diff options
author | Lucas Savva <lucas@m1cr0man.com> | 2020-09-04 18:48:47 +0100 |
---|---|---|
committer | Lucas Savva <lucas@m1cr0man.com> | 2020-09-04 19:34:10 +0100 |
commit | 67a5d660cbba42d4461cbc67296bb9e96fd9c74f (patch) | |
tree | 9f9de8723d4181282b330eb346cd546a17b223f8 /nixos/tests/acme.nix | |
parent | 1b6cfd9796788a3c5b8e8f27b49271f4a423c9a7 (diff) |
nixos/acme: Run postRun script as root
Diffstat (limited to 'nixos/tests/acme.nix')
-rw-r--r-- | nixos/tests/acme.nix | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/nixos/tests/acme.nix b/nixos/tests/acme.nix index 90ae06542c4c..223945907da9 100644 --- a/nixos/tests/acme.nix +++ b/nixos/tests/acme.nix @@ -79,8 +79,15 @@ in import ./make-test-python.nix ({ lib, ... }: { # Cert config changes will not cause the nginx configuration to change. # This tests that the reload service is correctly triggered. + # It also tests that postRun is exec'd as root specialisation.cert-change.configuration = { pkgs, ... }: { security.acme.certs."a.example.test".keyType = "ec384"; + security.acme.certs."a.example.test".postRun = '' + set -euo pipefail + touch test + chown root:root test + echo testing > test + ''; }; # Now adding an alias to ensure that the certs are updated @@ -283,6 +290,7 @@ in import ./make-test-python.nix ({ lib, ... }: { switch_to(webserver, "cert-change") webserver.wait_for_unit("acme-finished-a.example.test.target") check_connection_key_bits(client, "a.example.test", "384") + webserver.succeed("grep testing /var/lib/acme/a.example.test/test") with subtest("Can request certificate with HTTPS-01 when nginx startup is delayed"): switch_to(webserver, "slow-startup") |