pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / tests / nginx-proxyprotocol / generate-certs.nix
at 23.11-beta 855 B view raw
1# Minica can provide a CA key and cert, plus a key 2# and cert for our fake CA server's Web Front End (WFE). 3{ 4 pkgs ? import <nixpkgs> {}, 5 minica ? pkgs.minica, 6 runCommandCC ? pkgs.runCommandCC, 7}: 8let 9 conf = import ./snakeoil-certs.nix; 10 domain = conf.domain; 11 domainSanitized = pkgs.lib.replaceStrings ["*"] ["_"] domain; 12in 13 runCommandCC "generate-tests-certs" { 14 buildInputs = [ (minica.overrideAttrs (old: { 15 postPatch = '' 16 sed -i 's_NotAfter: time.Now().AddDate(2, 0, 30),_NotAfter: time.Now().AddDate(20, 0, 0),_' main.go 17 ''; 18 })) ]; 19 20 } '' 21 minica \ 22 --ca-key ca.key.pem \ 23 --ca-cert ca.cert.pem \ 24 --domains "${domain}" 25 26 mkdir -p $out 27 mv ca.*.pem $out/ 28 mv ${domainSanitized}/key.pem $out/${domainSanitized}.key.pem 29 mv ${domainSanitized}/cert.pem $out/${domainSanitized}.cert.pem 30 ''