commit 1fe7725039725c7bf9d198cf0136edac9e7a85a1 · pyrox.dev/nixpkgs

+1 -1

nixos/tests/all-tests.nix

···

       306
        
           "x86_64-linux"

     

       307
        
         ] ./ceph-single-node-bluestore-dmcrypt.nix;

     

       308
        
         certmgr = import ./certmgr.nix { inherit pkgs runTest; };

     

       309
       -
         cfssl = handleTestOn [ "aarch64-linux" "x86_64-linux" ] ./cfssl.nix { };

     

       310
        
         cgit = runTest ./cgit.nix;

     

       311
        
         charliecloud = runTest ./charliecloud.nix;

     

       312
        
         chromadb = runTest ./chromadb.nix;

···

       306
        
           "x86_64-linux"

     

       307
        
         ] ./ceph-single-node-bluestore-dmcrypt.nix;

     

       308
        
         certmgr = import ./certmgr.nix { inherit pkgs runTest; };

     

       309
       +
         cfssl = runTestOn [ "aarch64-linux" "x86_64-linux" ] ./cfssl.nix;

     

       310
        
         cgit = runTest ./cgit.nix;

     

       311
        
         charliecloud = runTest ./charliecloud.nix;

     

       312
        
         chromadb = runTest ./chromadb.nix;

+81 -83

nixos/tests/cfssl.nix

···

       1
       -
       import ./make-test-python.nix (

     

       2
       -
         { pkgs, ... }:

     

       3
       -
         {

     

       4
       -
           name = "cfssl";

     

       5
        
       

     

       6
       -
           nodes.machine =

     

       7
       -
             {

     

       8
       -
               config,

     

       9
       -
               lib,

     

       10
       -
               pkgs,

     

       11
       -
               ...

     

       12
       -
             }:

     

       13
       -
             {

     

       14
       -
               networking.firewall.allowedTCPPorts = [ config.services.cfssl.port ];

     

       15
        
       

     

       16
       -
               services.cfssl.enable = true;

     

       17
       -
               systemd.services.cfssl.after = [ "cfssl-init.service" ];

     

       18
        
       

     

       19
       -
               systemd.services.cfssl-init = {

     

       20
       -
                 description = "Initialize the cfssl CA";

     

       21
       -
                 wantedBy = [ "multi-user.target" ];

     

       22
       -
                 serviceConfig = {

     

       23
       -
                   User = "cfssl";

     

       24
       -
                   Type = "oneshot";

     

       25
       -
                   WorkingDirectory = config.services.cfssl.dataDir;

     

       26
       -
                 };

     

       27
       -
                 script = with pkgs; ''

     

       28
       -
                   ${cfssl}/bin/cfssl genkey -initca ${

     

       29
       -
                     pkgs.writeText "ca.json" (

     

       30
       -
                       builtins.toJSON {

     

       31
       -
                         hosts = [ "ca.example.com" ];

     

       32
       -
                         key = {

     

       33
       -
                           algo = "rsa";

     

       34
       -
                           size = 4096;

     

       35
       -
                         };

     

       36
       -
                         names = [

     

       37
       -
                           {

     

       38
       -
                             C = "US";

     

       39
       -
                             L = "San Francisco";

     

       40
       -
                             O = "Internet Widgets, LLC";

     

       41
       -
                             OU = "Certificate Authority";

     

       42
       -
                             ST = "California";

     

       43
       -
                           }

     

       44
       -
                         ];

     

       45
       -
                       }

     

       46
       -
                     )

     

       47
       -
                   } | ${cfssl}/bin/cfssljson -bare ca

     

       48
       -
                 '';

     

       49
        
               };

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       50
        
             };

     

       0
        
       
     

       51
        
       

     

       52
       -
           testScript =

     

       53
       -
             let

     

       54
       -
               cfsslrequest =

     

       55
       -
                 with pkgs;

     

       56
       -
                 writeScript "cfsslrequest" ''

     

       57
       -
                   curl -f -X POST -H "Content-Type: application/json" -d @${csr} \

     

       58
       -
                     http://localhost:8888/api/v1/cfssl/newkey | ${cfssl}/bin/cfssljson /tmp/certificate

     

       59
       -
                 '';

     

       60
       -
               csr = pkgs.writeText "csr.json" (

     

       61
       -
                 builtins.toJSON {

     

       62
       -
                   CN = "www.example.com";

     

       63
       -
                   hosts = [

     

       64
       -
                     "example.com"

     

       65
       -
                     "www.example.com"

     

       66
       -
                   ];

     

       67
       -
                   key = {

     

       68
       -
                     algo = "rsa";

     

       69
       -
                     size = 2048;

     

       70
       -
                   };

     

       71
       -
                   names = [

     

       72
       -
                     {

     

       73
       -
                       C = "US";

     

       74
       -
                       L = "San Francisco";

     

       75
       -
                       O = "Example Company, LLC";

     

       76
       -
                       OU = "Operations";

     

       77
       -
                       ST = "California";

     

       78
       -
                     }

     

       79
       -
                   ];

     

       80
       -
                 }

     

       81
       -
               );

     

       82
       -
             in

     

       83
       -
             ''

     

       84
       -
               machine.wait_for_unit("cfssl.service")

     

       85
       -
               machine.wait_until_succeeds("${cfsslrequest}")

     

       86
       -
               machine.succeed("ls /tmp/certificate-key.pem")

     

       87
       -
             '';

     

       88
       -
         }

     

       89
       -
       )

···

       1
       +
       { pkgs, ... }:

     

       2
       +
       {

     

       3
       +
         name = "cfssl";

     

       0
        
       
     

       4
        
       

     

       5
       +
         nodes.machine =

     

       6
       +
           {

     

       7
       +
             config,

     

       8
       +
             lib,

     

       9
       +
             pkgs,

     

       10
       +
             ...

     

       11
       +
           }:

     

       12
       +
           {

     

       13
       +
             networking.firewall.allowedTCPPorts = [ config.services.cfssl.port ];

     

       14
        
       

     

       15
       +
             services.cfssl.enable = true;

     

       16
       +
             systemd.services.cfssl.after = [ "cfssl-init.service" ];

     

       17
        
       

     

       18
       +
             systemd.services.cfssl-init = {

     

       19
       +
               description = "Initialize the cfssl CA";

     

       20
       +
               wantedBy = [ "multi-user.target" ];

     

       21
       +
               serviceConfig = {

     

       22
       +
                 User = "cfssl";

     

       23
       +
                 Type = "oneshot";

     

       24
       +
                 WorkingDirectory = config.services.cfssl.dataDir;

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       25
        
               };

     

       26
       +
               script = with pkgs; ''

     

       27
       +
                 ${cfssl}/bin/cfssl genkey -initca ${

     

       28
       +
                   pkgs.writeText "ca.json" (

     

       29
       +
                     builtins.toJSON {

     

       30
       +
                       hosts = [ "ca.example.com" ];

     

       31
       +
                       key = {

     

       32
       +
                         algo = "rsa";

     

       33
       +
                         size = 4096;

     

       34
       +
                       };

     

       35
       +
                       names = [

     

       36
       +
                         {

     

       37
       +
                           C = "US";

     

       38
       +
                           L = "San Francisco";

     

       39
       +
                           O = "Internet Widgets, LLC";

     

       40
       +
                           OU = "Certificate Authority";

     

       41
       +
                           ST = "California";

     

       42
       +
                         }

     

       43
       +
                       ];

     

       44
       +
                     }

     

       45
       +
                   )

     

       46
       +
                 } | ${cfssl}/bin/cfssljson -bare ca

     

       47
       +
               '';

     

       48
        
             };

     

       49
       +
           };

     

       50
        
       

     

       51
       +
         testScript =

     

       52
       +
           let

     

       53
       +
             cfsslrequest =

     

       54
       +
               with pkgs;

     

       55
       +
               writeScript "cfsslrequest" ''

     

       56
       +
                 curl -f -X POST -H "Content-Type: application/json" -d @${csr} \

     

       57
       +
                   http://localhost:8888/api/v1/cfssl/newkey | ${cfssl}/bin/cfssljson /tmp/certificate

     

       58
       +
               '';

     

       59
       +
             csr = pkgs.writeText "csr.json" (

     

       60
       +
               builtins.toJSON {

     

       61
       +
                 CN = "www.example.com";

     

       62
       +
                 hosts = [

     

       63
       +
                   "example.com"

     

       64
       +
                   "www.example.com"

     

       65
       +
                 ];

     

       66
       +
                 key = {

     

       67
       +
                   algo = "rsa";

     

       68
       +
                   size = 2048;

     

       69
       +
                 };

     

       70
       +
                 names = [

     

       71
       +
                   {

     

       72
       +
                     C = "US";

     

       73
       +
                     L = "San Francisco";

     

       74
       +
                     O = "Example Company, LLC";

     

       75
       +
                     OU = "Operations";

     

       76
       +
                     ST = "California";

     

       77
       +
                   }

     

       78
       +
                 ];

     

       79
       +
               }

     

       80
       +
             );

     

       81
       +
           in

     

       82
       +
           ''

     

       83
       +
             machine.wait_for_unit("cfssl.service")

     

       84
       +
             machine.wait_until_succeeds("${cfsslrequest}")

     

       85
       +
             machine.succeed("ls /tmp/certificate-key.pem")

     

       86
       +
           '';

     

       87
       +
       }

     

       0