pyrox.dev
1let
2 commonConfig = { lib, nodes, ... }: {
3 networking.nameservers = [
4 nodes.letsencrypt.config.networking.primaryIPAddress
5 ];
6
7 nixpkgs.overlays = lib.singleton (self: super: {
8 cacert = super.cacert.overrideDerivation (drv: {
9 installPhase = (drv.installPhase or "") + ''
10 cat "${nodes.letsencrypt.config.test-support.letsencrypt.caCert}" \
11 >> "$out/etc/ssl/certs/ca-bundle.crt"
12 '';
13 });
14
15 # Override certifi so that it accepts fake certificate for Let's Encrypt
16 # Need to override the attribute used by simp_le, which is python3Packages
17 python3Packages = (super.python3.override {
18 packageOverrides = lib.const (pysuper: {
19 certifi = pysuper.certifi.overridePythonAttrs (attrs: {
20 postPatch = (attrs.postPatch or "") + ''
21 cat "${self.cacert}/etc/ssl/certs/ca-bundle.crt" \
22 > certifi/cacert.pem
23 '';
24 });
25 });
26 }).pkgs;
27 });
28 };
29
30in import ./make-test.nix {
31 name = "acme";
32
33 nodes = {
34 letsencrypt = ./common/letsencrypt;
35
36 webserver = { config, pkgs, ... }: {
37 imports = [ commonConfig ];
38 networking.firewall.allowedTCPPorts = [ 80 443 ];
39
40 networking.extraHosts = ''
41 ${config.networking.primaryIPAddress} example.com
42 '';
43
44 services.nginx.enable = true;
45 services.nginx.virtualHosts."example.com" = {
46 enableACME = true;
47 forceSSL = true;
48 locations."/".root = pkgs.runCommand "docroot" {} ''
49 mkdir -p "$out"
50 echo hello world > "$out/index.html"
51 '';
52 };
53 };
54
55 client = commonConfig;
56 };
57
58 testScript = ''
59 $letsencrypt->waitForUnit("default.target");
60 $letsencrypt->waitForUnit("boulder.service");
61 $webserver->waitForUnit("default.target");
62 $webserver->waitForUnit("acme-certificates.target");
63 $client->waitForUnit("default.target");
64 $client->succeed('curl https://example.com/ | grep -qF "hello world"');
65 '';
66}