diff options
| author | aszlig <aszlig@redmoonstudios.org> | 2017-07-27 13:24:17 +0200 |
|---|---|---|
| committer | aszlig <aszlig@redmoonstudios.org> | 2017-09-13 23:16:37 +0200 |
| commit | 11b3ae74e19a075e8d733af99530fbbe697cf0d5 (patch) | |
| tree | d1153cf636df2d6999ef2c1123213bd76945a3d6 /nixos/tests/acme.nix | |
| parent | b3162a107491ce306996de591926830b68e9bc69 (diff) | |
nixos/tests: Add a basic test for ACME
The test here is pretty basic and only tests nginx, but it should get us
started to write tests for different webservers and different ACME
implementations.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Diffstat (limited to 'nixos/tests/acme.nix')
| -rw-r--r-- | nixos/tests/acme.nix | 62 |
1 files changed, 62 insertions, 0 deletions
diff --git a/nixos/tests/acme.nix b/nixos/tests/acme.nix new file mode 100644 index 000000000000..a48f4d75ae3e --- /dev/null +++ b/nixos/tests/acme.nix @@ -0,0 +1,62 @@ +let + commonConfig = { config, lib, pkgs, nodes, ... }: { + networking.nameservers = [ + nodes.letsencrypt.config.networking.primaryIPAddress + ]; + + nixpkgs.overlays = lib.singleton (self: super: { + cacert = super.cacert.overrideDerivation (drv: { + installPhase = (drv.installPhase or "") + '' + cat "${nodes.letsencrypt.config.test-support.letsencrypt.caCert}" \ + >> "$out/etc/ssl/certs/ca-bundle.crt" + ''; + }); + + pythonPackages = (super.python.override { + packageOverrides = lib.const (pysuper: { + requests = pysuper.requests.overrideDerivation (drv: { + postPatch = (drv.postPatch or "") + '' + cat "${self.cacert}/etc/ssl/certs/ca-bundle.crt" \ + > requests/cacert.pem + ''; + }); + }); + }).pkgs; + }); + }; + +in import ./make-test.nix { + name = "acme"; + + nodes = { + letsencrypt = ./common/letsencrypt.nix; + + webserver = { config, pkgs, ... }: { + imports = [ commonConfig ]; + networking.firewall.allowedTCPPorts = [ 80 443 ]; + + networking.extraHosts = '' + ${config.networking.primaryIPAddress} example.com + ''; + + services.nginx.enable = true; + services.nginx.virtualHosts."example.com" = { + enableACME = true; + forceSSL = true; + locations."/".root = pkgs.runCommand "docroot" {} '' + mkdir -p "$out" + echo hello world > "$out/index.html" + ''; + }; + }; + + client = commonConfig; + }; + + testScript = '' + $letsencrypt->waitForUnit("boulder.service"); + startAll; + $webserver->waitForUnit("acme-certificates.target"); + $client->succeed('curl https://example.com/ | grep -qF "hello world"'); + ''; +} |