pyrox.dev
1import ./make-test-python.nix ({ pkgs, ...} : {
2 name = "cfssl";
3
4 nodes.machine = { config, lib, pkgs, ... }:
5 {
6 networking.firewall.allowedTCPPorts = [ config.services.cfssl.port ];
7
8 services.cfssl.enable = true;
9 systemd.services.cfssl.after = [ "cfssl-init.service" ];
10
11 systemd.services.cfssl-init = {
12 description = "Initialize the cfssl CA";
13 wantedBy = [ "multi-user.target" ];
14 serviceConfig = {
15 User = "cfssl";
16 Type = "oneshot";
17 WorkingDirectory = config.services.cfssl.dataDir;
18 };
19 script = with pkgs; ''
20 ${cfssl}/bin/cfssl genkey -initca ${pkgs.writeText "ca.json" (builtins.toJSON {
21 hosts = [ "ca.example.com" ];
22 key = {
23 algo = "rsa"; size = 4096; };
24 names = [
25 {
26 C = "US";
27 L = "San Francisco";
28 O = "Internet Widgets, LLC";
29 OU = "Certificate Authority";
30 ST = "California";
31 }
32 ];
33 })} | ${cfssl}/bin/cfssljson -bare ca
34 '';
35 };
36 };
37
38 testScript =
39 let
40 cfsslrequest = with pkgs; writeScript "cfsslrequest" ''
41 curl -f -X POST -H "Content-Type: application/json" -d @${csr} \
42 http://localhost:8888/api/v1/cfssl/newkey | ${cfssl}/bin/cfssljson /tmp/certificate
43 '';
44 csr = pkgs.writeText "csr.json" (builtins.toJSON {
45 CN = "www.example.com";
46 hosts = [ "example.com" "www.example.com" ];
47 key = {
48 algo = "rsa";
49 size = 2048;
50 };
51 names = [
52 {
53 C = "US";
54 L = "San Francisco";
55 O = "Example Company, LLC";
56 OU = "Operations";
57 ST = "California";
58 }
59 ];
60 });
61 in
62 ''
63 machine.wait_for_unit("cfssl.service")
64 machine.wait_until_succeeds("${cfsslrequest}")
65 machine.succeed("ls /tmp/certificate-key.pem")
66 '';
67})