nixos/tests/common/acme/server/generate-certs.nix at 23.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs

lol

nixpkgs / nixos / tests / common / acme / server / generate-certs.nix

at 23.11-pre 815 B view raw

 1# Minica can provide a CA key and cert, plus a key
 2# and cert for our fake CA server's Web Front End (WFE).
 3{
 4  pkgs ? import <nixpkgs> {},
 5  minica ? pkgs.minica,
 6  mkDerivation ? pkgs.stdenv.mkDerivation
 7}:
 8let
 9  conf = import ./snakeoil-certs.nix;
10  domain = conf.domain;
11in mkDerivation {
12  name = "test-certs";
13  buildInputs = [ (minica.overrideAttrs (old: {
14    prePatch = ''
15      sed -i 's_NotAfter: time.Now().AddDate(2, 0, 30),_NotAfter: time.Now().AddDate(20, 0, 0),_' main.go
16    '';
17  })) ];
18  dontUnpack = true;
19
20  buildPhase = ''
21    minica \
22      --ca-key ca.key.pem \
23      --ca-cert ca.cert.pem \
24      --domains ${domain}
25  '';
26
27  installPhase = ''
28    mkdir -p $out
29    mv ca.*.pem $out/
30    mv ${domain}/key.pem $out/${domain}.key.pem
31    mv ${domain}/cert.pem $out/${domain}.cert.pem
32  '';
33}