nixpkgs/nixos/tests/acme.nix

let
  commonConfig = ./common/letsencrypt/common.nix;
in import ./make-test.nix {
  name = "acme";

  nodes = {
    letsencrypt = ./common/letsencrypt;

    webserver = { config, pkgs, ... }: {
      imports = [ commonConfig ];
      networking.firewall.allowedTCPPorts = [ 80 443 ];

      networking.extraHosts = ''
        ${config.networking.primaryIPAddress} example.com
      '';

      services.nginx.enable = true;
      services.nginx.virtualHosts."example.com" = {
        enableACME = true;
        forceSSL = true;
        locations."/".root = pkgs.runCommand "docroot" {} ''
          mkdir -p "$out"
          echo hello world > "$out/index.html"
        '';
      };
    };

    client = commonConfig;
  };

  testScript = ''
    $letsencrypt->waitForUnit("default.target");
    $letsencrypt->waitForUnit("boulder.service");
    $webserver->waitForUnit("default.target");
    $webserver->waitForUnit("acme-certificates.target");
    $client->waitForUnit("default.target");
    $client->succeed('curl https://example.com/ | grep -qF "hello world"');
  '';
}
nixos/tests: Add a basic test for ACME The test here is pretty basic and only tests nginx, but it should get us started to write tests for different webservers and different ACME implementations. Signed-off-by: aszlig <aszlig@redmoonstudios.org> 2017-07-27 12:24:17 +01:00			`let`
nixos tests: move common configuration into separate file This allows tests outside nixos to use acme setup. 2018-09-24 20:06:31 +01:00			`commonConfig = ./common/letsencrypt/common.nix;`
nixos/tests: Add a basic test for ACME The test here is pretty basic and only tests nginx, but it should get us started to write tests for different webservers and different ACME implementations. Signed-off-by: aszlig <aszlig@redmoonstudios.org> 2017-07-27 12:24:17 +01:00			`in import ./make-test.nix {`
			`name = "acme";`

			`nodes = {`
nixos/tests/letsencrypt: Hardcode certs and keys In 0c7c1660f78e4f6befe0a210e1a9efae783a1733 I have set allowSubstitutes to false, which avoided the substitution of the certificates. Unfortunately substitution may still happen later when the certificate is merged with the CA bundle. So the merged CA bundle might be substituted from a binary cache but the certificate itself is built locally, which could result in a different certificate in the bundle. So instead of adding just yet another workaround, I've now hardcoded all the certificates and keys in a separate file. This also moves letsencrypt.nix into its own directory so we don't mess up nixos/tests/common too much. This was long overdue and should finally make the dependency graph for the ACME test more deterministic. Signed-off-by: aszlig <aszlig@nix.build> 2018-07-11 23:56:48 +01:00			`letsencrypt = ./common/letsencrypt;`
nixos/tests: Add a basic test for ACME The test here is pretty basic and only tests nginx, but it should get us started to write tests for different webservers and different ACME implementations. Signed-off-by: aszlig <aszlig@redmoonstudios.org> 2017-07-27 12:24:17 +01:00
			`webserver = { config, pkgs, ... }: {`
			`imports = [ commonConfig ];`
			`networking.firewall.allowedTCPPorts = [ 80 443 ];`

			`networking.extraHosts = ''`
			`${config.networking.primaryIPAddress} example.com`
			`'';`

			`services.nginx.enable = true;`
			`services.nginx.virtualHosts."example.com" = {`
			`enableACME = true;`
			`forceSSL = true;`
			`locations."/".root = pkgs.runCommand "docroot" {} ''`
			`mkdir -p "$out"`
			`echo hello world > "$out/index.html"`
			`'';`
			`};`
			`};`

			`client = commonConfig;`
			`};`

			`testScript = ''`
nixos/tests/acme: fix on i686, improve timing (#40410) ... to prevent non-deterministic failures 2018-05-13 18:59:59 +01:00			`$letsencrypt->waitForUnit("default.target");`
nixos/tests: Add a basic test for ACME The test here is pretty basic and only tests nginx, but it should get us started to write tests for different webservers and different ACME implementations. Signed-off-by: aszlig <aszlig@redmoonstudios.org> 2017-07-27 12:24:17 +01:00			`$letsencrypt->waitForUnit("boulder.service");`
nixos/tests/acme: fix on i686, improve timing (#40410) ... to prevent non-deterministic failures 2018-05-13 18:59:59 +01:00			`$webserver->waitForUnit("default.target");`
nixos/tests: Add a basic test for ACME The test here is pretty basic and only tests nginx, but it should get us started to write tests for different webservers and different ACME implementations. Signed-off-by: aszlig <aszlig@redmoonstudios.org> 2017-07-27 12:24:17 +01:00			`$webserver->waitForUnit("acme-certificates.target");`
nixos/tests/acme: fix on i686, improve timing (#40410) ... to prevent non-deterministic failures 2018-05-13 18:59:59 +01:00			`$client->waitForUnit("default.target");`
nixos/tests: Add a basic test for ACME The test here is pretty basic and only tests nginx, but it should get us started to write tests for different webservers and different ACME implementations. Signed-off-by: aszlig <aszlig@redmoonstudios.org> 2017-07-27 12:24:17 +01:00			`$client->succeed('curl https://example.com/ \| grep -qF "hello world"');`
			`'';`
			`}`