diff options
| author | Arian van Putten <arian.vanputten@gmail.com> | 2020-04-14 20:04:44 +0200 |
|---|---|---|
| committer | Arian van Putten <arian.vanputten@gmail.com> | 2020-06-15 11:05:00 +0200 |
| commit | 0952336d1d048617b9c976e90c4078ebe0c7ab46 (patch) | |
| tree | 7d4ba35fe04a23a0ce36586ce8a5246463dafae7 /nixos/tests/acme.nix | |
| parent | cfd672a94d3a5a1505871658bbceb06344dfe80f (diff) | |
nixos/acme: Move regression test into acme.nix
Diffstat (limited to 'nixos/tests/acme.nix')
| -rw-r--r-- | nixos/tests/acme.nix | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/nixos/tests/acme.nix b/nixos/tests/acme.nix index 826dd8f97d1f..a81884737213 100644 --- a/nixos/tests/acme.nix +++ b/nixos/tests/acme.nix @@ -99,6 +99,7 @@ in import ./make-test-python.nix ({ lib, ... }: { ''; }; }; + specialisation.dns-01.configuration = {pkgs, config, nodes, lib, ...}: { security.acme.certs."example.test" = { domain = "*.example.test"; @@ -129,6 +130,26 @@ in import ./make-test-python.nix ({ lib, ... }: { ''; }; }; + + # When nginx depends on a service that is slow to start up, requesting used to fail + # certificates fail. Reproducer for https://github.com/NixOS/nixpkgs/issues/81842 + specialisation.slow-startup.configuration = { pkgs, config, nodes, lib, ...}: { + systemd.services.my-slow-service = { + wantedBy = [ "multi-user.target" "nginx.service" ]; + before = [ "nginx.service" ]; + preStart = "sleep 5"; + script = "${pkgs.python3}/bin/python -m http.server"; + }; + systemd.targets."acme-finished-d.example.com" = { + after = [ "acme-d.example.com.service" ]; + wantedBy = [ "acme-d.example.com.service" ]; + }; + services.nginx.virtualHosts."d.example.com" = { + forceSSL = true; + enableACME = true; + locations."/".proxyPass = "http://localhost:8000"; + }; + }; }; client = {nodes, lib, ...}: { @@ -204,5 +225,15 @@ in import ./make-test-python.nix ({ lib, ... }: { client.succeed( "curl --cacert /tmp/ca.crt https://c.example.test/ | grep -qF 'hello world'" ) + + with subtest("Can request certificate of nginx when startup is delayed"): + webserver.succeed( + "${switchToNewServer}" + ) + webserver.succeed( + "/run/current-system/specialisation/slow-startup/bin/switch-to-configuration test" + ) + webserver.wait_for_unit("acme-finished-d.example.com.target") + client.succeed("curl --cacert /tmp/ca.crt https://d.example.com/") ''; }) |