diff options
| author | Florian Klink <flokli@flokli.de> | 2021-01-27 17:52:16 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-01-27 17:52:16 +0100 |
| commit | 1030745555bc10335871c95340f4b47cadce9ce3 (patch) | |
| tree | 5c342f59157ab1b1ef9c3e2bbc0f44f406112cba /nixos/tests | |
| parent | 0ffa153e0a7b16e461be0a13cf1fa61fdbe7dd05 (diff) | |
| parent | 514a0b6d8adf9fa181549dd0ae5c52ee04846975 (diff) | |
Merge pull request #106857 from m1cr0man/master
nixos/acme: Fixes for account creation and remove tmpfiles usage
Diffstat (limited to 'nixos/tests')
| -rw-r--r-- | nixos/tests/acme.nix | 32 |
1 files changed, 31 insertions, 1 deletions
diff --git a/nixos/tests/acme.nix b/nixos/tests/acme.nix index eb152cf51a6a..c6d393d91963 100644 --- a/nixos/tests/acme.nix +++ b/nixos/tests/acme.nix @@ -77,6 +77,27 @@ in import ./make-test-python.nix ({ lib, ... }: { after = [ "acme-a.example.test.service" "nginx-config-reload.service" ]; }; + # Test that account creation is collated into one service + specialisation.account-creation.configuration = { nodes, pkgs, lib, ... }: let + email = "newhostmaster@example.test"; + caDomain = nodes.acme.config.test-support.acme.caDomain; + # Exit 99 to make it easier to track if this is the reason a renew failed + testScript = '' + test -e accounts/${caDomain}/${email}/account.json || exit 99 + ''; + in { + security.acme.email = lib.mkForce email; + systemd.services."b.example.test".preStart = testScript; + systemd.services."c.example.test".preStart = testScript; + + services.nginx.virtualHosts."b.example.test" = (vhostBase pkgs) // { + enableACME = true; + }; + services.nginx.virtualHosts."c.example.test" = (vhostBase pkgs) // { + enableACME = true; + }; + }; + # Cert config changes will not cause the nginx configuration to change. # This tests that the reload service is correctly triggered. # It also tests that postRun is exec'd as root @@ -289,7 +310,7 @@ in import ./make-test-python.nix ({ lib, ... }: { acme.start() webserver.start() - acme.wait_for_unit("default.target") + acme.wait_for_unit("network-online.target") acme.wait_for_unit("pebble.service") client.succeed("curl https://${caDomain}:15000/roots/0 > /tmp/ca.crt") @@ -314,6 +335,15 @@ in import ./make-test-python.nix ({ lib, ... }: { check_issuer(webserver, "a.example.test", "pebble") check_connection(client, "a.example.test") + with subtest("Runs 1 cert for account creation before others"): + switch_to(webserver, "account-creation") + webserver.wait_for_unit("acme-finished-a.example.test.target") + check_connection(client, "a.example.test") + webserver.wait_for_unit("acme-finished-b.example.test.target") + webserver.wait_for_unit("acme-finished-c.example.test.target") + check_connection(client, "b.example.test") + check_connection(client, "c.example.test") + with subtest("Can reload web server when cert configuration changes"): switch_to(webserver, "cert-change") webserver.wait_for_unit("acme-finished-a.example.test.target") |