diff options
author | aszlig <aszlig@redmoonstudios.org> | 2017-07-27 13:24:17 +0200 |
---|---|---|
committer | aszlig <aszlig@redmoonstudios.org> | 2017-09-13 23:16:37 +0200 |
commit | 11b3ae74e19a075e8d733af99530fbbe697cf0d5 (patch) | |
tree | d1153cf636df2d6999ef2c1123213bd76945a3d6 | |
parent | b3162a107491ce306996de591926830b68e9bc69 (diff) |
nixos/tests: Add a basic test for ACME
The test here is pretty basic and only tests nginx, but it should get us started to write tests for different webservers and different ACME implementations. Signed-off-by: aszlig <aszlig@redmoonstudios.org>
-rw-r--r-- | nixos/release.nix | 1 | ||||
-rw-r--r-- | nixos/tests/acme.nix | 62 |
2 files changed, 63 insertions, 0 deletions
diff --git a/nixos/release.nix b/nixos/release.nix index 34198a9506470..38c446c1f8a46 100644 --- a/nixos/release.nix +++ b/nixos/release.nix @@ -214,6 +214,7 @@ in rec { # Run the tests for each platform. You can run a test by doing # e.g. ‘nix-build -A tests.login.x86_64-linux’, or equivalently, # ‘nix-build tests/login.nix -A result’. + tests.acme = callTest tests/acme.nix {}; tests.avahi = callTest tests/avahi.nix {}; tests.bittorrent = callTest tests/bittorrent.nix {}; tests.blivet = callTest tests/blivet.nix {}; diff --git a/nixos/tests/acme.nix b/nixos/tests/acme.nix new file mode 100644 index 0000000000000..a48f4d75ae3ee --- /dev/null +++ b/nixos/tests/acme.nix @@ -0,0 +1,62 @@ +let + commonConfig = { config, lib, pkgs, nodes, ... }: { + networking.nameservers = [ + nodes.letsencrypt.config.networking.primaryIPAddress + ]; + + nixpkgs.overlays = lib.singleton (self: super: { + cacert = super.cacert.overrideDerivation (drv: { + installPhase = (drv.installPhase or "") + '' + cat "${nodes.letsencrypt.config.test-support.letsencrypt.caCert}" \ + >> "$out/etc/ssl/certs/ca-bundle.crt" + ''; + }); + + pythonPackages = (super.python.override { + packageOverrides = lib.const (pysuper: { + requests = pysuper.requests.overrideDerivation (drv: { + postPatch = (drv.postPatch or "") + '' + cat "${self.cacert}/etc/ssl/certs/ca-bundle.crt" \ + > requests/cacert.pem + ''; + }); + }); + }).pkgs; + }); + }; + +in import ./make-test.nix { + name = "acme"; + + nodes = { + letsencrypt = ./common/letsencrypt.nix; + + webserver = { config, pkgs, ... }: { + imports = [ commonConfig ]; + networking.firewall.allowedTCPPorts = [ 80 443 ]; + + networking.extraHosts = '' + ${config.networking.primaryIPAddress} example.com + ''; + + services.nginx.enable = true; + services.nginx.virtualHosts."example.com" = { + enableACME = true; + forceSSL = true; + locations."/".root = pkgs.runCommand "docroot" {} '' + mkdir -p "$out" + echo hello world > "$out/index.html" + ''; + }; + }; + + client = commonConfig; + }; + + testScript = '' + $letsencrypt->waitForUnit("boulder.service"); + startAll; + $webserver->waitForUnit("acme-certificates.target"); + $client->succeed('curl https://example.com/ | grep -qF "hello world"'); + ''; +} |