pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / tests / rustls-libssl.nix
at 25.11-pre 2.5 kB view raw
1import ./make-test-python.nix ( 2 { pkgs, lib, ... }: 3 let 4 caCert = builtins.readFile ./common/acme/server/ca.cert.pem; 5 certPath = ./common/acme/server/acme.test.cert.pem; 6 keyPath = ./common/acme/server/acme.test.key.pem; 7 hosts = '' 8 192.168.2.101 acme.test 9 ''; 10 in 11 { 12 name = "rustls-libssl"; 13 meta.maintainers = with pkgs.lib.maintainers; [ 14 stephank 15 cpu 16 ]; 17 18 nodes = { 19 server = 20 { lib, pkgs, ... }: 21 { 22 networking = { 23 interfaces.eth1 = { 24 ipv4.addresses = [ 25 { 26 address = "192.168.2.101"; 27 prefixLength = 24; 28 } 29 ]; 30 }; 31 extraHosts = hosts; 32 firewall.allowedTCPPorts = [ 443 ]; 33 }; 34 35 security.pki.certificates = [ caCert ]; 36 37 services.nginx = { 38 enable = true; 39 package = pkgs.nginxMainline.override { 40 openssl = pkgs.rustls-libssl; 41 modules = [ ]; # slightly reduces the size of the build 42 }; 43 44 # Hardcoded sole input accepted by rustls-libssl. 45 sslCiphers = "HIGH:!aNULL:!MD5"; 46 47 virtualHosts."acme.test" = { 48 onlySSL = true; 49 sslCertificate = certPath; 50 sslCertificateKey = keyPath; 51 http2 = true; 52 reuseport = true; 53 root = lib.mkForce ( 54 pkgs.runCommandLocal "testdir" { } '' 55 mkdir "$out" 56 cat > "$out/index.html" <<EOF 57 <html><body>Hello World!</body></html> 58 EOF 59 '' 60 ); 61 }; 62 }; 63 }; 64 65 client = 66 { pkgs, ... }: 67 { 68 environment.systemPackages = [ pkgs.curlHTTP3 ]; 69 networking = { 70 interfaces.eth1 = { 71 ipv4.addresses = [ 72 { 73 address = "192.168.2.201"; 74 prefixLength = 24; 75 } 76 ]; 77 }; 78 extraHosts = hosts; 79 }; 80 81 security.pki.certificates = [ caCert ]; 82 }; 83 }; 84 85 testScript = '' 86 start_all() 87 server.wait_for_open_port(443) 88 client.succeed("curl --verbose --http1.1 https://acme.test | grep 'Hello World!'") 89 client.succeed("curl --verbose --http2-prior-knowledge https://acme.test | grep 'Hello World!'") 90 ''; 91 } 92)