pyrox.dev / nixpkgs
lol
fork atom

nixos/step-ca: add H2O test

โทสฺตัล 093d5cfa 9555f3e8

options
unified split
Changed files
+40
nixos
modules
services
web-servers
h2o
default.nix
tests
step-ca.nix
+2
nixos/modules/services/web-servers/h2o/default.nix 
···

       
20

       
20

       
 

       
    types


     

       
21

       
21

       
 

       
    ;


     

       
22

       
22

       
 

       



     

       

       
23

       
+

       
  mkCertOwnershipAssertion = import ../../../security/acme/mk-cert-ownership-assertion.nix lib;


     

       

       
24

       
+

       



     

       
23

       
25

       
 

       
  settingsFormat = pkgs.formats.yaml { };


     

       
24

       
26

       
 

       



     

       
25

       
27

       
 

       
  getNames = name: vhostSettings: rec {
+38
nixos/tests/step-ca.nix 
···

       
90

       
90

       
 

       
          };


     

       
91

       
91

       
 

       
        };


     

       
92

       
92

       
 

       



     

       

       
93

       
+

       
      caclienth2o =


     

       

       
94

       
+

       
        { config, pkgs, ... }:


     

       

       
95

       
+

       
        {


     

       

       
96

       
+

       
          security.acme = {


     

       

       
97

       
+

       
            acceptTerms = true;


     

       

       
98

       
+

       
            defaults = {


     

       

       
99

       
+

       
              server = "https://caserver:8443/acme/acme/directory";


     

       

       
100

       
+

       
              email = "root@example.org";


     

       

       
101

       
+

       
            };


     

       

       
102

       
+

       
          };


     

       

       
103

       
+

       
          security.pki.certificateFiles = [ "${test-certificates}/root_ca.crt" ];


     

       

       
104

       
+

       



     

       

       
105

       
+

       
          networking.firewall.allowedTCPPorts = [


     

       

       
106

       
+

       
            80


     

       

       
107

       
+

       
            443


     

       

       
108

       
+

       
          ];


     

       

       
109

       
+

       



     

       

       
110

       
+

       
          services.h2o = {


     

       

       
111

       
+

       
            enable = true;


     

       

       
112

       
+

       
            hosts."caclienth2o" = {


     

       

       
113

       
+

       
              tls.policy = "force";


     

       

       
114

       
+

       
              acme.enable = true;


     

       

       
115

       
+

       
              settings = {


     

       

       
116

       
+

       
                paths."/" = {


     

       

       
117

       
+

       
                  "file.file" = "${pkgs.writeTextFile {


     

       

       
118

       
+

       
                    name = "h2o_welcome.txt";


     

       

       
119

       
+

       
                    text = "Welcome to H2O!";


     

       

       
120

       
+

       
                  }}";


     

       

       
121

       
+

       
                };


     

       

       
122

       
+

       
              };


     

       

       
123

       
+

       
            };


     

       

       
124

       
+

       
          };


     

       

       
125

       
+

       
        };


     

       

       
126

       
+

       



     

       
93

       
127

       
 

       
      catester =


     

       
94

       
128

       
 

       
        { config, pkgs, ... }:


     

       
95

       
129

       
 

       
        {


     
···

       
110

       
144

       
 

       
        # It’s hard to know when Caddy has finished the ACME dance with


     

       
111

       
145

       
 

       
        # step-ca, so we keep trying cURL until success.


     

       
112

       
146

       
 

       
        catester.wait_until_succeeds("curl https://caclientcaddy/ | grep \"Welcome to Caddy!\"")


     

       

       
147

       
+

       



     

       

       
148

       
+

       
        caclienth2o.wait_for_unit("acme-finished-caclienth2o.target")


     

       

       
149

       
+

       
        caclienth2o.wait_for_unit("h2o.service")


     

       

       
150

       
+

       
        catester.succeed("curl https://caclienth2o/ | grep \"Welcome to H2O!\"")


     

       
113

       
151

       
 

       
      '';


     

       
114

       
152

       
 

       
  }


     

       
115

       
153

       
 

       
)