pyrox.dev / nixpkgs
lol
fork atom

nixos/tests/acme: use *.test domains

Shimming out the Let's Encrypt domain name to reuse client configuration
doesn't work properly (Pebble uses different endpoint URL formats), is
recommended against by upstream,[1] and is unnecessary now that the ACME
module supports specifying an ACME server. This commit changes the tests
to use the domain name acme.test instead, and renames the letsencrypt
node to acme to reflect that it has nothing to do with the ACME server
that Let's Encrypt runs. The imports are renamed for clarity:

* nixos/tests/common/{letsencrypt => acme}/{common.nix => client}
* nixos/tests/common/{letsencrypt => acme}/{default.nix => server}

The test's other domain names are also adjusted to use *.test for
consistency (and to avoid misuse of non-reserved domain names such
as standalone.com).

[1] https://github.com/letsencrypt/pebble/issues/283#issuecomment-545123242

Co-authored-by: Yegor Timoshenko <yegortimoshenko@riseup.net>

Emily d0f04c16 352e30df

options
unified split
Changed files
+254 -336
nixos
tests
acme.nix
common
acme
client
default.nix
server
default.nix
mkcerts.nix
mkcerts.sh
snakeoil-certs.nix
letsencrypt
common.nix
snakeoil-certs.nix
resolver.nix
+47 -52
nixos/tests/acme.nix 
···

       
1

       
1

       
 

       
let


     

       
2

       

       
-

       
  commonConfig = ./common/letsencrypt/common.nix;


     

       

       
2

       
+

       
  commonConfig = ./common/acme/client;


     

       
3

       
3

       
 

       



     

       
4

       
4

       
 

       
  dnsScript = {writeScript, dnsAddress, bash, curl}: writeScript "dns-hook.sh" ''


     

       
5

       
5

       
 

       
    #!${bash}/bin/bash


     
···

       
16

       
16

       
 

       
  name = "acme";


     

       
17

       
17

       
 

       



     

       
18

       
18

       
 

       
  nodes = rec {


     

       
19

       

       
-

       
    letsencrypt = { nodes, lib, ... }: {


     

       
20

       

       
-

       
      imports = [ ./common/letsencrypt ];


     

       

       
19

       
+

       
    acme = { nodes, lib, ... }: {


     

       

       
20

       
+

       
      imports = [ ./common/acme/server ];


     

       
21

       
21

       
 

       
      networking.nameservers = lib.mkForce [


     

       
22

       
22

       
 

       
        nodes.dnsserver.config.networking.primaryIPAddress


     

       
23

       
23

       
 

       
      ];


     
···

       
45

       
45

       
 

       
        nodes.dnsserver.config.networking.primaryIPAddress


     

       
46

       
46

       
 

       
      ];


     

       
47

       
47

       
 

       
      networking.firewall.allowedTCPPorts = [ 80 ];


     

       
48

       

       
-

       
      security.acme = {


     

       
49

       

       
-

       
        server = "https://acme-v02.api.letsencrypt.org/dir";


     

       
50

       

       
-

       
        certs."standalone.com" = {


     

       
51

       

       
-

       
            webroot = "/var/lib/acme/acme-challenges";


     

       
52

       

       
-

       
        };


     

       

       
48

       
+

       
      security.acme.certs."standalone.test" = {


     

       

       
49

       
+

       
        webroot = "/var/lib/acme/acme-challenges";


     

       
53

       
50

       
 

       
      };


     

       
54

       

       
-

       
      systemd.targets."acme-finished-standalone.com" = {};


     

       
55

       

       
-

       
      systemd.services."acme-standalone.com" = {


     

       
56

       

       
-

       
        wants = [ "acme-finished-standalone.com.target" ];


     

       
57

       

       
-

       
        before = [ "acme-finished-standalone.com.target" ];


     

       

       
51

       
+

       
      systemd.targets."acme-finished-standalone.test" = {};


     

       

       
52

       
+

       
      systemd.services."acme-standalone.test" = {


     

       

       
53

       
+

       
        wants = [ "acme-finished-standalone.test.target" ];


     

       

       
54

       
+

       
        before = [ "acme-finished-standalone.test.target" ];


     

       
58

       
55

       
 

       
      };


     

       
59

       
56

       
 

       
      services.nginx.enable = true;


     

       
60

       

       
-

       
      services.nginx.virtualHosts."standalone.com" = {


     

       

       
57

       
+

       
      services.nginx.virtualHosts."standalone.test" = {


     

       
61

       
58

       
 

       
        locations."/.well-known/acme-challenge".root = "/var/lib/acme/acme-challenges";


     

       
62

       
59

       
 

       
      };


     

       
63

       
60

       
 

       
    };


     
···

       
71

       
68

       
 

       



     

       
72

       
69

       
 

       
      # A target remains active. Use this to probe the fact that


     

       
73

       
70

       
 

       
      # a service fired eventhough it is not RemainAfterExit


     

       
74

       

       
-

       
      systemd.targets."acme-finished-a.example.com" = {};


     

       
75

       

       
-

       
      systemd.services."acme-a.example.com" = {


     

       
76

       

       
-

       
        wants = [ "acme-finished-a.example.com.target" ];


     

       
77

       

       
-

       
        before = [ "acme-finished-a.example.com.target" ];


     

       

       
71

       
+

       
      systemd.targets."acme-finished-a.example.test" = {};


     

       

       
72

       
+

       
      systemd.services."acme-a.example.test" = {


     

       

       
73

       
+

       
        wants = [ "acme-finished-a.example.test.target" ];


     

       

       
74

       
+

       
        before = [ "acme-finished-a.example.test.target" ];


     

       
78

       
75

       
 

       
        after = [ "nginx.service" ];


     

       
79

       
76

       
 

       
      };


     

       
80

       
77

       
 

       



     

       
81

       
78

       
 

       
      services.nginx.enable = true;


     

       
82

       
79

       
 

       



     

       
83

       

       
-

       
      services.nginx.virtualHosts."a.example.com" = {


     

       

       
80

       
+

       
      services.nginx.virtualHosts."a.example.test" = {


     

       
84

       
81

       
 

       
        enableACME = true;


     

       
85

       
82

       
 

       
        forceSSL = true;


     

       
86

       
83

       
 

       
        locations."/".root = pkgs.runCommand "docroot" {} ''


     
···

       
89

       
86

       
 

       
        '';


     

       
90

       
87

       
 

       
      };


     

       
91

       
88

       
 

       



     

       
92

       

       
-

       
      security.acme.server = "https://acme-v02.api.letsencrypt.org/dir";


     

       

       
89

       
+

       
      security.acme.server = "https://acme.test/dir";


     

       
93

       
90

       
 

       



     

       
94

       
91

       
 

       
      specialisation.second-cert.configuration = {pkgs, ...}: {


     

       
95

       

       
-

       
        systemd.targets."acme-finished-b.example.com" = {};


     

       
96

       

       
-

       
        systemd.services."acme-b.example.com" = {


     

       
97

       

       
-

       
          wants = [ "acme-finished-b.example.com.target" ];


     

       
98

       

       
-

       
          before = [ "acme-finished-b.example.com.target" ];


     

       

       
92

       
+

       
        systemd.targets."acme-finished-b.example.test" = {};


     

       

       
93

       
+

       
        systemd.services."acme-b.example.test" = {


     

       

       
94

       
+

       
          wants = [ "acme-finished-b.example.test.target" ];


     

       

       
95

       
+

       
          before = [ "acme-finished-b.example.test.target" ];


     

       
99

       
96

       
 

       
          after = [ "nginx.service" ];


     

       
100

       
97

       
 

       
        };


     

       
101

       

       
-

       
        services.nginx.virtualHosts."b.example.com" = {


     

       

       
98

       
+

       
        services.nginx.virtualHosts."b.example.test" = {


     

       
102

       
99

       
 

       
          enableACME = true;


     

       
103

       
100

       
 

       
          forceSSL = true;


     

       
104

       
101

       
 

       
          locations."/".root = pkgs.runCommand "docroot" {} ''


     
···

       
108

       
105

       
 

       
        };


     

       
109

       
106

       
 

       
      };


     

       
110

       
107

       
 

       
      specialisation.dns-01.configuration = {pkgs, config, nodes, lib, ...}: {


     

       
111

       

       
-

       
        security.acme.certs."example.com" = {


     

       
112

       

       
-

       
          domain = "*.example.com";


     

       

       
108

       
+

       
        security.acme.certs."example.test" = {


     

       

       
109

       
+

       
          domain = "*.example.test";


     

       
113

       
110

       
 

       
          dnsProvider = "exec";


     

       
114

       
111

       
 

       
          dnsPropagationCheck = false;


     

       
115

       
112

       
 

       
          credentialsFile = with pkgs; writeText "wildcard.env" ''


     
···

       
118

       
115

       
 

       
          user = config.services.nginx.user;


     

       
119

       
116

       
 

       
          group = config.services.nginx.group;


     

       
120

       
117

       
 

       
        };


     

       
121

       

       
-

       
        systemd.targets."acme-finished-example.com" = {};


     

       
122

       

       
-

       
        systemd.services."acme-example.com" = {


     

       
123

       

       
-

       
          wants = [ "acme-finished-example.com.target" ];


     

       
124

       

       
-

       
          before = [ "acme-finished-example.com.target" "nginx.service" ];


     

       

       
118

       
+

       
        systemd.targets."acme-finished-example.test" = {};


     

       

       
119

       
+

       
        systemd.services."acme-example.test" = {


     

       

       
120

       
+

       
          wants = [ "acme-finished-example.test.target" ];


     

       

       
121

       
+

       
          before = [ "acme-finished-example.test.target" "nginx.service" ];


     

       
125

       
122

       
 

       
          wantedBy = [ "nginx.service" ];


     

       
126

       
123

       
 

       
        };


     

       
127

       

       
-

       
        services.nginx.virtualHosts."c.example.com" = {


     

       

       
124

       
+

       
        services.nginx.virtualHosts."c.example.test" = {


     

       
128

       
125

       
 

       
          forceSSL = true;


     

       
129

       

       
-

       
          sslCertificate = config.security.acme.certs."example.com".directory + "/cert.pem";


     

       
130

       

       
-

       
          sslTrustedCertificate = config.security.acme.certs."example.com".directory + "/full.pem";


     

       
131

       

       
-

       
          sslCertificateKey = config.security.acme.certs."example.com".directory + "/key.pem";


     

       

       
126

       
+

       
          sslCertificate = config.security.acme.certs."example.test".directory + "/cert.pem";


     

       

       
127

       
+

       
          sslTrustedCertificate = config.security.acme.certs."example.test".directory + "/full.pem";


     

       

       
128

       
+

       
          sslCertificateKey = config.security.acme.certs."example.test".directory + "/key.pem";


     

       
132

       
129

       
 

       
          locations."/".root = pkgs.runCommand "docroot" {} ''


     

       
133

       
130

       
 

       
            mkdir -p "$out"


     

       
134

       
131

       
 

       
            echo hello world > "$out/index.html"


     
···

       
159

       
156

       
 

       
      client.start()


     

       
160

       
157

       
 

       
      dnsserver.start()


     

       
161

       
158

       
 

       



     

       
162

       

       
-

       
      letsencrypt.wait_for_unit("default.target")


     

       

       
159

       
+

       
      acme.wait_for_unit("default.target")


     

       
163

       
160

       
 

       
      dnsserver.wait_for_unit("pebble-challtestsrv.service")


     

       
164

       
161

       
 

       
      client.succeed(


     

       
165

       

       
-

       
          'curl --data \'{"host": "acme-v02.api.letsencrypt.org", "addresses": ["${nodes.letsencrypt.config.networking.primaryIPAddress}"]}\' http://${nodes.dnsserver.config.networking.primaryIPAddress}:8055/add-a'


     

       

       
162

       
+

       
          'curl --data \'{"host": "acme.test", "addresses": ["${nodes.acme.config.networking.primaryIPAddress}"]}\' http://${nodes.dnsserver.config.networking.primaryIPAddress}:8055/add-a'


     

       
166

       
163

       
 

       
      )


     

       
167

       
164

       
 

       
      client.succeed(


     

       
168

       

       
-

       
          'curl --data \'{"host": "standalone.com", "addresses": ["${nodes.acmeStandalone.config.networking.primaryIPAddress}"]}\' http://${nodes.dnsserver.config.networking.primaryIPAddress}:8055/add-a'


     

       

       
165

       
+

       
          'curl --data \'{"host": "standalone.test", "addresses": ["${nodes.acmeStandalone.config.networking.primaryIPAddress}"]}\' http://${nodes.dnsserver.config.networking.primaryIPAddress}:8055/add-a'


     

       
169

       
166

       
 

       
      )


     

       
170

       
167

       
 

       



     

       
171

       

       
-

       
      letsencrypt.start()


     

       

       
168

       
+

       
      acme.start()


     

       
172

       
169

       
 

       
      acmeStandalone.start()


     

       
173

       
170

       
 

       



     

       
174

       

       
-

       
      letsencrypt.wait_for_unit("default.target")


     

       
175

       

       
-

       
      letsencrypt.wait_for_unit("pebble.service")


     

       

       
171

       
+

       
      acme.wait_for_unit("default.target")


     

       

       
172

       
+

       
      acme.wait_for_unit("pebble.service")


     

       
176

       
173

       
 

       



     

       
177

       
174

       
 

       
      with subtest("can request certificate with HTTPS-01 challenge"):


     

       
178

       
175

       
 

       
          acmeStandalone.wait_for_unit("default.target")


     

       
179

       

       
-

       
          acmeStandalone.succeed("systemctl start acme-standalone.com.service")


     

       
180

       

       
-

       
          acmeStandalone.wait_for_unit("acme-finished-standalone.com.target")


     

       

       
176

       
+

       
          acmeStandalone.succeed("systemctl start acme-standalone.test.service")


     

       

       
177

       
+

       
          acmeStandalone.wait_for_unit("acme-finished-standalone.test.target")


     

       
181

       
178

       
 

       



     

       
182

       
179

       
 

       
      client.wait_for_unit("default.target")


     

       
183

       
180

       
 

       



     

       
184

       

       
-

       
      client.succeed("curl https://acme-v02.api.letsencrypt.org:15000/roots/0 > /tmp/ca.crt")


     

       
185

       

       
-

       
      client.succeed(


     

       
186

       

       
-

       
          "curl https://acme-v02.api.letsencrypt.org:15000/intermediate-keys/0 >> /tmp/ca.crt"


     

       
187

       

       
-

       
      )


     

       

       
181

       
+

       
      client.succeed("curl https://acme.test:15000/roots/0 > /tmp/ca.crt")


     

       

       
182

       
+

       
      client.succeed("curl https://acme.test:15000/intermediate-keys/0 >> /tmp/ca.crt")


     

       
188

       
183

       
 

       



     

       
189

       
184

       
 

       
      with subtest("Can request certificate for nginx service"):


     

       
190

       

       
-

       
          webserver.wait_for_unit("acme-finished-a.example.com.target")


     

       

       
185

       
+

       
          webserver.wait_for_unit("acme-finished-a.example.test.target")


     

       
191

       
186

       
 

       
          client.succeed(


     

       
192

       

       
-

       
              "curl --cacert /tmp/ca.crt https://a.example.com/ | grep -qF 'hello world'"


     

       

       
187

       
+

       
              "curl --cacert /tmp/ca.crt https://a.example.test/ | grep -qF 'hello world'"


     

       
193

       
188

       
 

       
          )


     

       
194

       
189

       
 

       



     

       
195

       
190

       
 

       
      with subtest("Can add another certificate for nginx service"):


     

       
196

       
191

       
 

       
          webserver.succeed(


     

       
197

       
192

       
 

       
              "/run/current-system/specialisation/second-cert/bin/switch-to-configuration test"


     

       
198

       
193

       
 

       
          )


     

       
199

       

       
-

       
          webserver.wait_for_unit("acme-finished-b.example.com.target")


     

       

       
194

       
+

       
          webserver.wait_for_unit("acme-finished-b.example.test.target")


     

       
200

       
195

       
 

       
          client.succeed(


     

       
201

       

       
-

       
              "curl --cacert /tmp/ca.crt https://b.example.com/ | grep -qF 'hello world'"


     

       

       
196

       
+

       
              "curl --cacert /tmp/ca.crt https://b.example.test/ | grep -qF 'hello world'"


     

       
202

       
197

       
 

       
          )


     

       
203

       
198

       
 

       



     

       
204

       
199

       
 

       
      with subtest("Can request wildcard certificates using DNS-01 challenge"):


     
···

       
208

       
203

       
 

       
          webserver.succeed(


     

       
209

       
204

       
 

       
              "/run/current-system/specialisation/dns-01/bin/switch-to-configuration test"


     

       
210

       
205

       
 

       
          )


     

       
211

       

       
-

       
          webserver.wait_for_unit("acme-finished-example.com.target")


     

       

       
206

       
+

       
          webserver.wait_for_unit("acme-finished-example.test.target")


     

       
212

       
207

       
 

       
          client.succeed(


     

       
213

       

       
-

       
              "curl --cacert /tmp/ca.crt https://c.example.com/ | grep -qF 'hello world'"


     

       

       
208

       
+

       
              "curl --cacert /tmp/ca.crt https://c.example.test/ | grep -qF 'hello world'"


     

       
214

       
209

       
 

       
          )


     

       
215

       
210

       
 

       
    '';


     

       
216

       
211

       
 

       
}
+19
nixos/tests/common/acme/client/default.nix 
···

       

       
1

       
+

       
{ lib, nodes, pkgs, ... }:


     

       

       
2

       
+

       



     

       

       
3

       
+

       
let


     

       

       
4

       
+

       
  acme-ca = nodes.acme.config.test-support.acme.caCert;


     

       

       
5

       
+

       
in


     

       

       
6

       
+

       



     

       

       
7

       
+

       
{


     

       

       
8

       
+

       
  networking.nameservers = [


     

       

       
9

       
+

       
    nodes.acme.config.networking.primaryIPAddress


     

       

       
10

       
+

       
  ];


     

       

       
11

       
+

       



     

       

       
12

       
+

       
  security.acme = {


     

       

       
13

       
+

       
    server = "https://acme.test/dir";


     

       

       
14

       
+

       
    email = "hostmaster@example.test";


     

       

       
15

       
+

       
    acceptTerms = true;


     

       

       
16

       
+

       
  };


     

       

       
17

       
+

       



     

       

       
18

       
+

       
  security.pki.certificateFiles = [ acme-ca ];


     

       

       
19

       
+

       
}
+171
nixos/tests/common/acme/server/snakeoil-certs.nix 
···

       

       
1

       
+

       
# Generated via mkcert.sh in the same directory.


     

       

       
2

       
+

       
{


     

       

       
3

       
+

       
  ca.key = builtins.toFile "ca.key" ''


     

       

       
4

       
+

       
    -----BEGIN PRIVATE KEY-----


     

       

       
5

       
+

       
    MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQDCnVZGEn68ezXl


     

       

       
6

       
+

       
    DWE5gjsCPqutR4nxw/wvIbAxB2Vk2WeQ6HGvt2Jdrz5qer2IXd76YtpQeqd+ffet


     

       

       
7

       
+

       
    aLtMeFTr+Xy9yqEpx2AfvmEEcLnuiWbsUGZzsHwW7/4kPgAFBy9TwJn/k892lR6u


     

       

       
8

       
+

       
    QYa0QS39CX85kLMZ/LZXUyClIBa+IxT1OovmGqMOr4nGASRQP6d/nnyn41Knat/d


     

       

       
9

       
+

       
    tpyaa5zgfYwA6YW6UxcywvBSpMOXM0/82BFZGyALt3nQ+ffmrtKcvMjsNLBFaslV


     

       

       
10

       
+

       
    +zYO1PMbLbTCW8SmJTjhzuapXtBHruvoe24133XWlvcP1ylaTx0alwiQWJr1XEOU


     

       

       
11

       
+

       
    WLEFTgOTeRyiVDxDunpz+7oGcwzcdOG8nCgd6w0aYaECz1zvS3FYTQz+MiqmEkx6


     

       

       
12

       
+

       
    s4bj1U90I0kwUJbeWjjrGO7Y9Qq4i19GafDg7cAMn9eHCiNbNrPj6t/gfaVbCrbk


     

       

       
13

       
+

       
    m3ZVjkvLTQ2mb2lv7+tVii45227iNPuNS6lx2FVlr/DXiRrOVfghPvoOxUfXzogJ


     

       

       
14

       
+

       
    hZLV4Zki+ycbGQa5w8YMDYCv4c08dKA7AatVhNS60c1zgQNjuWF3BvocSySyGUon


     

       

       
15

       
+

       
    VT6h1DYlJ9YAqgqNpedgNR9kpp034SMhB7dj9leB6LRMA+c1fG/T+1lDbkA+vope


     

       

       
16

       
+

       
    pt4+30oDcCTYfEifl1HwqNw/bXDm1wIDAQABAoICABPbd/UYaAQVUk93yQbUKe81


     

       

       
17

       
+

       
    s9CvbvzTMYUhm9e02Hyszitz/D2gqZHDksvMkFA8u8aylXIGwdZfRglUmV/ZG1kk


     

       

       
18

       
+

       
    kLzQ0xbvN/ilNUL9uYsETBMqtPly9YZloHnUNa5NqF+UVGJGk7GWz5WaLANybx3V


     

       

       
19

       
+

       
    fTzDbfLl3TkVy0vt9UQbUkUfXyzwZNjXwmgIr8rcY9vasP90a3eXqRX3Tw1Wk6A4


     

       

       
20

       
+

       
    TzO8oB994O0WBO150Fc6Lhwvc72yzddENlLDXq8UAXtqq9mmGqJKnhZ+1mo3AkMw


     

       

       
21

       
+

       
    q7P1JyCIxcAMm26GtRvLVljXV0x5640kxDrCin6jeeW/qWkJEW6dpmuZjR5scmLI


     

       

       
22

       
+

       
    /9n8H+fGzdZH8bOPPotMy12doj3vJqvew3p0eIkmVctYMJKD0j/CWjvKJNE3Yx4O


     

       

       
23

       
+

       
    Ls47X/dEypX6anR1HQUXcpd6JfRWdIJANo2Duaz+HYbyA88bHcJL9shFYcjLs3sX


     

       

       
24

       
+

       
    R/TvnnKHvw/ud7XBgvLGwGAf/cDEuLI2tv+V7tkMGrMUv+gUJNZaJaCpdt+1iUwO


     

       

       
25

       
+

       
    QFq8APyBNn6FFw54TwXWfSjfSNh3geIMLHuErYVu9MIXvB7Yhh+ZvLcfLbmckhAX


     

       

       
26

       
+

       
    wb39RRHnCWvnw5Bm9hnsDhqfDsIoP+2wvUkViyHOmrKi8nSJhSk19C8AuQtSVcJg


     

       

       
27

       
+

       
    5op+epEmjt70GHt52nuBAoIBAQD2a4Ftp4QxWE2d6oAFI6WPrX7nAwI5/ezCbO/h


     

       

       
28

       
+

       
    yoYAn6ucTVnn5/5ITJ8V4WTWZ4lkoZP3YSJiCyBhs8fN63J+RaJ/bFRblHDns1HA


     

       

       
29

       
+

       
    2nlMVdNLg6uOfjgUJ8Y6xVM0J2dcFtwIFyK5pfZ7loxMZfvuovg74vDOi2vnO3dO


     

       

       
30

       
+

       
    16DP3zUx6B/yIt57CYn8NWTq+MO2bzKUnczUQRx0yEzPOfOmVbcqGP8f7WEdDWXm


     

       

       
31

       
+

       
    7scjjN53OPyKzLOVEhOMsUhIMBMO25I9ZpcVkyj3/nj+fFLf/XjOTM00M/S/KnOj


     

       

       
32

       
+

       
    RwaWffx6mSYS66qNc5JSsojhIiYyiGVEWIznBpNWDU35y/uXAoIBAQDKLj0dyig2


     

       

       
33

       
+

       
    kj1r3HvdgK4sRULqBQFMqE9ylxDmpJxAj6/A8hJ0RCBR57vnIIZMzK4+6K0l3VBJ


     

       

       
34

       
+

       
    ukzXJHJLPkZ0Uuo2zLuRLkyjBECH6KYznyTkUVRn50Oq6IoP6WTCfd3Eg+7AKYY1


     

       

       
35

       
+

       
    VFo2iR8sxeSQQ+AylFy6QcQ1xPIW30Jj1/LFjrRdRggapPEekpJec0pEqhasT8rR


     

       

       
36

       
+

       
    UFhRL2NdZnL5b7ZlsJc7gZKEJgNfxgzaCzloqLcjCgGpOhLKx0fFsNOqHcbIGMwG


     

       

       
37

       
+

       
    6wQCOyNghQJ6AZtRD5TYCJow92FchWjoTIaMJ8RjMKQmxpiwM6wQG4J78Hd3mbhf


     

       

       
38

       
+

       
    q0hiQhPHaNbBAoIBAFeIeMFq8BpXM7sUwcURlI4lIx8Mgo33FVM7PzsFpfQyw9MR


     

       

       
39

       
+

       
    5w3p6vnjvd8X4aoHvVZxzw3hA0WwjiAmrKMJL/KK6d45rP2bDUBBAplvAgeLtTLt


     

       

       
40

       
+

       
    4tMLIwCF4HSgA55TIPQlaqO1FDC+M4BTSiMZVxS970/WnZPBEuNgzFDFZ+pvb4X6


     

       

       
41

       
+

       
    3t40ZLNwAAQHM4IEPAFiHqWMKGZ9eo5BWIeEHnjHmfjqSDYfLJAVYk1WJIcMUzom


     

       

       
42

       
+

       
    lA76CBC8CxW/I94AtcRhWuFUv/Z5/+OYEYLUxtuqPm+J+JrCmf4OJmWppT1wI2+p


     

       

       
43

       
+

       
    V00BSeRVWXTm1piieM8ahF5y1hp6y3uV3k0NmKECggEBAMC42Ms3s6NpPSE+99eJ


     

       

       
44

       
+

       
    3P0YPJOkl7uByNGbTKH+kW89SDRsy8iGVCSe9892gm5cwU/4LWyljO3qp2qBNG2i


     

       

       
45

       
+

       
    /DfP/bCk8bqPXsAZwoWK8DrO3bTCDepJWYhlx40pVkHLBwVXGdOVAXh+YswPY2cj


     

       

       
46

       
+

       
    cB9QhDrSj52AKU9z36yLvtY7uBA3Wph6tCjpx2n0H4/m6AmR9LDmEpf5tWYV/OrA


     

       

       
47

       
+

       
    SKKaqUw/y7kOZyKOtbKqr/98qYmpIYFF/ZVZZSZkVXcNeoZzgdOlR37ksVqLEsrj


     

       

       
48

       
+

       
    nxu7wli/uItBj/FTLjyqcvjUUYDyO1KtwBuyPUPgzYhBIN2Rt9+K6WRQelwnToFL


     

       

       
49

       
+

       
    30ECggEBALzozykZj2sr3z8tQQRZuXLGotUFGsQCB8ikeqoeB8FbNNkC+qgflQGv


     

       

       
50

       
+

       
    zLRB2KWOvnboc94wVgBJH43xG0HBibZnBhUO8/HBI/WlmyEj9KQ/ZskUK4GVZkB6


     

       

       
51

       
+

       
    r/81ASLwH+P/rqrLEjcp1SIPPevjzCWD9VYR5m/qPHLNxStwGSrPjtPzgaFxhq84


     

       

       
52

       
+

       
    Jl+YVmNqVlrOKYYfIPh8exPLiTti3wfM61pVYFv56PI2gd5ysMWYnuN+vK0sbmZh


     

       

       
53

       
+

       
    cIWwykcKlODIngI7IzYqt8NuIJI0jrYyHgtUw4jaJzdF4mEOplGONxdz15jAGHtg


     

       

       
54

       
+

       
    JUsBXFNz132nP4iIr3UKrPedQZijSi4=


     

       

       
55

       
+

       
    -----END PRIVATE KEY-----


     

       

       
56

       
+

       
  '';


     

       

       
57

       
+

       
  ca.cert = builtins.toFile "ca.cert" ''


     

       

       
58

       
+

       
    -----BEGIN CERTIFICATE-----


     

       

       
59

       
+

       
    MIIFDzCCAvegAwIBAgIUTRDYSWJvmlhwIR3pzVrIQfnboLEwDQYJKoZIhvcNAQEL


     

       

       
60

       
+

       
    BQAwFjEUMBIGA1UEAwwLU25ha2VvaWwgQ0EwIBcNMjAwMzIyMjI1NjE3WhgPMjEy


     

       

       
61

       
+

       
    MDAyMjcyMjU2MTdaMBYxFDASBgNVBAMMC1NuYWtlb2lsIENBMIICIjANBgkqhkiG


     

       

       
62

       
+

       
    9w0BAQEFAAOCAg8AMIICCgKCAgEAwp1WRhJ+vHs15Q1hOYI7Aj6rrUeJ8cP8LyGw


     

       

       
63

       
+

       
    MQdlZNlnkOhxr7diXa8+anq9iF3e+mLaUHqnfn33rWi7THhU6/l8vcqhKcdgH75h


     

       

       
64

       
+

       
    BHC57olm7FBmc7B8Fu/+JD4ABQcvU8CZ/5PPdpUerkGGtEEt/Ql/OZCzGfy2V1Mg


     

       

       
65

       
+

       
    pSAWviMU9TqL5hqjDq+JxgEkUD+nf558p+NSp2rf3bacmmuc4H2MAOmFulMXMsLw


     

       

       
66

       
+

       
    UqTDlzNP/NgRWRsgC7d50Pn35q7SnLzI7DSwRWrJVfs2DtTzGy20wlvEpiU44c7m


     

       

       
67

       
+

       
    qV7QR67r6HtuNd911pb3D9cpWk8dGpcIkFia9VxDlFixBU4Dk3kcolQ8Q7p6c/u6


     

       

       
68

       
+

       
    BnMM3HThvJwoHesNGmGhAs9c70txWE0M/jIqphJMerOG49VPdCNJMFCW3lo46xju


     

       

       
69

       
+

       
    2PUKuItfRmnw4O3ADJ/XhwojWzaz4+rf4H2lWwq25Jt2VY5Ly00Npm9pb+/rVYou


     

       

       
70

       
+

       
    Odtu4jT7jUupcdhVZa/w14kazlX4IT76DsVH186ICYWS1eGZIvsnGxkGucPGDA2A


     

       

       
71

       
+

       
    r+HNPHSgOwGrVYTUutHNc4EDY7lhdwb6HEskshlKJ1U+odQ2JSfWAKoKjaXnYDUf


     

       

       
72

       
+

       
    ZKadN+EjIQe3Y/ZXgei0TAPnNXxv0/tZQ25APr6KXqbePt9KA3Ak2HxIn5dR8Kjc


     

       

       
73

       
+

       
    P21w5tcCAwEAAaNTMFEwHQYDVR0OBBYEFCIoeYSYjtMiPrmxfHmcrsZkyTpvMB8G


     

       

       
74

       
+

       
    A1UdIwQYMBaAFCIoeYSYjtMiPrmxfHmcrsZkyTpvMA8GA1UdEwEB/wQFMAMBAf8w


     

       

       
75

       
+

       
    DQYJKoZIhvcNAQELBQADggIBAHPdwOgAxyhIhbqFObNftW8K3sptorB/Fj6jwYCm


     

       

       
76

       
+

       
    mHleFueqQnjTHMWsflOjREvQp1M307FWooGj+KQkjwvAyDc/Hmy7WgJxBg9p3vc+


     

       

       
77

       
+

       
    /Xf/e7ZfBl8rv7vH8VXW/BC1vVsILdFncrgTrP8/4psV50/cl1F4+nPBiekvvxwZ


     

       

       
78

       
+

       
    k+R7SgeSvcWT7YlOG8tm1M3al4F4mWzSRkYjkrXmwRCKAiya9xcGSt0Bob+LoM/O


     

       

       
79

       
+

       
    mpDGV/PMC1WAoDc1mMuXN2hSc0n68xMcuFs+dj/nQYn8uL5pzOxpX9560ynKyLDv


     

       

       
80

       
+

       
    yOzQlM2VuZ7H2hSIeYOFgrtHJJwhDtzjmUNDQpQdp9Fx+LONQTS1VLCTXND2i/3F


     

       

       
81

       
+

       
    10X6PkdnLEn09RiPt5qy20pQkICxoEydmlwpFs32musYfJPdBPkZqZWrwINBv2Wb


     

       

       
82

       
+

       
    HfOmEB4xUvXufZ5Ju5icgggBkyNA3PCLo0GZFRrMtvA7i9IXOcXNR+njhKa9246V


     

       

       
83

       
+

       
    QQfeWiz05RmIvgShJYVsnZWtael8ni366d+UXypBYncohimyNlAD1n+Bh3z0PvBB


     

       

       
84

       
+

       
    +FK4JgOSeouM4SuBHdwmlZ/H0mvfUG81Y8Jbrw0yuRHtuCtX5HpN5GKpZPHDE7aQ


     

       

       
85

       
+

       
    fEShVB/GElC3n3DvgK9OJBeVVhYQgUEfJi4rsSxt3cdEI0NrdckUoZbApWVJ3CBc


     

       

       
86

       
+

       
    F8Y7


     

       

       
87

       
+

       
    -----END CERTIFICATE-----


     

       

       
88

       
+

       
  '';


     

       

       
89

       
+

       
  "acme.test".key = builtins.toFile "acme.test.key" ''


     

       

       
90

       
+

       
    -----BEGIN RSA PRIVATE KEY-----


     

       

       
91

       
+

       
    MIIJKAIBAAKCAgEAlgQTZjKfs3aHw0J993k7jFAs+hVRPf//zHMAiUkPKUYPTSl1


     

       

       
92

       
+

       
    TxS/bPbhWzSoom00j4SLhGGGhbd+lnvTg0uvKbxskgATfw5clbm1ZN+gx4DuxwjL


     

       

       
93

       
+

       
    V3xIxpeSY+PKzs5z8w/k+AJh+zOPyXwH3ut3C+ogp1S/5IhmzV3a/yU/6k0zpGxj


     

       

       
94

       
+

       
    N6ZPRTXFrz93I1pPeCkJz90l7tj+2uFc9xtM20NQX52f0Y2oShcG8fKdNZVzuHHk


     

       

       
95

       
+

       
    ZXkrZIhou55/nRy2jKgFeD3GQQfa9rwPWrVybQ6tKMMkoazB/Unky9xcTI2LJarf


     

       

       
96

       
+

       
    xgHDO9v9yFBvmR4UM8B3kM82NHoENtHaZ2mmiMGZzTEQlf8xwYyHFrqBFIVRWEUr


     

       

       
97

       
+

       
    7rr/O5Qr9gIN0T4u367HCexVYAKzbO2P9h75czzjMMoGkbXze9SMQ/ikrxEmwAHg


     

       

       
98

       
+

       
    r1Xxh6iQYmgPNk8AR3d9+o2I7WJZMUYZARLnuhVr9BNXv510iqZTqX8lcyL5fEj3


     

       

       
99

       
+

       
    ST4Ab+H7rfevZt6NU26iJLBYAjrA2mSvH+wvkboxrgSS8xYPkOW8NLNEbbodzofI


     

       

       
100

       
+

       
    pB+SaK53OIk0bj9c1YAgrSNER/TDTgDXrWUNrlfVZ/M7+AEdeU06wi7sVhVif6OB


     

       

       
101

       
+

       
    D3OpgKSNjeE6TuJH80Pi5MWugSFBr792Xb6uhVoPiVOFN+qiGB6UkwBgSKkCAwEA


     

       

       
102

       
+

       
    AQKCAgAmN7OZfZwh5DiCDhZ5TXFWNba/n16rJOTN+R5R20L5iNetGLrCAs8hu2N+


     

       

       
103

       
+

       
    ENRFTPzu8x14BEB5IF4niDRCZq2hPFeMemh9HfOIUV9c63vSV459NkhXaVpA/axV


     

       

       
104

       
+

       
    tlqchQwVCB+U70Z28JPZCLgYmnQhnOvktTqNxhIqj5aTGbJGxpQ5d0Nvkfbv8tsB


     

       

       
105

       
+

       
    4nE/mGpWel39jqFzT+Tdbjx414Ok+GkpcsacZDJTbbpfOSfD1uc8PgepskzTt8y2


     

       

       
106

       
+

       
    v5JTPFVlUAjUsSgouQ+XfCGNQlx8XBjRIaXbal+hX4niRald91FTr0yC7UAHp+vn


     

       

       
107

       
+

       
    dFZ586fB526OfbuZctxP+vZhEhFSseQKxHQ0tB8me81xH44daVNr9PPUM69FDT3j


     

       

       
108

       
+

       
    ygJaUJjNEG3vVzePCDzhmxTmz2/rAClp77WTWziBWDoA6YWDDzhgNPrXWzLIbZIx


     

       

       
109

       
+

       
    ue9ZbGEOh/u5ZzrEXxKCz9FjDe9wQu3TeYUe0M+ejzwWgn7zdWDvjjmtLUUuun2Y


     

       

       
110

       
+

       
    wW7WANpu32qvB/V+qssw4O63tbRiwneRCnb8AF2ixgyWr6xyZwch4kacv1KMiixf


     

       

       
111

       
+

       
    gO/5GTj7ba5GcdGoktJb29cUEgz13yPd106RsHK4vcggFxfMbOVauNRIo6ddLwyS


     

       

       
112

       
+

       
    8UMxLf2i2cToOLkHZrIb8FgimmzRoBd3yYzwVJBydiVcsrHQAQKCAQEAxlzFYCiQ


     

       

       
113

       
+

       
    hjEtblGnrkOC7Hx6HvqMelViOkGN8Y9VczG4GhwntmSE2nbpaAKhFBGdLfuSI3tJ


     

       

       
114

       
+

       
    Lf24f0IGgAhzPmpo2TjbxPO3YSKFTH71fznVBhtQ1iSxwZ1InXktnuhot6VSDx6A


     

       

       
115

       
+

       
    sbHSy1hMFy3nj+Zj5+fQ89tclzBzG9bCShaauO39KrPMwKi6CYoYdGhXBC3+OpHY


     

       

       
116

       
+

       
    zBNvmDTxG2kW8L42rlf14EH4pAlgKs4eeZbpcbZ6fXURP2hToHJ8swyKw/1p12WA


     

       

       
117

       
+

       
    cc19BKFJXL8nNP4uCf/fI0mVYpytz5KwUzG+z+umDqk+RRCH4mNB28xvEEuEyp/e


     

       

       
118

       
+

       
    /C5Is+WrlDAA6QKCAQEAwZsK4AJ/w4Xf4Q/SsnZJO9bfP1ejJjzKElt8rG28JXeb


     

       

       
119

       
+

       
    +FjykZZ6vw2gt2Boest2n9N4fBwaRkaHVtVS4iAmaDXozTlcvCLs2rVjPSguuQtW


     

       

       
120

       
+

       
    80CKg6+dux+6gFN8IGzDCiX3pWUnhhiXvCcRYEcvgpH6GA5vuCNrXrjH0JFC0kef


     

       

       
121

       
+

       
    aaDMGMTbzhc2IIRztmWU4v8YJSSy5KOkIQLWO+7u9aGx9IqT5/z3gx3XrItyl0Bk


     

       

       
122

       
+

       
    aQmZEh7JOSyhmGhhf5LdeTLu2YgRw3/tzS+lPMX3+UPw99k9MdTOFn2pww5AdRmg


     

       

       
123

       
+

       
    aBIzV+/LBYG0pPRl0D8/6yzGVBPuUDQpmK9Z3gsxwQKCAQEAnNkMZN2Ocd1+6+V7


     

       

       
124

       
+

       
    LmtJog9HTSmWXMEZG7FsOJ661Yxx44txx2IyPsCaDNlPXxwSaiKrSo0Yr1oZQd8G


     

       

       
125

       
+

       
    XsTPw4HGiETSWijQTulJ99PH8SLck6iTwdBgEhV5LrN75FQnQVdizHu1DUzrvkiC


     

       

       
126

       
+

       
    Wi29FWb6howiCEDjNNVln5SwKn83NpVQgyyK8ag4+oQMlDdQ3wgzJ0Ld53hS3Eq4


     

       

       
127

       
+

       
    f5EYR6JQgIki7YGcxrB3L0GujTxMONMuhfdEfRvUTGFawwVe0FyYDW7AIrx2Z2vV


     

       

       
128

       
+

       
    I5YuvVNjOhrt6OwtSD1VnnWCITaLh8LwmlUu3NOWbudHUzKSe5MLXGEPo95BNKad


     

       

       
129

       
+

       
    hl5yyQKCAQBNo0gMJtRnawMpdLfwewDJL1SdSR6S0ePS0r8/Qk4l1D5GrByyB183


     

       

       
130

       
+

       
    yFY/0zhyra7nTt1NH9PlhJj3WFqBdZURSzUNP0iR5YuH9R9Twg5ihEqdB6/EOSOO


     

       

       
131

       
+

       
    i521okTvl83q/ui9ecAMxUXr3NrZ+hHyUWmyRe/FLub6uCzg1a+vNauWpzXRZPgk


     

       

       
132

       
+

       
    QCijh5oDdd7r3JIpKvtWNs01s7aHmDxZYjtDrmK7sDTtboUzm0QbpWXevUuV+aSF


     

       

       
133

       
+

       
    +gDfZlRa3WFVHfisYSWGeYG6O7YOlfDoE7fJHGOu3QC8Ai6Wmtt8Wgd6VHokdHO8


     

       

       
134

       
+

       
    xJPVZnCBvyt5up3Zz5hMr25S3VazdVfBAoIBAHVteqTGqWpKFxekGwR0RqE30wmN


     

       

       
135

       
+

       
    iIEwFhgOZ8sQ+6ViZJZUR4Nn2fchn2jVwF8V8J1GrJbTknqzAwdXtO3FbgfmmyF2


     

       

       
136

       
+

       
    9VbS/GgomXhA9vJkM4KK3Iwo/y/nE9hRhtzuVE0QPudz2fyfaDgnWjcNM59064tH


     

       

       
137

       
+

       
    88361LVJm3ixyWSBD41UZ7NgWWJX1y2f073vErsfcPpavF5lhn1oSkQnOlgMJsnl


     

       

       
138

       
+

       
    24qeuzAgTWu/2rFpIA2EK30Bgvsl3pjJxHwyNDAgklV7C783LIoAHi7VO7tzZ6iF


     

       

       
139

       
+

       
    dmD5XLfcUZc3eaB7XehNQKBXDGLJeI5AFmjsHka5GUoitkU2PFrg/3+nJmg=


     

       

       
140

       
+

       
    -----END RSA PRIVATE KEY-----


     

       

       
141

       
+

       
  '';


     

       

       
142

       
+

       
  "acme.test".cert = builtins.toFile "acme.test.cert" ''


     

       

       
143

       
+

       
    -----BEGIN CERTIFICATE-----


     

       

       
144

       
+

       
    MIIEoTCCAokCAgKaMA0GCSqGSIb3DQEBCwUAMBYxFDASBgNVBAMMC1NuYWtlb2ls


     

       

       
145

       
+

       
    IENBMCAXDTIwMDMyMjIyNTYxOFoYDzIxMjAwMjI3MjI1NjE4WjAUMRIwEAYDVQQD


     

       

       
146

       
+

       
    DAlhY21lLnRlc3QwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCWBBNm


     

       

       
147

       
+

       
    Mp+zdofDQn33eTuMUCz6FVE9///McwCJSQ8pRg9NKXVPFL9s9uFbNKiibTSPhIuE


     

       

       
148

       
+

       
    YYaFt36We9ODS68pvGySABN/DlyVubVk36DHgO7HCMtXfEjGl5Jj48rOznPzD+T4


     

       

       
149

       
+

       
    AmH7M4/JfAfe63cL6iCnVL/kiGbNXdr/JT/qTTOkbGM3pk9FNcWvP3cjWk94KQnP


     

       

       
150

       
+

       
    3SXu2P7a4Vz3G0zbQ1BfnZ/RjahKFwbx8p01lXO4ceRleStkiGi7nn+dHLaMqAV4


     

       

       
151

       
+

       
    PcZBB9r2vA9atXJtDq0owyShrMH9SeTL3FxMjYslqt/GAcM72/3IUG+ZHhQzwHeQ


     

       

       
152

       
+

       
    zzY0egQ20dpnaaaIwZnNMRCV/zHBjIcWuoEUhVFYRSvuuv87lCv2Ag3RPi7frscJ


     

       

       
153

       
+

       
    7FVgArNs7Y/2HvlzPOMwygaRtfN71IxD+KSvESbAAeCvVfGHqJBiaA82TwBHd336


     

       

       
154

       
+

       
    jYjtYlkxRhkBEue6FWv0E1e/nXSKplOpfyVzIvl8SPdJPgBv4fut969m3o1TbqIk


     

       

       
155

       
+

       
    sFgCOsDaZK8f7C+RujGuBJLzFg+Q5bw0s0Rtuh3Oh8ikH5Jornc4iTRuP1zVgCCt


     

       

       
156

       
+

       
    I0RH9MNOANetZQ2uV9Vn8zv4AR15TTrCLuxWFWJ/o4EPc6mApI2N4TpO4kfzQ+Lk


     

       

       
157

       
+

       
    xa6BIUGvv3Zdvq6FWg+JU4U36qIYHpSTAGBIqQIDAQABMA0GCSqGSIb3DQEBCwUA


     

       

       
158

       
+

       
    A4ICAQBCDs0V4z00Ze6Ask3qDOLAPo4k85QCfItlRZmwl2XbPZq7kbe13MqF2wxx


     

       

       
159

       
+

       
    yiLalm6veK+ehU9MYN104hJZnuce5iEcZurk+8A+Pwn1Ifz+oWKVbUtUP3uV8Sm3


     

       

       
160

       
+

       
    chktJ2H1bebXtNJE5TwvdHiUkXU9ywQt2FkxiTSl6+eac7JKEQ8lVN/o6uYxF5ds


     

       

       
161

       
+

       
    +oIZplb7bv2XxsRCzq55F2tJX7fIzqXrSa+lQTnfLGmDVMAQX4TRB/lx0Gqd1a9y


     

       

       
162

       
+

       
    qGfFnZ7xVyW97f6PiL8MoxPfd2I2JzrzGyP/igNbFOW0ho1OwfxVmvZeS7fQSc5e


     

       

       
163

       
+

       
    +qu+nwnFfl0S4cHRif3G3zmz8Ryx9LM5TYkH41qePIHxoEO2sV0DgWJvbSjysV2S


     

       

       
164

       
+

       
    EU2a31dJ0aZ+z6YtZVpHlujKMVzxVTrqj74trS4LvU5h/9hv7e1gjYdox1TO0HMK


     

       

       
165

       
+

       
    mtDfgBevB21Tvxpz67Ijf31HvfTmCerKJEOjGnbYmyYpMeMNSONRDcToWk8sUwvi


     

       

       
166

       
+

       
    OWa5jlUFRAxgXNM09vCTPi9aRUhcFqACqfAd6I1NqGVlfplLWrc7SWaSa+PsLfBf


     

       

       
167

       
+

       
    4EOZfk8iEKBVeYXNjg+CcD8j8yk/oEs816/jpihIk8haCDRWYWGKyyGnwn6OQb8d


     

       

       
168

       
+

       
    MdRO2b7Oi/AAmEF3jMlICqv286GIYK5qTKk2/CKHlOLPnsWEuA==


     

       

       
169

       
+

       
    -----END CERTIFICATE-----


     

       

       
170

       
+

       
  '';


     

       

       
171

       
+

       
}
-12
nixos/tests/common/letsencrypt/common.nix 
···

       
1

       

       
-

       
{ lib, nodes, pkgs, ... }: let


     

       
2

       

       
-

       
  letsencrypt-ca = nodes.letsencrypt.config.test-support.letsencrypt.caCert;


     

       
3

       

       
-

       
in {


     

       
4

       

       
-

       
  networking.nameservers = [


     

       
5

       

       
-

       
    nodes.letsencrypt.config.networking.primaryIPAddress


     

       
6

       

       
-

       
  ];


     

       
7

       

       
-

       



     

       
8

       

       
-

       
  security.acme.acceptTerms = true;


     

       
9

       

       
-

       
  security.acme.email = "webmaster@example.com";


     

       
10

       

       
-

       



     

       
11

       

       
-

       
  security.pki.certificateFiles = [ letsencrypt-ca ];


     

       
12

       

       
-

       
}
+14 -14
nixos/tests/common/letsencrypt/default.nix nixos/tests/common/acme/server/default.nix 
···

       
1

       
1

       
 

       
# The certificate for the ACME service is exported as:


     

       
2

       
2

       
 

       
#


     

       
3

       

       
-

       
#   config.test-support.letsencrypt.caCert


     

       

       
3

       
+

       
#   config.test-support.acme.caCert


     

       
4

       
4

       
 

       
#


     

       
5

       
5

       
 

       
# This value can be used inside the configuration of other test nodes to inject


     

       
6

       
6

       
 

       
# the snakeoil certificate into security.pki.certificateFiles or into package


     

       
7

       
7

       
 

       
# overlays.


     

       
8

       
8

       
 

       
#


     

       
9

       
9

       
 

       
# Another value that's needed if you don't use a custom resolver (see below for


     

       
10

       

       
-

       
# notes on that) is to add the letsencrypt node as a nameserver to every node


     

       

       
10

       
+

       
# notes on that) is to add the acme node as a nameserver to every node


     

       
11

       
11

       
 

       
# that needs to acquire certificates using ACME, because otherwise the API host


     

       
12

       

       
-

       
# for letsencrypt.org can't be resolved.


     

       

       
12

       
+

       
# for acme.test can't be resolved.


     

       
13

       
13

       
 

       
#


     

       
14

       
14

       
 

       
# A configuration example of a full node setup using this would be this:


     

       
15

       
15

       
 

       
#


     

       
16

       
16

       
 

       
# {


     

       
17

       

       
-

       
#   letsencrypt = import ./common/letsencrypt;


     

       

       
17

       
+

       
#   acme = import ./common/acme/server;


     

       
18

       
18

       
 

       
#


     

       
19

       
19

       
 

       
#   example = { nodes, ... }: {


     

       
20

       
20

       
 

       
#     networking.nameservers = [


     

       
21

       

       
-

       
#       nodes.letsencrypt.config.networking.primaryIPAddress


     

       

       
21

       
+

       
#       nodes.acme.config.networking.primaryIPAddress


     

       
22

       
22

       
 

       
#     ];


     

       
23

       
23

       
 

       
#     security.pki.certificateFiles = [


     

       
24

       

       
-

       
#       nodes.letsencrypt.config.test-support.letsencrypt.caCert


     

       

       
24

       
+

       
#       nodes.acme.config.test-support.acme.caCert


     

       
25

       
25

       
 

       
#     ];


     

       
26

       
26

       
 

       
#   };


     

       
27

       
27

       
 

       
# }


     
···

       
33

       
33

       
 

       
# override networking.nameservers like this:


     

       
34

       
34

       
 

       
#


     

       
35

       
35

       
 

       
# {


     

       
36

       

       
-

       
#   letsencrypt = { nodes, ... }: {


     

       
37

       

       
-

       
#     imports = [ ./common/letsencrypt ];


     

       

       
36

       
+

       
#   acme = { nodes, ... }: {


     

       

       
37

       
+

       
#     imports = [ ./common/acme/server ];


     

       
38

       
38

       
 

       
#     networking.nameservers = [


     

       
39

       
39

       
 

       
#       nodes.myresolver.config.networking.primaryIPAddress


     

       
40

       
40

       
 

       
#     ];


     
···

       
55

       
55

       
 

       
let


     

       
56

       
56

       
 

       
  snakeOilCerts = import ./snakeoil-certs.nix;


     

       
57

       
57

       
 

       



     

       
58

       

       
-

       
  wfeDomain = "acme-v02.api.letsencrypt.org";


     

       

       
58

       
+

       
  wfeDomain = "acme.test";


     

       
59

       
59

       
 

       
  wfeCertFile = snakeOilCerts.${wfeDomain}.cert;


     

       
60

       
60

       
 

       
  wfeKeyFile = snakeOilCerts.${wfeDomain}.key;


     

       
61

       
61

       
 

       



     

       
62

       

       
-

       
  siteDomain = "letsencrypt.org";


     

       

       
62

       
+

       
  siteDomain = "acme.test";


     

       
63

       
63

       
 

       
  siteCertFile = snakeOilCerts.${siteDomain}.cert;


     

       
64

       
64

       
 

       
  siteKeyFile = snakeOilCerts.${siteDomain}.key;


     

       
65

       
65

       
 

       
  pebble = pkgs.pebble;


     

       
66

       
66

       
 

       
  resolver = let


     

       
67

       

       
-

       
    message = "You need to define a resolver for the letsencrypt test module.";


     

       

       
67

       
+

       
    message = "You need to define a resolver for the acme test module.";


     

       
68

       
68

       
 

       
    firstNS = lib.head config.networking.nameservers;


     

       
69

       
69

       
 

       
  in if config.networking.nameservers == [] then throw message else firstNS;


     

       
70

       
70

       
 

       



     
···

       
82

       
82

       
 

       
  pebbleDataDir = "/root/pebble";


     

       
83

       
83

       
 

       



     

       
84

       
84

       
 

       
in {


     

       
85

       

       
-

       
  imports = [ ../resolver.nix ];


     

       

       
85

       
+

       
  imports = [ ../../resolver.nix ];


     

       
86

       
86

       
 

       



     

       
87

       

       
-

       
  options.test-support.letsencrypt.caCert = lib.mkOption {


     

       

       
87

       
+

       
  options.test-support.acme.caCert = lib.mkOption {


     

       
88

       
88

       
 

       
    type = lib.types.path;


     

       
89

       
89

       
 

       
    description = ''


     

       
90

       
90

       
 

       
      A certificate file to use with the <literal>nodes</literal> attribute to


     
···

       
98

       
98

       
 

       
      resolver.enable = let


     

       
99

       
99

       
 

       
        isLocalResolver = config.networking.nameservers == [ "127.0.0.1" ];


     

       
100

       
100

       
 

       
      in lib.mkOverride 900 isLocalResolver;


     

       
101

       

       
-

       
      letsencrypt.caCert = snakeOilCerts.ca.cert;


     

       

       
101

       
+

       
      acme.caCert = snakeOilCerts.ca.cert;


     

       
102

       
102

       
 

       
    };


     

       
103

       
103

       
 

       



     

       
104

       
104

       
 

       
    # This has priority 140, because modules/testing/test-instrumentation.nix
+2 -3
nixos/tests/common/letsencrypt/mkcerts.nix nixos/tests/common/acme/server/mkcerts.nix 
···

       
1

       
1

       
 

       
{ pkgs ? import <nixpkgs> {}


     

       
2

       
2

       
 

       
, lib ? pkgs.lib


     

       
3

       

       
-

       



     

       
4

       

       
-

       
, domains ? [ "acme-v02.api.letsencrypt.org" "letsencrypt.org" ]


     

       

       
3

       
+

       
, domains ? [ "acme.test" ]


     

       
5

       
4

       
 

       
}:


     

       
6

       
5

       
 

       



     

       
7

       

       
-

       
pkgs.runCommand "letsencrypt-snakeoil-ca" {


     

       

       
6

       
+

       
pkgs.runCommand "acme-snakeoil-ca" {


     

       
8

       
7

       
 

       
  nativeBuildInputs = [ pkgs.openssl ];


     

       
9

       
8

       
 

       
} ''


     

       
10

       
9

       
 

       
  addpem() {
nixos/tests/common/letsencrypt/mkcerts.sh nixos/tests/common/acme/server/mkcerts.sh
-254
nixos/tests/common/letsencrypt/snakeoil-certs.nix 
···

       
1

       

       
-

       
# Generated via mkcert.sh in the same directory.


     

       
2

       

       
-

       
{


     

       
3

       

       
-

       
  ca.key = builtins.toFile "ca.key" ''


     

       
4

       

       
-

       
    -----BEGIN PRIVATE KEY-----


     

       
5

       

       
-

       
    MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDQ0b23I1srJZwR


     

       
6

       

       
-

       
    2MMdvSJK5pcwLfrXU+4gEZEnWNyT8yeVweya+8vmNNOlvK3zxf+ZiY/7aQ0RZJMO


     

       
7

       

       
-

       
    h2+VdlgHmr2QKhQTf1HwfZA/06FolD3/DcS+DMJMSTVr179/XLndeVVZUqU7tjvB


     

       
8

       

       
-

       
    AWKSIS8H2hSF1UOPi9gBDR8MwCP6Qgj8WYhbkt9q47/lO96qAmm6U1F+Q7RYM9ZQ


     

       
9

       

       
-

       
    IWI81N0Ms5wJocg7n6S19iV66ePh7APapZFYup61gFGWfahmA217ELIZd56n8yjO


     

       
10

       

       
-

       
    F0epb9sC0XpYCDRrYKBWLqPiv+6wvdZtZvALItyIv08ZwXlBkFg3LbAAhPnf0Vxz


     

       
11

       

       
-

       
    pYysQmyyyzkgy252n+Sie0kx+B4qm6fOkpfgYlPSVTb2dXx/be/SE08u0a9FO0fZ


     

       
12

       

       
-

       
    pkByWEZJUUwngsJgLUa7MorQf3avxozfC25XqvzbieZfSXlA7mOUclZbC/WUFpyj


     

       
13

       

       
-

       
    MlyJU2eCQ8wSwsPXl91oxcYlOkuVLgd41gr9pGXQSuKIkrgbfkftjg2tDC+7g7O8


     

       
14

       

       
-

       
    qrdF42FjbZjIx/74AasmsGh4GTQtiSkvEnTstioC6aCV44DlJWbBIMvkyawubjUl


     

       
15

       

       
-

       
    Ppij0H66Y9Q4tEc/ktc7oGQfqqluyLb43TeobTPHALsNeAYb39rMtBo5DDCUc81s


     

       
16

       

       
-

       
    fuDMhMr/oYXKrFstUsg5AY6mJaRG0QIDAQABAoICAF5ZVfmoPOoKzTB3GvmV2iez


     

       
17

       

       
-

       
    dj4rmDmwT1gn98iqasdiRtFwVGJWQHNcDQDGdmY9YNZThD2Y4nGoWpVm9jC2zuFo


     

       
18

       

       
-

       
    thusF3QTw8cARKvCCBzDVhumce1YwHVNYpi+W2TFValOyBRathN7rBXxdUMHQUOv


     

       
19

       

       
-

       
    8jPh/uudyNP4xL2zFs5dBchW/7g4bT/TdYGyglGYU4L/YEPHfXWYvk1oOAW6O8Ig


     

       
20

       

       
-

       
    aPElKt5drEMW2yplATSzua4RvtEzSMBDIRn43pxxEgdXrNC67nF9+ULc2+Efi/oD


     

       
21

       

       
-

       
    Ad9CncSiXO9zlVK/W655p6e4qd6uOqyCm8/MTegkuub7eplRe8D3zGjoNN4kCQ4S


     

       
22

       

       
-

       
    rckVvIDDb6vZk7PKx9F7GWIqaG/YvFFFKO1MrAZg7SguFA6PtGOYAFocT03P6KXT


     

       
23

       

       
-

       
    l2SnZQWKyxUAlh4tOBGlRFgGCx/krRIKbgNYn/qk/ezcRl8c7GpOPh+b7Icoq7u3


     

       
24

       

       
-

       
    l4tIVBBHqS8uGgtyi+YwuJeht2MV1aEcSkykKLh2ipp8tb6spORJUkhjawDjvxeQ


     

       
25

       

       
-

       
    GztN30Xh2riTXYZ0HExVTtJa8jyvFyp/97ptPIJXaVt2A2KIS3sBFHKnpY+/OrQg


     

       
26

       

       
-

       
    uUauYgi13WFHsKOxZL9GYGk7Ujd8bw4CEcJFxKY7bhpGVI6Du7NRkUDWN0+0yusI


     

       
27

       

       
-

       
    2szCJ7+ZqJkrc1+GrI/RAoIBAQDseAEggOLYZkpU2Pht15ZbxjM9ayT2ANq1+RTu


     

       
28

       

       
-

       
    LjJx4gv2/o/XJCfMZCL0b9TJqtYeH+N6G9oDRJ99VIhUPedhWSYdj9Qj+rPd++TS


     

       
29

       

       
-

       
    bp+MoSjmfUfxLTDrmFHL7ppquAE65aDy3B5c+OCb0I4X6CILUf0LynBzgl4kdrzN


     

       
30

       

       
-

       
    U6BG3Mt0RiGPojlPV82B9ZUF/09YAz7BIz9X3KMhze1Gps5OeGuUnc9O2IAJYkrj


     

       
31

       

       
-

       
    ur9H2YlNS4w+IjRLAXSXUqC8bqPZp6WTo1G/rlyAkIRXCGN90uk5JQvXoj9immFO


     

       
32

       

       
-

       
    WaylbdcNG3YcGutreYeZL/UIWF6zCdc6pYG0cCBJS6S/RN7FAoIBAQDiERrLuUbV


     

       
33

       

       
-

       
    3fx/a8uMeZop6hXtQpF7jlFxqUmza7QSvBuwks4QVJF+qMSiSvKDkCKqZD4qVf4N


     

       
34

       

       
-

       
    TMxEj5vNR0PbnmDshyKJNGVjEauKJSb65CFDUcL1eR/A/oJvxiIdN1Z4cPrpnRux


     

       
35

       

       
-

       
    /zIfPuYfYHpdz52buxxmlD7bfwYmVKVpnzjB9z0I1CasZ5uqB0Z8H0OLyUu8S4ju


     

       
36

       

       
-

       
    RfkKBDMgVl2q96i8ZvX4C1b7XuimIUqv4WHq5+ejcYirgrYtUbBIaDU3/LORcJdy


     

       
37

       

       
-

       
    /K76L1/up70RTDUYYm/HKaRy+vMTpUsZJ7Qbh0hrvQkUvNQ1HXjprW2AePIYi33N


     

       
38

       

       
-

       
    h3mb1ulqw4idAoIBAQCsn0YjVjNDShkFK4bfmLv4rw2Ezoyi0SjYIsb2wN6uaBfX


     

       
39

       

       
-

       
    7SlQIuKywH8L9f9eYMoCH8FNyLs0G4paUbVb2fzpAc1jUzXINiHL8TCvtXXfkV5s


     

       
40

       

       
-

       
    NBSqqRTHR+CegMZVFZJATpVZ9PptYHmHBY5VQW5o2SdizhudFxRmhg95zIx6boBP


     

       
41

       

       
-

       
    l0q0sfYoR66MKpzpTeG8HFJZZ8O7/iNQcCXAp9B/VEUkrrdBlaaSMyD8cb1lVBZ5


     

       
42

       

       
-

       
    SKdOTGXkQ2G7feQ86n/OSiYDSvxIc56vc9BIQKVwmuEKiFLGzXh8ILrcGXaBJVgS


     

       
43

       

       
-

       
    B3QHPFeTk5o7Z9j2iJxJEuv9sginkhrfpsrTnhEJAoIBACkrUkTtjd/e2F/gIqaH


     

       
44

       

       
-

       
    crLVZX7a06G7rktTuA9LuvR6e1Rxt8Mzk3eMhprDqVyaQCXlsYiGNoj3hm+p84az


     

       
45

       

       
-

       
    xsDVG/OXPIveFeSv0ByNXYbtSr12w1lu4ICGGP0ACTBm5oFymc83hFarEdas3r2y


     

       
46

       

       
-

       
    FTbGW36D2c04jCXvARCz85fDnlN8kgnskMpu5+NUBdsO2n83fmphGyPBbHQNhb4K


     

       
47

       

       
-

       
    3G4JQhplab/tWL7YbufqQi67jdh4uS+Duo75c/HW4ZKeH6r9gzomVf5j0/3N6NuO


     

       
48

       

       
-

       
    gpkG1tiE/LQ5ejBSUTgvrvh6yYsF3QN53pB/PuoZXu63Xay62ePsa1GlrVjbD5EY


     

       
49

       

       
-

       
    4OUCggEAJFr7F7AQLMJTAxHFLCsZZ0ZZ+tXYclBC4eHPkZ6sD5jvL3KIpW3Q7jXk


     

       
50

       

       
-

       
    oIoD/XEX4B+Qe5M3jQJ/Y5ZJETHcgfcHZbDpCKN2WHQgldQbAJiFd4GY1OegdVsr


     

       
51

       

       
-

       
    7TC8jh3Q2eYjzL8u4z7LSNI6aQSv1eWE7S1Q5j/sX/YYDR4W3CBMeIUpqoDWpn87


     

       
52

       

       
-

       
    czbIRyA/4L0Y/HLpg/ZCbvtJZbsQwYXhyqfbjlm4BRQ6JiC5uEBKvuDRUXToBJta


     

       
53

       

       
-

       
    JU8XMm+Ae5Ogrw7P6hg68dWpagfjb7UZ7Zxv+VDsbrU6KsDcyGCAwrrRZou/6KUG


     

       
54

       

       
-

       
    Eq4OVTSu/s8gmY94tgbjeOaLUPEPmg==


     

       
55

       

       
-

       
    -----END PRIVATE KEY-----


     

       
56

       

       
-

       
  '';


     

       
57

       

       
-

       
  ca.cert = builtins.toFile "ca.cert" ''


     

       
58

       

       
-

       
    -----BEGIN CERTIFICATE-----


     

       
59

       

       
-

       
    MIIFDzCCAvegAwIBAgIUU9rbCLTuvaI6gjSsFsJJjfLWIX8wDQYJKoZIhvcNAQEL


     

       
60

       

       
-

       
    BQAwFjEUMBIGA1UEAwwLU25ha2VvaWwgQ0EwIBcNMTkxMDE4MDc1NDEyWhgPMjEx


     

       
61

       

       
-

       
    OTA5MjQwNzU0MTJaMBYxFDASBgNVBAMMC1NuYWtlb2lsIENBMIICIjANBgkqhkiG


     

       
62

       

       
-

       
    9w0BAQEFAAOCAg8AMIICCgKCAgEA0NG9tyNbKyWcEdjDHb0iSuaXMC3611PuIBGR


     

       
63

       

       
-

       
    J1jck/MnlcHsmvvL5jTTpbyt88X/mYmP+2kNEWSTDodvlXZYB5q9kCoUE39R8H2Q


     

       
64

       

       
-

       
    P9OhaJQ9/w3EvgzCTEk1a9e/f1y53XlVWVKlO7Y7wQFikiEvB9oUhdVDj4vYAQ0f


     

       
65

       

       
-

       
    DMAj+kII/FmIW5LfauO/5TveqgJpulNRfkO0WDPWUCFiPNTdDLOcCaHIO5+ktfYl


     

       
66

       

       
-

       
    eunj4ewD2qWRWLqetYBRln2oZgNtexCyGXeep/MozhdHqW/bAtF6WAg0a2CgVi6j


     

       
67

       

       
-

       
    4r/usL3WbWbwCyLciL9PGcF5QZBYNy2wAIT539Fcc6WMrEJssss5IMtudp/kontJ


     

       
68

       

       
-

       
    MfgeKpunzpKX4GJT0lU29nV8f23v0hNPLtGvRTtH2aZAclhGSVFMJ4LCYC1GuzKK


     

       
69

       

       
-

       
    0H92r8aM3wtuV6r824nmX0l5QO5jlHJWWwv1lBacozJciVNngkPMEsLD15fdaMXG


     

       
70

       

       
-

       
    JTpLlS4HeNYK/aRl0EriiJK4G35H7Y4NrQwvu4OzvKq3ReNhY22YyMf++AGrJrBo


     

       
71

       

       
-

       
    eBk0LYkpLxJ07LYqAumgleOA5SVmwSDL5MmsLm41JT6Yo9B+umPUOLRHP5LXO6Bk


     

       
72

       

       
-

       
    H6qpbsi2+N03qG0zxwC7DXgGG9/azLQaOQwwlHPNbH7gzITK/6GFyqxbLVLIOQGO


     

       
73

       

       
-

       
    piWkRtECAwEAAaNTMFEwHQYDVR0OBBYEFAZcEiVphGxBT4OWXbM6lKu96dvbMB8G


     

       
74

       

       
-

       
    A1UdIwQYMBaAFAZcEiVphGxBT4OWXbM6lKu96dvbMA8GA1UdEwEB/wQFMAMBAf8w


     

       
75

       

       
-

       
    DQYJKoZIhvcNAQELBQADggIBAGJ5Jnxq1IQ++IRYxCE7r7BqzzF+HTx0EWKkSOmt


     

       
76

       

       
-

       
    eSPqeOdhC26hJlclgGZXAF/Xosmn8vkSQMHhj/jr4HI0VF9IyvDUJm8AKsnOgu/7


     

       
77

       

       
-

       
    DUey3lEUdOtJpTG9NyTOcrzxToMJ+hWlFLZKxx2dk4FLIvTLjmo1VHM97Bat7XYW


     

       
78

       

       
-

       
    IrL9RRIZ25V+eCYtlR7XYjceGFQ0rCdp8SFIQwC6C/AH2tV3b1AJFsND9PcoLu7c


     

       
79

       

       
-

       
    //fH+WUQCcD/N0grdC/QCX7AFWzd4rKQ8gjfND4TSYFTSDwW10Mud4kAVhY2P1sY


     

       
80

       

       
-

       
    Y3ZpnxWrCHbIZMbszlbMyD+cjsCBnNvOtYGm7pDut/371rllVcB/uOWYWMCtKPoj


     

       
81

       

       
-

       
    0elPrwNMrK+P+wceNBCRQO+9gwzB589F2morFTtsob/qtpAygW8Sfl8M+iLWXeYS


     

       
82

       

       
-

       
    c3LBLnj0TpgXKRWg7wgIWKSZx9v6pgy70U0qvkjNS1XseUCPf7hfAbxT3xF+37Dw


     

       
83

       

       
-

       
    zZRwF4WAWqdnJoOey21mgc+a2DQzqtykA6KfHgCqNFfDbQXPXvNy25DDThbk+paX


     

       
84

       

       
-

       
    G2M2EWtr+Nv9s/zm7Xv/pOXlgMFavaj+ikqZ4wfJf6c/sMOdZJtMA4TsYtAJgbc8


     

       
85

       

       
-

       
    ts+0eymTq4v5S8/fW51Lbjw6hc1Kcm8k7NbHSi9sEjBfxFLTZNQ5eb4NGr9Od3sU


     

       
86

       

       
-

       
    kgwJ


     

       
87

       

       
-

       
    -----END CERTIFICATE-----


     

       
88

       

       
-

       
  '';


     

       
89

       

       
-

       
  "acme-v02.api.letsencrypt.org".key = builtins.toFile "acme-v02.api.letsencrypt.org.key" ''


     

       
90

       

       
-

       
    -----BEGIN RSA PRIVATE KEY-----


     

       
91

       

       
-

       
    MIIJKQIBAAKCAgEApny0WhfDwEXe6WDTCw8qBuMAPDr88pj6kbhQWfzAW2c0TggJ


     

       
92

       

       
-

       
    Etjs9dktENeTpSl14nnLVMiSYIJPYY3KbOIFQH1qDaOuQ7NaOhj9CdMTm5r9bl+C


     

       
93

       

       
-

       
    YAyqLIMQ9AAZDhUcQjOy3moiL7ClFHlkFYuEzZBO9DF7hJpfUFIs0Idg50mNoZh/


     

       
94

       

       
-

       
    K/fb4P2skNjfCjjomTRUmZHxT6G00ImSTtSaYbN/WHut1xXwJvOoT1nlEA/PghKm


     

       
95

       

       
-

       
    JJ9ZuRMSddUJmjL+sT09L8LVkK8CKeHi4r58DHM0D0u8owIFV9qsXd5UvZHaNgvQ


     

       
96

       

       
-

       
    4OAWGukMX+TxRuqkUZkaj84vnNL+ttEMl4jedw0ImzNtCOYehDyTPRkfng5PLWMS


     

       
97

       

       
-

       
    vWbwyP8jDd2578mSbx5BF7ypYX366+vknjIFyZ5WezcC1pscIHxLoEwuhuf+knN+


     

       
98

       

       
-

       
    kFkLOHeYbqQrU6mxSnu9q0hnNvGUkTP0a/1aLOGRfQ5C/pxpE/Rebi8qfM/OJFd4


     

       
99

       

       
-

       
    mSxGL93JUTXWAItiIeBnQpIne65/Ska9dWynOEfIb0okdet3kfmNHz3zc17dZ5g4


     

       
100

       

       
-

       
    AdOSCgHAlQgFt/Qd8W6xXUe4C5Mfv2ctxRrfQhDwtB6rMByPwzImnciC2h3vCwD3


     

       
101

       

       
-

       
    vS/vjUyWICyhZyi2LZDUQz+sCKBXCYYcYh8ThFO40j5x1OnYMq7XQvyl8QkCAwEA


     

       
102

       

       
-

       
    AQKCAgBSAfdssWwRF9m3p6QNPIj9H3AMOxpB/azffqTFzsSJwYp4LWkayZPfffy+


     

       
103

       

       
-

       
    4RGvN38D8e6ActP3ifjEGu3tOGBR5fUJhujeHEiDea+a2Ug9S9kuNwmnelWQ23bM


     

       
104

       

       
-

       
    Wgf9cdSbn4+qEymHyEFolmsAWdsuzri1fHJVXR06GWBNz4GiLA8B3HY4GD1M1Gfe


     

       
105

       

       
-

       
    aZVkGagpXyeVBdiR2xuP5VQWVI8/NQWzdiipW/sRlNABVkyI3uDeN4VzYLL3gTeE


     

       
106

       

       
-

       
    p021kQz4DSxIjHZacHpmWwhBnIbKMy0fo7TlrqcnIWXqTwv63Q9Zs/RN8NOyqb0Y


     

       
107

       

       
-

       
    t1NKFWafcwUsdOnrG9uv/cVwF1FNE8puydaOi8rL1zAeK89JH8NRQ02wohR9w8qy


     

       
108

       

       
-

       
    b2tB6DyGMtuqBt8Il6GA16ZoEuaXeayvlsvDEmG1cS9ZwBvfgrVPAmlm2AYdIf5B


     

       
109

       

       
-

       
    RHIJu4BJC6Nn2ehVLqxx1QDhog3SOnAsCmcfg5g/fCwxcVMLIhODFoiKYGeMitDG


     

       
110

       

       
-

       
    Q4e5JKcOg+RR8PT/n4eY4rUDBGtsR+Nw8S2DWgXmSufyfDtKCjZB4IuLWPS29tNh


     

       
111

       

       
-

       
    zF6iYfoiTWzrSs/yqPSKIFpv+PWZwkKSvjdxia6lSBYYEON4W2QICEtiEs+SvcG4


     

       
112

       

       
-

       
    0eIqWM+rRmPnJyMfGqX6GCs3rHDQB2VNJPBCYPQalJ/KwZumAQKCAQEA0ezM6qPJ


     

       
113

       

       
-

       
    1JM/fddgeQ50h0T9TRXVUTCISxXza+l4NuFt1NdqUOdHsGtbL1JR4GaQUG8qD1/P


     

       
114

       

       
-

       
    R39YgnQEQimxpmYLCZkobkwPxTZm9oiMXpcJrlN4PB5evaWShRSv3mgigpt3Wzml


     

       
115

       

       
-

       
    Td+2R9RoA/hvF/wEyIvaWznYOyugBC7GXs20dNnZDULhUapeQu7r6JvgmxBOby7S


     

       
116

       

       
-

       
    0FbhGplBiSDETzZURqzH/GMJKaJtNgyyVf3Hbg4mZAQDWoBRr+8HxsNbDkxP6e91


     

       
117

       

       
-

       
    QrPHy2VZFiaTmJfoxRhyMTn7/JZaLJaUHDOniOsdMj/V7vMCgpfBqh5vR8bKzuPy


     

       
118

       

       
-

       
    ZINggpcFPp1IYQKCAQEAywc7AQoktMBCru/3vzBqUveXbR3RKzNyZCTH5CMm3UNH


     

       
119

       

       
-

       
    zmblFgqF2nxzNil21GqAXzSwZk5FyHbkeD3yvEZm+bXzsZTDNokAwoiTgyrr2tf8


     

       
120

       

       
-

       
    GLMlCHHl5euIh1xHuyg/oKajVGOoXUXK8piqiDpQKd3Zwc6u2oyQlh+gYTPKh+7i


     

       
121

       

       
-

       
    ilipkYawoE6teb6JUGpvU+d27INgNhB2oDEXY3pG2PbV+wv229ykSZxh1sJUdDwT


     

       
122

       

       
-

       
    a8eTg+3pCGXtOZiJoQTFwKUlD2WYTGqS4Gx6dIJco5k+ZikGNST1JGE64Jl4MZdI


     

       
123

       

       
-

       
    rtyvpcYblh5Q14sJGvp4kWYS9tjEM8pA+4Z9th3JqQKCAQEAkidH0+UM1A9gmQCm


     

       
124

       

       
-

       
    jiHeR39ky5Jz3f7oJT63J15479yrVxBTWNhtNQrJhXzOvGkr+JQsuF+ANMsYmFql


     

       
125

       

       
-

       
    zFqy8KMC9D/JwmD6adeif+o5sHF/r/s1LsYGOAtao4TvnOzrefs7ciwERt+GTSQ4


     

       
126

       

       
-

       
    9uq0jgJMYkPcVr9DKI8K7V6ThdW52dECKRVzQiRXVEp7vIsqKUuFECuNYrfaKWai


     

       
127

       

       
-

       
    FhLWGkA9FKee5L0e1/naB1N3ph72Bk2btO6GVzAXr2HADEZe0umWiczJ2xLH+3go


     

       
128

       

       
-

       
    Oh/JiufYi8ClYFh6dDVJutlrbOcZsV3gCegfzikqijmWABcIavSgpsJVNF2zh7gV


     

       
129

       

       
-

       
    Uq62gQKCAQAdO2FHeQpn6/at8WceY/4rC/MFhvGC4tlpidIuCtGhsfo4wZ/iWImF


     

       
130

       

       
-

       
    N73u4nF1jBAHpTJwyHxLrLKgjWrRqOFSutvniZ/BzmAJolh63kcvL0Hg3IpMePm8


     

       
131

       

       
-

       
    7PivZJ3/WIAwxU1m7SJkq5PY8ho7mwnHvWWI/hU26l42/z68QBS9FawQd0uS5G2x


     

       
132

       

       
-

       
    5yIbEU/8ABcfYYhB7XiA0EYEMo1HiWeB/ag5iTN13ILbBmUf4sL+KVgygH3A1RRk


     

       
133

       

       
-

       
    XSiWzluij2lZn22ClgIjnoSfQ38uH0bvVzUgyG9YX4XcQxOTGwWvPjT82FGB8NAw


     

       
134

       

       
-

       
    ARVqs14QQFfzt1qrp/I38rsAfBDFk+xhAoIBAQCEKNk/oJcy9t/jMIbLcn6z3aCc


     

       
135

       

       
-

       
    Fn8GBPSXtFj0t6weN5lHof+cggw4owMFWQQyAXxo/K6NnKNydMPZ5qjtLsHNpbpQ


     

       
136

       

       
-

       
    aT1Or0/1YR1bJ8Lo82B4QM++7F761GWQPvE/tyrfPkfkWl92ITIpmnlw4wycRlkq


     

       
137

       

       
-

       
    9anI2fnj1nIZwixzE2peb6PcsZU2HOs9uZ5RRd9wia696I7IpNibs4O4J2WTm4va


     

       
138

       

       
-

       
    +NeYif3V2g9qwgT0Va0c9/Jlg3b58R0vA8j/VCU5I0TyXpkB3Xapx+pvEdZ3viUL


     

       
139

       

       
-

       
    mXZaVotmWjgBXGDtd2VQg2ZiAMXHn3RzXSgV4Z+A/XacRs75h9bNw0ZJYrz1


     

       
140

       

       
-

       
    -----END RSA PRIVATE KEY-----


     

       
141

       

       
-

       
  '';


     

       
142

       

       
-

       
  "acme-v02.api.letsencrypt.org".cert = builtins.toFile "acme-v02.api.letsencrypt.org.cert" ''


     

       
143

       

       
-

       
    -----BEGIN CERTIFICATE-----


     

       
144

       

       
-

       
    MIIEtDCCApwCAgKaMA0GCSqGSIb3DQEBCwUAMBYxFDASBgNVBAMMC1NuYWtlb2ls


     

       
145

       

       
-

       
    IENBMCAXDTE5MTAxODA3NTQxM1oYDzIxMTkwOTI0MDc1NDEzWjAnMSUwIwYDVQQD


     

       
146

       

       
-

       
    DBxhY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnMIICIjANBgkqhkiG9w0BAQEF


     

       
147

       

       
-

       
    AAOCAg8AMIICCgKCAgEApny0WhfDwEXe6WDTCw8qBuMAPDr88pj6kbhQWfzAW2c0


     

       
148

       

       
-

       
    TggJEtjs9dktENeTpSl14nnLVMiSYIJPYY3KbOIFQH1qDaOuQ7NaOhj9CdMTm5r9


     

       
149

       

       
-

       
    bl+CYAyqLIMQ9AAZDhUcQjOy3moiL7ClFHlkFYuEzZBO9DF7hJpfUFIs0Idg50mN


     

       
150

       

       
-

       
    oZh/K/fb4P2skNjfCjjomTRUmZHxT6G00ImSTtSaYbN/WHut1xXwJvOoT1nlEA/P


     

       
151

       

       
-

       
    ghKmJJ9ZuRMSddUJmjL+sT09L8LVkK8CKeHi4r58DHM0D0u8owIFV9qsXd5UvZHa


     

       
152

       

       
-

       
    NgvQ4OAWGukMX+TxRuqkUZkaj84vnNL+ttEMl4jedw0ImzNtCOYehDyTPRkfng5P


     

       
153

       

       
-

       
    LWMSvWbwyP8jDd2578mSbx5BF7ypYX366+vknjIFyZ5WezcC1pscIHxLoEwuhuf+


     

       
154

       

       
-

       
    knN+kFkLOHeYbqQrU6mxSnu9q0hnNvGUkTP0a/1aLOGRfQ5C/pxpE/Rebi8qfM/O


     

       
155

       

       
-

       
    JFd4mSxGL93JUTXWAItiIeBnQpIne65/Ska9dWynOEfIb0okdet3kfmNHz3zc17d


     

       
156

       

       
-

       
    Z5g4AdOSCgHAlQgFt/Qd8W6xXUe4C5Mfv2ctxRrfQhDwtB6rMByPwzImnciC2h3v


     

       
157

       

       
-

       
    CwD3vS/vjUyWICyhZyi2LZDUQz+sCKBXCYYcYh8ThFO40j5x1OnYMq7XQvyl8QkC


     

       
158

       

       
-

       
    AwEAATANBgkqhkiG9w0BAQsFAAOCAgEAkx0GLPuCvKSLTHxVLh5tP4jxSGG/zN37


     

       
159

       

       
-

       
    PeZLu3QJTdRdRc8bgeOGXAVEVFbqOLTNTsuY1mvpiv2V6wxR6nns+PIHeLY/UOdc


     

       
160

       

       
-

       
    mOreKPtMU2dWPp3ybec2Jwii6PhAXZJ26AKintmug1psMw7662crR3SCnn85/CvW


     

       
161

       

       
-

       
    192vhr5gM1PqLBIlbsX0tAqxAwBe1YkxBb9vCq8NVghJlKme49xnwGULMTGs15MW


     

       
162

       

       
-

       
    hIPx6sW93zwrGiTsDImH49ILGF+NcX1AgAq90nG0j/l5zhDgXGJglX+K1xP99X1R


     

       
163

       

       
-

       
    de3I4uoufPa5q+Pjmhy7muL+o4Qt0D0Vm86RqqjTkNPsr7gAJtt66A7TJrYiIoKn


     

       
164

       

       
-

       
    GTIBsgM6egeFLLYQsT0ap/59HJismO2Pjx4Jk/jHOkC8TJsXQNRq1Km76VMBnuc0


     

       
165

       

       
-

       
    2CMoD9pb38GjUUH94D4hJK4Ls/gJMF3ftKUyR8Sr/LjE6qU6Yj+ZpeEQP4kW9ANq


     

       
166

       

       
-

       
    Lv9KSNDQQpRTL4LwGLTGomksLTQEekge7/q4J2TQRZNYJ/mxnrBKRcv9EAMgBMXq


     

       
167

       

       
-

       
    Q+7GHtKDv9tJVlMfG/MRD3CMuuSRiT3OVbvMMkFzsPkqxYAP1CqE/JGvh67TzKI+


     

       
168

       

       
-

       
    MUfXKehA6TKuxrTVqCtoFIfGaqA9IWyoRTtugYq/xssB9ESeEYGeaM1A9Yueqz+h


     

       
169

       

       
-

       
    KkBZO00jHSE=


     

       
170

       

       
-

       
    -----END CERTIFICATE-----


     

       
171

       

       
-

       
  '';


     

       
172

       

       
-

       
  "letsencrypt.org".key = builtins.toFile "letsencrypt.org.key" ''


     

       
173

       

       
-

       
    -----BEGIN RSA PRIVATE KEY-----


     

       
174

       

       
-

       
    MIIJKgIBAAKCAgEA9dpdPEyzD3/BBds7tA/51s+WmLFyWuFrq4yMd2R+vi5gvK7n


     

       
175

       

       
-

       
    lLNVKhYgiTmK2Um+UEpGucJqZHcTSZA1Bz4S/8ND/AI9I6EmwvBinY5/PubxEALk


     

       
176

       

       
-

       
    9YiDA+IzH8ZGFM8wXg7fMbbJAsyv+SHAtr2jmCsggrpuD5fgzs2p+F2q0+oVoeFw


     

       
177

       

       
-

       
    MAOUdAf2jNtNLEj2Q6MiR5Xq+wFOcRtXlNlXWIX3NrmubO/xOpDNpsyjyYC5Ld+W


     

       
178

       

       
-

       
    06MS5bTHSdv56AkUg2PugMChj15TOddEJIK8zPXFTlMYye9SKwjhNUZovfe4xXCa


     

       
179

       

       
-

       
    Tj2nmzrcuMKLz+S3sKQeTWjiRcY3w4zTlAbhtGXDjXjhMObrHoWM8e3cTL4NJMvt


     

       
180

       

       
-

       
    tNStXficxbeTbIiYu+7dtF0q+iWaZqexc6PdAaIpFZ0XSw+i5iLdQZmBwzY7NLlH


     

       
181

       

       
-

       
    pQupfh6ze0qDUVZAMDubo4JKUTBzH6QTuhHx+uUm7Lc8YdNArn7o/vMZDQym1Eia


     

       
182

       

       
-

       
    xKxZuCGaqFvq8ZK4nBVsHfcXbhF/XD2HMid3t7ImbREVu9qnc+En+acU/SJaaL3r


     

       
183

       

       
-

       
    jMW6HLVMr6+vQrCzYkvLzKYpoUm9D1Kcn6d8Ofxl2iCaY9CkMr5/6J1p1wcTdcN7


     

       
184

       

       
-

       
    IVQ/DFBeTDauyWbyZkO/lPoZoakWyXOx9S9tgClzhFmNgRkZv9wN+QguNDcCAwEA


     

       
185

       

       
-

       
    AQKCAgEA0ndlacGfaJ1NeN39dmBW2XZMzdrassJXkjx34528gsLhPaXdyobbWXQn


     

       
186

       

       
-

       
    1lHUc7+VlNaBRXUR73+gm1FAlDqnuRxIjuy7ukyzCh8PzSG3/PlnVPWlXCzJPAHh


     

       
187

       

       
-

       
    EkqCpD3agirpF34LBsKDwxsKB2bBLft9kWxX3DGA2olmAKDvJQs4CaUcjX4DEHHg


     

       
188

       

       
-

       
    tyTmJAsyByUYq3/D8a1koZ9ukpadF8NXpxm+ILQoJqLf6vM1I8N2w7atP/BStSLV


     

       
189

       

       
-

       
    mH0gq2tajEB4ZPCDXmC5jsKiKz9gsXWUu0CX8AdYqE6pvRnRgQ8Ytq1265QMb+8s


     

       
190

       

       
-

       
    FV82oXqDZkyZRFuNmX3fLyDX39kkTcVS37S56Gzk4EzDWE/u2RXCAPeWla2zUFYI


     

       
191

       

       
-

       
    hg8X4ZAwbZRODtK2cZTuCZEILM/iKmtSgHC+aQhp18EUAefa7WGrRD4AvbTxH4VF


     

       
192

       

       
-

       
    ek60bwISBk5Mhf39MwqIiQxGOFmfLsQReZvzH4jI5zfDXf/0yZ/1SdGeu6+Walt0


     

       
193

       

       
-

       
    V81Ua/DB6zshHpeSP74HMuJHZ4DOQfcV/ndyzvoP84pAjenSx6O034OwQTkpoMI/


     

       
194

       

       
-

       
    f/2rK8kdzYSL4f//kFMuRLqmAwOmAFYB2oMo0/YaIoQ4vgTHDKTSxj5mbno56GdT


     

       
195

       

       
-

       
    huMAVMKskaCSVbyMB/xyQG7senLItVv+HafVk6ChMUbkIjv9zgECggEBAP+ux1RG


     

       
196

       

       
-

       
    cETGjK2U3CRoHGxR7FwaX6hkSokG+aFdVLer+WUrZmR8Ccvh2ALpm8K1G6TTk/5X


     

       
197

       

       
-

       
    ZeVX4+1VFYDeTHMN8g20usS5mw3v2GF3fGxGLe4q56l4/4kKMZOrSBuWH4niiIKD


     

       
198

       

       
-

       
    0QogdzWkpQJ93nMbZxZ5lk+lRZVf3qSm6nzyP468ndrfI57Ov5OUIWZ7KhTUH9IK


     

       
199

       

       
-

       
    8/urUk+lEvyzQmNTlt5ZZXRz7cR01K8chx1zevVAyynzSuGjTysaBN7LTT0v3yVu


     

       
200

       

       
-

       
    96yKNsxJvuIz2+4qSjhbnN4jH+feN0VsdF3+Qkru0lBmLVgJl4X67XFaAKMDU9yv


     

       
201

       

       
-

       
    3alS53Pkol+Dy1cCggEBAPYodofHC1ydoOmCvUAq4oJNtyI4iIOY/ch3sxVhkNyi


     

       
202

       

       
-

       
    KBscQqbay/DiXFiNl+NsemzB1PrHzvCaqKcBKw537XzeKqUgYuVLkFGubf9bDhXi


     

       
203

       

       
-

       
    wSRcYbU/oNTgiTgXPW8wH60uIoLaiNi1/YjO2zh4GEY/kFqSuD54Y91iFmcC75bv


     

       
204

       

       
-

       
    OjCNugnRdpRjOFhaeNx75tdverR37w3APVZuBSv3bJlMPCtaf+fEAKxJxeqCs3Oq


     

       
205

       

       
-

       
    rtsw2TQ4TqfE8/w9qPCVv3bQbMbO48SwjxAz47qH2h3qGu3Ov8badeARe+Ou7nuI


     

       
206

       

       
-

       
    U13gPuPOhPXIQP/MYOyamPJdFyng1b8vyNsfjOcWMiECggEAEkMgl6NkV3U7DRbp


     

       
207

       

       
-

       
    1mvdQ9tiH33+wR9Qt5LY966b43aUHKbJ7Hlzla1u6V5YMsMO02oNUwhZDdWGQShn


     

       
208

       

       
-

       
    ncnC+iDP3iy/flenfIpaETQgnfcxRqan31H2Joqk2eBNCTNi001r5K6XmrqQ6TL2


     

       
209

       

       
-

       
    WkQ1RFF7vn42vz+VxcKQO4B0lTIUWhSczcpMWAZ6ZocZD6HScqRoFW+U16/39Bpd


     

       
210

       

       
-

       
    TdFb944742vNNFEndXXGzy8hc3gRGz1ihX+MJKuuduyn1mX9AVbPAHR5mkhQ+6x0


     

       
211

       

       
-

       
    xuFfXxaEMJxSiwdFOyGDHyFM+n2zrHh8ayOxL22X9gjjNspv6zTMo6GoGnUCdSOq


     

       
212

       

       
-

       
    eVoHhwKCAQEAot5O3rOB/vuEljwcv7IgQJrvCsNg/8FgWR1p7kGpuXHJG3btWrz1


     

       
213

       

       
-

       
    pyH+e9DjqGQD9KWjJ3LAp02NPUJ2nJIZHj9Y8/yjspb2nDTPLt+uSCjKJibBt0ys


     

       
214

       

       
-

       
    O219HRGzYjfzHYCi8PVrCggQAk7rmUdMuF4iQutE4ICDgtz9eZbls3YBiFKdvxVK


     

       
215

       

       
-

       
    Yg/sHflucmPAbtah13prPyvs6ZzN6zNANYXNYdn1OwHieBwvyWRFG8jY/MorTHPd


     

       
216

       

       
-

       
    BwA3drPNbbGHBzQMZNZKub8gSVYr3SU52gUlYCclmIq+50xqLlF2FWIz1q8irVPd


     

       
217

       

       
-

       
    gUnIR/eQQbxgaivRwbGze1ZAjUsozVVQQQKCAQEA9uAKU3O06bEUGj+L0G+7R7r/


     

       
218

       

       
-

       
    bi2DNi2kLJ7jyq+n0OqcHEQ1zFK4LAPaXY0yMYXieUzhivMGLSNDiubGO2/KxkFF


     

       
219

       

       
-

       
    REXUFgYWZYMwrKsUuscybB64cQDwzD0oXrhvEa2PHecdG6AZ63iLcHaaDzyCPID/


     

       
220

       

       
-

       
    wtljekLO2jbJ5esXZd016lykFfUd/K4KP1DGyI2Dkq6q0gTc/Y36gDAcPhIWtzna


     

       
221

       

       
-

       
    UujYCe3a8DWCElH4geKXaB5ABbV1eJ8Lch599lXJ9Hszem6QNosFsPaHDCcqLS9H


     

       
222

       

       
-

       
    yy2WA6CY2LVU7kONN+O0kxs2fVbxIkI+d/LZyX/yIGlkXcAzL07llIlrTAYebQ==


     

       
223

       

       
-

       
    -----END RSA PRIVATE KEY-----


     

       
224

       

       
-

       
  '';


     

       
225

       

       
-

       
  "letsencrypt.org".cert = builtins.toFile "letsencrypt.org.cert" ''


     

       
226

       

       
-

       
    -----BEGIN CERTIFICATE-----


     

       
227

       

       
-

       
    MIIEpzCCAo8CAgKaMA0GCSqGSIb3DQEBCwUAMBYxFDASBgNVBAMMC1NuYWtlb2ls


     

       
228

       

       
-

       
    IENBMCAXDTE5MTAxODA3NTQxNVoYDzIxMTkwOTI0MDc1NDE1WjAaMRgwFgYDVQQD


     

       
229

       

       
-

       
    DA9sZXRzZW5jcnlwdC5vcmcwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC


     

       
230

       

       
-

       
    AQD12l08TLMPf8EF2zu0D/nWz5aYsXJa4WurjIx3ZH6+LmC8rueUs1UqFiCJOYrZ


     

       
231

       

       
-

       
    Sb5QSka5wmpkdxNJkDUHPhL/w0P8Aj0joSbC8GKdjn8+5vEQAuT1iIMD4jMfxkYU


     

       
232

       

       
-

       
    zzBeDt8xtskCzK/5IcC2vaOYKyCCum4Pl+DOzan4XarT6hWh4XAwA5R0B/aM200s


     

       
233

       

       
-

       
    SPZDoyJHler7AU5xG1eU2VdYhfc2ua5s7/E6kM2mzKPJgLkt35bToxLltMdJ2/no


     

       
234

       

       
-

       
    CRSDY+6AwKGPXlM510QkgrzM9cVOUxjJ71IrCOE1Rmi997jFcJpOPaebOty4wovP


     

       
235

       

       
-

       
    5LewpB5NaOJFxjfDjNOUBuG0ZcONeOEw5usehYzx7dxMvg0ky+201K1d+JzFt5Ns


     

       
236

       

       
-

       
    iJi77t20XSr6JZpmp7Fzo90BoikVnRdLD6LmIt1BmYHDNjs0uUelC6l+HrN7SoNR


     

       
237

       

       
-

       
    VkAwO5ujgkpRMHMfpBO6EfH65Sbstzxh00Cufuj+8xkNDKbUSJrErFm4IZqoW+rx


     

       
238

       

       
-

       
    kricFWwd9xduEX9cPYcyJ3e3siZtERW72qdz4Sf5pxT9IlpoveuMxboctUyvr69C


     

       
239

       

       
-

       
    sLNiS8vMpimhSb0PUpyfp3w5/GXaIJpj0KQyvn/onWnXBxN1w3shVD8MUF5MNq7J


     

       
240

       

       
-

       
    ZvJmQ7+U+hmhqRbJc7H1L22AKXOEWY2BGRm/3A35CC40NwIDAQABMA0GCSqGSIb3


     

       
241

       

       
-

       
    DQEBCwUAA4ICAQBbJwE+qc0j6JGHWe0TGjv1viJU3WuyJkMRi+ejx0p/k7Ntp5An


     

       
242

       

       
-

       
    2wLC7b/lVP/Nh+PKY/iXWn/BErv2MUo4POc1g8svgxsmMMh5KGGieIfGs7xT+JMH


     

       
243

       

       
-

       
    dzZZM+pUpIB5fEO5JfjiOEOKDdAvRSs0mTAVYZEokGkXSNWyylvEaA16mHtMgPjo


     

       
244

       

       
-

       
    Lm75d0O66RfJDdd/hTl8umGpF7kEGW1qYk2QmuPr7AqOa8na7olL5fMPh6Q7yRqx


     

       
245

       

       
-

       
    GIS9JKQ0fWl8Ngk09WfwUN/kEMcp9Jl5iunNRkbpUJIM/lHFkSA7yOFFL+dVWzd4


     

       
246

       

       
-

       
    2r+ddJXTFzW8Rwt65l8SV2MEhijEamKva3mqKLIRWxDsfFVT1T04LWFtnzMW4Z29


     

       
247

       

       
-

       
    UHF9Pi7XSyKz0Y/Lz31mNTkjJYbOvbnwok8lc3wFWHc+lummZk8IkCq8xfqzwmwX


     

       
248

       

       
-

       
    Ow6EV+Q6VaQpOHumQZ12pBBLtL8DyDhWaRUgVy2vYpwYsMYa5BFMcKCynjlSewo9


     

       
249

       

       
-

       
    G2hNoW45cQZP1qHltRR9Xad7SaP7iTETDCiR7AWOqSpDipSh9eMfVW97ZbSfz+vl


     

       
250

       

       
-

       
    xl8PZEZMTRIIRVXsPP+E8gtDUhUQp2+Vcz8r6q71qslXM09xl/501uaNjCc3hH2R


     

       
251

       

       
-

       
    iw2N77Lho1F3FrBbHdML3RYHZI55eC9iQw6R4S+R4b+iWLJoHzHrW61itg==


     

       
252

       

       
-

       
    -----END CERTIFICATE-----


     

       
253

       

       
-

       
  '';


     

       
254

       

       
-

       
}
+1 -1
nixos/tests/common/resolver.nix 
···

       
18

       
18

       
 

       
      defining this option needs to be explicitly imported.


     

       
19

       
19

       
 

       



     

       
20

       
20

       
 

       
      The reason this option exists is for the


     

       
21

       

       
-

       
      <filename>nixos/tests/common/letsencrypt</filename> module, which


     

       

       
21

       
+

       
      <filename>nixos/tests/common/acme/server</filename> module, which


     

       
22

       
22

       
 

       
      needs that option to disable the resolver once the user has set its own


     

       
23

       
23

       
 

       
      resolver.


     

       
24

       
24

       
 

       
    '';