nixos/tests/ente/generate-certs.nix at master · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs

lol

nixpkgs / nixos / tests / ente / generate-certs.nix

at master 927 B view raw

 1# Minica can provide a CA key and cert, plus a key
 2# and cert for our fake CA server's Web Front End (WFE).
 3{
 4  pkgs ? import <nixpkgs> { },
 5  minica ? pkgs.minica,
 6  mkDerivation ? pkgs.stdenv.mkDerivation,
 7}:
 8let
 9  conf = import ./snakeoil-certs.nix;
10  domain = conf.domain;
11in
12mkDerivation {
13  name = "test-certs";
14  buildInputs = [
15    (minica.overrideAttrs (_old: {
16      prePatch = ''
17        sed -i 's_NotAfter: time.Now().AddDate(2, 0, 30),_NotAfter: time.Now().AddDate(20, 0, 0),_' main.go
18      '';
19    }))
20  ];
21  dontUnpack = true;
22
23  buildPhase = ''
24    minica \
25      --ca-key ca.key.pem \
26      --ca-cert ca.cert.pem \
27      --domains ${domain},accounts.${domain},albums.${domain},api.${domain},cast.${domain},photos.${domain},s3.${domain}
28  '';
29
30  installPhase = ''
31    mkdir -p $out
32    mv ca.*.pem $out/
33    mv ${domain}/key.pem $out/${domain}.key.pem
34    mv ${domain}/cert.pem $out/${domain}.cert.pem
35  '';
36}