diff options
author | Graham Christensen <graham@grahamc.com> | 2020-03-05 17:07:20 -0500 |
---|---|---|
committer | Graham Christensen <graham@grahamc.com> | 2020-04-12 08:12:50 -0400 |
commit | ec2d28e3233c4c04fe6afe13e828691d099167ae (patch) | |
tree | 80d3efd6ffd191559bd5d222a765570cc73c604e /nixos/tests/acme.nix | |
parent | 807ca93fadd5197c2260490de0c76e500562dc05 (diff) |
specialisation: replace nesting with named configurations
Co-authored-by: worldofpeace <worldofpeace@protonmail.ch>
Diffstat (limited to 'nixos/tests/acme.nix')
-rw-r--r-- | nixos/tests/acme.nix | 94 |
1 files changed, 46 insertions, 48 deletions
diff --git a/nixos/tests/acme.nix b/nixos/tests/acme.nix index e045f3415fa0..638601cd75f3 100644 --- a/nixos/tests/acme.nix +++ b/nixos/tests/acme.nix @@ -91,52 +91,50 @@ in import ./make-test-python.nix { security.acme.server = "https://acme-v02.api.letsencrypt.org/dir"; - nesting.clone = [ - ({pkgs, ...}: { - systemd.targets."acme-finished-b.example.com" = {}; - systemd.services."acme-b.example.com" = { - wants = [ "acme-finished-b.example.com.target" ]; - before = [ "acme-finished-b.example.com.target" ]; - after = [ "nginx.service" ]; - }; - services.nginx.virtualHosts."b.example.com" = { - enableACME = true; - forceSSL = true; - locations."/".root = pkgs.runCommand "docroot" {} '' - mkdir -p "$out" - echo hello world > "$out/index.html" - ''; - }; - }) - ({pkgs, config, nodes, lib, ...}: { - security.acme.certs."example.com" = { - domain = "*.example.com"; - dnsProvider = "exec"; - dnsPropagationCheck = false; - credentialsFile = with pkgs; writeText "wildcard.env" '' - EXEC_PATH=${dnsScript { inherit writeScript bash curl; dnsAddress = nodes.dnsserver.config.networking.primaryIPAddress; }} - ''; - user = config.services.nginx.user; - group = config.services.nginx.group; - }; - systemd.targets."acme-finished-example.com" = {}; - systemd.services."acme-example.com" = { - wants = [ "acme-finished-example.com.target" ]; - before = [ "acme-finished-example.com.target" "nginx.service" ]; - wantedBy = [ "nginx.service" ]; - }; - services.nginx.virtualHosts."c.example.com" = { - forceSSL = true; - sslCertificate = config.security.acme.certs."example.com".directory + "/cert.pem"; - sslTrustedCertificate = config.security.acme.certs."example.com".directory + "/full.pem"; - sslCertificateKey = config.security.acme.certs."example.com".directory + "/key.pem"; - locations."/".root = pkgs.runCommand "docroot" {} '' - mkdir -p "$out" - echo hello world > "$out/index.html" - ''; - }; - }) - ]; + specialisation.second-cert.configuration = {pkgs, ...}: { + systemd.targets."acme-finished-b.example.com" = {}; + systemd.services."acme-b.example.com" = { + wants = [ "acme-finished-b.example.com.target" ]; + before = [ "acme-finished-b.example.com.target" ]; + after = [ "nginx.service" ]; + }; + services.nginx.virtualHosts."b.example.com" = { + enableACME = true; + forceSSL = true; + locations."/".root = pkgs.runCommand "docroot" {} '' + mkdir -p "$out" + echo hello world > "$out/index.html" + ''; + }; + }; + specialisation.dns-01.configuration = {pkgs, config, nodes, lib, ...}: { + security.acme.certs."example.com" = { + domain = "*.example.com"; + dnsProvider = "exec"; + dnsPropagationCheck = false; + credentialsFile = with pkgs; writeText "wildcard.env" '' + EXEC_PATH=${dnsScript { inherit writeScript bash curl; dnsAddress = nodes.dnsserver.config.networking.primaryIPAddress; }} + ''; + user = config.services.nginx.user; + group = config.services.nginx.group; + }; + systemd.targets."acme-finished-example.com" = {}; + systemd.services."acme-example.com" = { + wants = [ "acme-finished-example.com.target" ]; + before = [ "acme-finished-example.com.target" "nginx.service" ]; + wantedBy = [ "nginx.service" ]; + }; + services.nginx.virtualHosts."c.example.com" = { + forceSSL = true; + sslCertificate = config.security.acme.certs."example.com".directory + "/cert.pem"; + sslTrustedCertificate = config.security.acme.certs."example.com".directory + "/full.pem"; + sslCertificateKey = config.security.acme.certs."example.com".directory + "/key.pem"; + locations."/".root = pkgs.runCommand "docroot" {} '' + mkdir -p "$out" + echo hello world > "$out/index.html" + ''; + }; + }; }; client = {nodes, lib, ...}: { @@ -196,7 +194,7 @@ in import ./make-test-python.nix { with subtest("Can add another certificate for nginx service"): webserver.succeed( - "/run/current-system/fine-tune/child-1/bin/switch-to-configuration test" + "/run/current-system/specialisation/second-cert/bin/switch-to-configuration test" ) webserver.wait_for_unit("acme-finished-b.example.com.target") client.succeed( @@ -208,7 +206,7 @@ in import ./make-test-python.nix { "${switchToNewServer}" ) webserver.succeed( - "/run/current-system/fine-tune/child-2/bin/switch-to-configuration test" + "/run/current-system/specialisation/dns-01/bin/switch-to-configuration test" ) webserver.wait_for_unit("acme-finished-example.com.target") client.succeed( |