nixos/tests/stunnel: replace activationScript

Replace with a separate systemd service.
author: nikstur <nikstur@outlook.com> 2023-10-20 11:45:24 +0200
committer: nikstur <nikstur@outlook.com> 2023-10-26 01:44:21 +0200
commit: d345b385fe3d9ca25f7148d8fa13061d36e3aa5b (patch)
tree: 791accd6f66e02f22f894870c154f058d6188908 /nixos/tests/stunnel.nix
parent: 339a866b7c25ce44705552105b64cd9cb78780a8 (diff)
1 files changed, 9 insertions, 4 deletions
diff --git a/nixos/tests/stunnel.nix b/nixos/tests/stunnel.nix
index 22c087290fc7b..07fba435d4df6 100644
--- a/nixos/tests/stunnel.nix
+++ b/nixos/tests/stunnel.nix
@@ -17,11 +17,16 @@ let
     };
   };
   makeCert = { config, pkgs, ... }: {
-    system.activationScripts.create-test-cert = stringAfter [ "users" ] ''
-      ${pkgs.openssl}/bin/openssl req -batch -x509 -newkey rsa -nodes -out /test-cert.pem -keyout /test-key.pem -subj /CN=${config.networking.hostName}
-      ( umask 077; cat /test-key.pem /test-cert.pem > /test-key-and-cert.pem )
-      chown stunnel /test-key.pem /test-key-and-cert.pem
+    systemd.services.create-test-cert = {
+      wantedBy = [ "sysinit.target" ];
+      before = [ "sysinit.target" ];
+      unitConfig.DefaultDependencies = false;
+      script = ''
+        ${pkgs.openssl}/bin/openssl req -batch -x509 -newkey rsa -nodes -out /test-cert.pem -keyout /test-key.pem -subj /CN=${config.networking.hostName}
+        ( umask 077; cat /test-key.pem /test-cert.pem > /test-key-and-cert.pem )
+        chown stunnel /test-key.pem /test-key-and-cert.pem
     '';
+    };
   };
   serverCommon = { pkgs, ... }: {
     networking.firewall.allowedTCPPorts = [ 443 ];
author	nikstur <nikstur@outlook.com>	2023-10-20 11:45:24 +0200
committer	nikstur <nikstur@outlook.com>	2023-10-26 01:44:21 +0200
commit	d345b385fe3d9ca25f7148d8fa13061d36e3aa5b (patch)
tree	791accd6f66e02f22f894870c154f058d6188908 /nixos/tests/stunnel.nix
parent	339a866b7c25ce44705552105b64cd9cb78780a8 (diff)