nixos/tests: Add a basic test for ACME

The test here is pretty basic and only tests nginx, but it should get us started to write tests for different webservers and different ACME implementations. Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2017-07-27 13:24:17 +02:00 · 2017-07-27 13:24:17 +02:00 · 11b3ae74e1
commit 11b3ae74e1
parent b3162a1074
2 changed files with 63 additions and 0 deletions
--- a/nixos/release.nix
+++ b/nixos/release.nix
@ -214,6 +214,7 @@ in rec {
  # Run the tests for each platform.  You can run a test by doing
  # e.g. ‘nix-build -A tests.login.x86_64-linux’, or equivalently,
  # ‘nix-build tests/login.nix -A result’.
+  tests.acme = callTest tests/acme.nix {};
  tests.avahi = callTest tests/avahi.nix {};
  tests.bittorrent = callTest tests/bittorrent.nix {};
  tests.blivet = callTest tests/blivet.nix {};
--- a/nixos/tests/acme.nix
+++ b/nixos/tests/acme.nix
@ -0,0 +1,62 @@
+let
+  commonConfig = { config, lib, pkgs, nodes, ... }: {
+    networking.nameservers = [
+      nodes.letsencrypt.config.networking.primaryIPAddress
+    ];
+
+    nixpkgs.overlays = lib.singleton (self: super: {
+      cacert = super.cacert.overrideDerivation (drv: {
+        installPhase = (drv.installPhase or "") + ''
+          cat "${nodes.letsencrypt.config.test-support.letsencrypt.caCert}" \
+            >> "$out/etc/ssl/certs/ca-bundle.crt"
+        '';
+      });
+
+      pythonPackages = (super.python.override {
+        packageOverrides = lib.const (pysuper: {
+          requests = pysuper.requests.overrideDerivation (drv: {
+            postPatch = (drv.postPatch or "") + ''
+              cat "${self.cacert}/etc/ssl/certs/ca-bundle.crt" \
+                > requests/cacert.pem
+            '';
+          });
+        });
+      }).pkgs;
+    });
+  };
+
+in import ./make-test.nix {
+  name = "acme";
+
+  nodes = {
+    letsencrypt = ./common/letsencrypt.nix;
+
+    webserver = { config, pkgs, ... }: {
+      imports = [ commonConfig ];
+      networking.firewall.allowedTCPPorts = [ 80 443 ];
+
+      networking.extraHosts = ''
+        ${config.networking.primaryIPAddress} example.com
+      '';
+
+      services.nginx.enable = true;
+      services.nginx.virtualHosts."example.com" = {
+        enableACME = true;
+        forceSSL = true;
+        locations."/".root = pkgs.runCommand "docroot" {} ''
+          mkdir -p "$out"
+          echo hello world > "$out/index.html"
+        '';
+      };
+    };
+
+    client = commonConfig;
+  };
+
+  testScript = ''
+    $letsencrypt->waitForUnit("boulder.service");
+    startAll;
+    $webserver->waitForUnit("acme-certificates.target");
+    $client->succeed('curl https://example.com/ | grep -qF "hello world"');
+  '';
+}