about summary refs log tree commit diff
path: root/nixos/tests/acme-dns.nix
blob: 92d9498fe714e3e3b8e9e4fc54997be1ded01520 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
import ./make-test-python.nix ({ ... }: {
  name = "acme-dns";

  nodes.machine = { pkgs, ... }: {
    services.acme-dns = {
      enable = true;
      settings = {
        general = rec {
          domain = "acme-dns.home.arpa";
          nsname = domain;
          nsadmin = "admin.home.arpa";
          records = [
            "${domain}. A 127.0.0.1"
            "${domain}. AAAA ::1"
            "${domain}. NS ${domain}."
          ];
        };
        logconfig.loglevel = "debug";
      };
    };
    environment.systemPackages = with pkgs; [ curl bind ];
  };

  testScript = ''
    import json

    machine.wait_for_unit("acme-dns.service")
    machine.wait_for_open_port(53) # dns
    machine.wait_for_open_port(8080) # http api

    result = machine.succeed("curl --fail -X POST http://localhost:8080/register")
    print(result)

    registration = json.loads(result)

    machine.succeed(f'dig -t TXT @localhost {registration["fulldomain"]} | grep "SOA" | grep "admin.home.arpa"')

    # acme-dns exspects a TXT value string length of exactly 43 chars
    txt = "___dummy_validation_token_for_txt_record___"

    machine.succeed(
      "curl --fail -X POST http://localhost:8080/update "
      + f' -H "X-Api-User: {registration["username"]}"'
      + f' -H "X-Api-Key: {registration["password"]}"'
      + f' -d \'{{"subdomain":"{registration["subdomain"]}", "txt":"{txt}"}}\'''
    )

    assert txt in machine.succeed(f'dig -t TXT +short @localhost {registration["fulldomain"]}')
  '';
})