pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / tests / acme / default.nix
at master 2.1 kB view raw
1{ runTest }: 2let 3 domain = "example.test"; 4in 5{ 6 http01-builtin = runTest ./http01-builtin.nix; 7 dns01 = runTest ./dns01.nix; 8 caddy = runTest ./caddy.nix; 9 nginx = runTest ( 10 import ./webserver.nix { 11 inherit domain; 12 serverName = "nginx"; 13 group = "nginx"; 14 baseModule = { 15 services.nginx = { 16 enable = true; 17 enableReload = true; 18 logError = "stderr info"; 19 # This tests a number of things at once: 20 # - Self-signed certs are in place before the webserver startup 21 # - Nginx is started before acme renewal is attempted 22 # - useACMEHost behaves as expected 23 # - acmeFallbackHost behaves as expected 24 virtualHosts.default = { 25 default = true; 26 addSSL = true; 27 useACMEHost = "proxied.example.test"; 28 acmeFallbackHost = "localhost:8080"; 29 }; 30 }; 31 specialisation.nullroot.configuration = { 32 services.nginx.virtualHosts."nullroot.${domain}".acmeFallbackHost = "localhost:8081"; 33 }; 34 }; 35 } 36 ); 37 httpd = runTest ( 38 import ./webserver.nix { 39 inherit domain; 40 serverName = "httpd"; 41 group = "wwwrun"; 42 baseModule = { 43 services.httpd = { 44 enable = true; 45 # This is the default by virtue of being the first defined vhost. 46 virtualHosts.default = { 47 addSSL = true; 48 useACMEHost = "proxied.example.test"; 49 locations."/.well-known/acme-challenge" = { 50 proxyPass = "http://localhost:8080/.well-known/acme-challenge"; 51 extraConfig = '' 52 ProxyPreserveHost On 53 ''; 54 }; 55 }; 56 }; 57 specialisation.nullroot.configuration = { 58 services.httpd.virtualHosts."nullroot.${domain}" = { 59 locations."/.well-known/acme-challenge" = { 60 proxyPass = "http://localhost:8081/.well-known/acme-challenge"; 61 extraConfig = '' 62 ProxyPreserveHost On 63 ''; 64 }; 65 }; 66 }; 67 }; 68 } 69 ); 70}