + ''
cat "${nodes.letsencrypt.config.test-support.letsencrypt.caCert}" \
>> "$out/etc/ssl/certs/ca-bundle.crt"
'';
});
pythonPackages = (super.python.override {
packageOverrides = lib.const (pysuper: {
certifi = pysuper.certifi.overridePythonAttrs (attrs: {
postPatch = (attrs.postPatch or "") + ''
cat "${self.cacert}/etc/ssl/certs/ca-bundle.crt" \
> certifi/cacert.pem
'';
});
});
}).pkgs;
});
};
in import ./make-test.nix {
name = "acme";
nodes = {
letsencrypt = ./common/letsencrypt.nix;
webserver = { config, pkgs, ... }: {
imports = [ commonConfig ];
networking.firewall.allowedTCPPorts = [ 80 443 ];
networking.extraHosts = ''
${config.networking.primaryIPAddress} example.com
'';
services.nginx.enable = true;
services.nginx.virtualHosts."example.com" = {
enableACME = true;
forceSSL = true;
locations."/".root = pkgs.runCommand "docroot" {} ''
mkdir -p "$out"
echo hello world > "$out/index.html"
'';
};
};
client = commonConfig;
};
testScript = ''
$letsencrypt->waitForUnit("boulder.service");
startAll;
$webserver->waitForUnit("acme-certificates.target");
$client->succeed('curl https://example.com/ | grep -qF "hello world"');
'';
}
|