pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / tests / cfssl.nix
at 18.09-beta 1.9 kB view raw
1import ./make-test.nix ({ pkgs, ...} : { 2 name = "cfssl"; 3 4 machine = { config, lib, pkgs, ... }: 5 { 6 networking.firewall.allowedTCPPorts = [ config.services.cfssl.port ]; 7 8 services.cfssl.enable = true; 9 systemd.services.cfssl.after = [ "cfssl-init.service" ]; 10 11 systemd.services.cfssl-init = { 12 description = "Initialize the cfssl CA"; 13 wantedBy = [ "multi-user.target" ]; 14 serviceConfig = { 15 User = "cfssl"; 16 Type = "oneshot"; 17 WorkingDirectory = config.services.cfssl.dataDir; 18 }; 19 script = with pkgs; '' 20 ${cfssl}/bin/cfssl genkey -initca ${pkgs.writeText "ca.json" (builtins.toJSON { 21 hosts = [ "ca.example.com" ]; 22 key = { 23 algo = "rsa"; size = 4096; }; 24 names = [ 25 { 26 C = "US"; 27 L = "San Francisco"; 28 O = "Internet Widgets, LLC"; 29 OU = "Certificate Authority"; 30 ST = "California"; 31 } 32 ]; 33 })} | ${cfssl}/bin/cfssljson -bare ca 34 ''; 35 }; 36 }; 37 38 testScript = 39 let 40 cfsslrequest = with pkgs; writeScript "cfsslrequest" '' 41 curl -X POST -H "Content-Type: application/json" -d @${csr} \ 42 http://localhost:8888/api/v1/cfssl/newkey | ${cfssl}/bin/cfssljson /tmp/certificate 43 ''; 44 csr = pkgs.writeText "csr.json" (builtins.toJSON { 45 CN = "www.example.com"; 46 hosts = [ "example.com" "www.example.com" ]; 47 key = { 48 algo = "rsa"; 49 size = 2048; 50 }; 51 names = [ 52 { 53 C = "US"; 54 L = "San Francisco"; 55 O = "Example Company, LLC"; 56 OU = "Operations"; 57 ST = "California"; 58 } 59 ]; 60 }); 61 in 62 '' 63 $machine->waitForUnit('cfssl.service'); 64 $machine->waitUntilSucceeds('${cfsslrequest}'); 65 $machine->succeed('ls /tmp/certificate-key.pem'); 66 ''; 67})