nixos/tests/acme.nix at 18.03-beta · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / tests / acme.nix
at 18.03-beta 1.8 kB view raw
 1let
 2  commonConfig = { config, lib, pkgs, nodes, ... }: {
 3    networking.nameservers = [
 4      nodes.letsencrypt.config.networking.primaryIPAddress
 5    ];
 6
 7    nixpkgs.overlays = lib.singleton (self: super: {
 8      cacert = super.cacert.overrideDerivation (drv: {
 9        installPhase = (drv.installPhase or "") + ''
10          cat "${nodes.letsencrypt.config.test-support.letsencrypt.caCert}" \
11            >> "$out/etc/ssl/certs/ca-bundle.crt"
12        '';
13      });
14
15      pythonPackages = (super.python.override {
16        packageOverrides = lib.const (pysuper: {
17          certifi = pysuper.certifi.overridePythonAttrs (attrs: {
18            postPatch = (attrs.postPatch or "") + ''
19              cat "${self.cacert}/etc/ssl/certs/ca-bundle.crt" \
20                > certifi/cacert.pem
21            '';
22          });
23        });
24      }).pkgs;
25    });
26  };
27
28in import ./make-test.nix {
29  name = "acme";
30
31  nodes = {
32    letsencrypt = ./common/letsencrypt.nix;
33
34    webserver = { config, pkgs, ... }: {
35      imports = [ commonConfig ];
36      networking.firewall.allowedTCPPorts = [ 80 443 ];
37
38      networking.extraHosts = ''
39        ${config.networking.primaryIPAddress} example.com
40      '';
41
42      services.nginx.enable = true;
43      services.nginx.virtualHosts."example.com" = {
44        enableACME = true;
45        forceSSL = true;
46        locations."/".root = pkgs.runCommand "docroot" {} ''
47          mkdir -p "$out"
48          echo hello world > "$out/index.html"
49        '';
50      };
51    };
52
53    client = commonConfig;
54  };
55
56  testScript = ''
57    $letsencrypt->waitForUnit("boulder.service");
58    startAll;
59    $webserver->waitForUnit("acme-certificates.target");
60    $client->succeed('curl https://example.com/ | grep -qF "hello world"');
61  '';
62}