diff options
author | Nick Cao <nickcao@nichi.co> | 2023-11-29 10:57:58 -0500 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-11-29 10:57:58 -0500 |
commit | a1ecbe2ea96c9ad8ef33a3525bc769b17ca38e60 (patch) | |
tree | a48fbaf6c0e9b96307c748cf85aff2431ce1d383 /nixos | |
parent | 8247d172814af6d405432c8f38dd291d6b350158 (diff) | |
parent | fd522b612dd1c56daa06f44a3c216ae7a2c2d9fb (diff) | |
download | nixlib-a1ecbe2ea96c9ad8ef33a3525bc769b17ca38e60.tar nixlib-a1ecbe2ea96c9ad8ef33a3525bc769b17ca38e60.tar.gz nixlib-a1ecbe2ea96c9ad8ef33a3525bc769b17ca38e60.tar.bz2 nixlib-a1ecbe2ea96c9ad8ef33a3525bc769b17ca38e60.tar.lz nixlib-a1ecbe2ea96c9ad8ef33a3525bc769b17ca38e60.tar.xz nixlib-a1ecbe2ea96c9ad8ef33a3525bc769b17ca38e60.tar.zst nixlib-a1ecbe2ea96c9ad8ef33a3525bc769b17ca38e60.zip |
Merge pull request #270701 from sumnerevans/matrix-synapse-1.97
matrix-synapse: 1.95.1 -> 1.97.0
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/tests/matrix/synapse.nix | 44 |
1 files changed, 14 insertions, 30 deletions
diff --git a/nixos/tests/matrix/synapse.nix b/nixos/tests/matrix/synapse.nix index 98b077469192..8c10a575ffbd 100644 --- a/nixos/tests/matrix/synapse.nix +++ b/nixos/tests/matrix/synapse.nix @@ -1,31 +1,15 @@ import ../make-test-python.nix ({ pkgs, ... } : let - - runWithOpenSSL = file: cmd: pkgs.runCommand file { - buildInputs = [ pkgs.openssl ]; - } cmd; - - - ca_key = runWithOpenSSL "ca-key.pem" "openssl genrsa -out $out 2048"; - ca_pem = runWithOpenSSL "ca.pem" '' - openssl req \ - -x509 -new -nodes -key ${ca_key} \ - -days 10000 -out $out -subj "/CN=snakeoil-ca" + ca_key = mailerCerts.ca.key; + ca_pem = mailerCerts.ca.cert; + + bundle = pkgs.runCommand "bundle" { + nativeBuildInputs = [ pkgs.minica ]; + } '' + minica -ca-cert ${ca_pem} -ca-key ${ca_key} \ + -domains localhost + install -Dm444 -t $out localhost/{key,cert}.pem ''; - key = runWithOpenSSL "matrix_key.pem" "openssl genrsa -out $out 2048"; - csr = runWithOpenSSL "matrix.csr" '' - openssl req \ - -new -key ${key} \ - -out $out -subj "/CN=localhost" \ - ''; - cert = runWithOpenSSL "matrix_cert.pem" '' - openssl x509 \ - -req -in ${csr} \ - -CA ${ca_pem} -CAkey ${ca_key} \ - -CAcreateserial -out $out \ - -days 365 - ''; - mailerCerts = import ../common/acme/server/snakeoil-certs.nix; mailerDomain = mailerCerts.domain; @@ -82,8 +66,8 @@ in { host = "localhost"; port = config.services.redis.servers.matrix-synapse.port; }; - tls_certificate_path = "${cert}"; - tls_private_key_path = "${key}"; + tls_certificate_path = "${bundle}/cert.pem"; + tls_private_key_path = "${bundle}/key.pem"; registration_shared_secret = registrationSharedSecret; public_baseurl = "https://example.com"; email = { @@ -203,8 +187,8 @@ in { settings = { inherit listeners; database.name = "sqlite3"; - tls_certificate_path = "${cert}"; - tls_private_key_path = "${key}"; + tls_certificate_path = "${bundle}/cert.pem"; + tls_private_key_path = "${bundle}/key.pem"; }; }; }; @@ -222,7 +206,7 @@ in { "journalctl -u matrix-synapse.service | grep -q 'Connected to redis'" ) serverpostgres.require_unit_state("postgresql.service") - serverpostgres.succeed("register_new_matrix_user -u ${testUser} -p ${testPassword} -a -k ${registrationSharedSecret} https://localhost:8448/") + serverpostgres.succeed("REQUESTS_CA_BUNDLE=${ca_pem} register_new_matrix_user -u ${testUser} -p ${testPassword} -a -k ${registrationSharedSecret} https://localhost:8448/") serverpostgres.succeed("obtain-token-and-register-email") serversqlite.wait_for_unit("matrix-synapse.service") serversqlite.wait_until_succeeds( |