2017-07-27 12:24:17 +01:00
|
|
|
let
|
|
|
|
commonConfig = { config, lib, pkgs, nodes, ... }: {
|
|
|
|
networking.nameservers = [
|
|
|
|
nodes.letsencrypt.config.networking.primaryIPAddress
|
|
|
|
];
|
|
|
|
|
|
|
|
nixpkgs.overlays = lib.singleton (self: super: {
|
|
|
|
cacert = super.cacert.overrideDerivation (drv: {
|
|
|
|
installPhase = (drv.installPhase or "") + ''
|
|
|
|
cat "${nodes.letsencrypt.config.test-support.letsencrypt.caCert}" \
|
|
|
|
>> "$out/etc/ssl/certs/ca-bundle.crt"
|
|
|
|
'';
|
|
|
|
});
|
|
|
|
|
|
|
|
pythonPackages = (super.python.override {
|
|
|
|
packageOverrides = lib.const (pysuper: {
|
2017-09-14 22:18:52 +01:00
|
|
|
certifi = pysuper.certifi.overridePythonAttrs (attrs: {
|
|
|
|
postPatch = (attrs.postPatch or "") + ''
|
2017-07-27 12:24:17 +01:00
|
|
|
cat "${self.cacert}/etc/ssl/certs/ca-bundle.crt" \
|
2017-09-13 22:06:39 +01:00
|
|
|
> certifi/cacert.pem
|
2017-07-27 12:24:17 +01:00
|
|
|
'';
|
|
|
|
});
|
|
|
|
});
|
|
|
|
}).pkgs;
|
|
|
|
});
|
|
|
|
};
|
|
|
|
|
|
|
|
in import ./make-test.nix {
|
|
|
|
name = "acme";
|
|
|
|
|
|
|
|
nodes = {
|
|
|
|
letsencrypt = ./common/letsencrypt.nix;
|
|
|
|
|
|
|
|
webserver = { config, pkgs, ... }: {
|
|
|
|
imports = [ commonConfig ];
|
|
|
|
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
|
|
|
|
|
|
|
networking.extraHosts = ''
|
|
|
|
${config.networking.primaryIPAddress} example.com
|
|
|
|
'';
|
|
|
|
|
|
|
|
services.nginx.enable = true;
|
|
|
|
services.nginx.virtualHosts."example.com" = {
|
|
|
|
enableACME = true;
|
|
|
|
forceSSL = true;
|
|
|
|
locations."/".root = pkgs.runCommand "docroot" {} ''
|
|
|
|
mkdir -p "$out"
|
|
|
|
echo hello world > "$out/index.html"
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
client = commonConfig;
|
|
|
|
};
|
|
|
|
|
|
|
|
testScript = ''
|
|
|
|
$letsencrypt->waitForUnit("boulder.service");
|
|
|
|
startAll;
|
|
|
|
$webserver->waitForUnit("acme-certificates.target");
|
|
|
|
$client->succeed('curl https://example.com/ | grep -qF "hello world"');
|
|
|
|
'';
|
|
|
|
}
|