nixos/tests/nginx-proxyprotocol/generate-certs.nix at 25.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs

lol

nixpkgs / nixos / tests / nginx-proxyprotocol / generate-certs.nix

at 25.11-pre 888 B view raw

 1# Minica can provide a CA key and cert, plus a key
 2# and cert for our fake CA server's Web Front End (WFE).
 3{
 4  pkgs ? import <nixpkgs> { },
 5  minica ? pkgs.minica,
 6  runCommandCC ? pkgs.runCommandCC,
 7}:
 8let
 9  conf = import ./snakeoil-certs.nix;
10  domain = conf.domain;
11  domainSanitized = pkgs.lib.replaceStrings [ "*" ] [ "_" ] domain;
12in
13runCommandCC "generate-tests-certs"
14  {
15    buildInputs = [
16      (minica.overrideAttrs (old: {
17        postPatch = ''
18          sed -i 's_NotAfter: time.Now().AddDate(2, 0, 30),_NotAfter: time.Now().AddDate(20, 0, 0),_' main.go
19        '';
20      }))
21    ];
22
23  }
24  ''
25    minica \
26      --ca-key ca.key.pem \
27      --ca-cert ca.cert.pem \
28      --domains "${domain}"
29
30    mkdir -p $out
31    mv ca.*.pem $out/
32    mv ${domainSanitized}/key.pem $out/${domainSanitized}.key.pem
33    mv ${domainSanitized}/cert.pem $out/${domainSanitized}.cert.pem
34  ''