diff options
| author | Izorkin <izorkin@elven.pw> | 2022-11-25 14:03:43 +0300 |
|---|---|---|
| committer | Manuel Bärenz <programming@manuelbaerenz.de> | 2022-11-25 15:00:19 +0100 |
| commit | e8927f2631084705318d97794334cb7ffe70aa1a (patch) | |
| tree | d152854dae445191dd992be4e99db90fee5d93ee /nixos | |
| parent | 4315ef82ebb4a1bf500e864b7203ead90063379c (diff) | |
| download | nixlib-e8927f2631084705318d97794334cb7ffe70aa1a.tar nixlib-e8927f2631084705318d97794334cb7ffe70aa1a.tar.gz nixlib-e8927f2631084705318d97794334cb7ffe70aa1a.tar.bz2 nixlib-e8927f2631084705318d97794334cb7ffe70aa1a.tar.lz nixlib-e8927f2631084705318d97794334cb7ffe70aa1a.tar.xz nixlib-e8927f2631084705318d97794334cb7ffe70aa1a.tar.zst nixlib-e8927f2631084705318d97794334cb7ffe70aa1a.zip | |
nixos/tests/mastodon: remove CA service
Diffstat (limited to 'nixos')
| -rw-r--r-- | nixos/tests/web-apps/mastodon.nix | 66 |
1 files changed, 13 insertions, 53 deletions
diff --git a/nixos/tests/web-apps/mastodon.nix b/nixos/tests/web-apps/mastodon.nix index bc1122e7268f..528246a684a2 100644 --- a/nixos/tests/web-apps/mastodon.nix +++ b/nixos/tests/web-apps/mastodon.nix @@ -1,15 +1,12 @@ import ../make-test-python.nix ({pkgs, ...}: let - test-certificates = pkgs.runCommandLocal "test-certificates" { } '' + cert = pkgs: pkgs.runCommand "selfSignedCerts" { buildInputs = [ pkgs.openssl ]; } '' + openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -nodes -subj '/CN=mastodon.local' -days 36500 mkdir -p $out - echo insecure-root-password > $out/root-password-file - echo insecure-intermediate-password > $out/intermediate-password-file - ${pkgs.step-cli}/bin/step certificate create "Example Root CA" $out/root_ca.crt $out/root_ca.key --password-file=$out/root-password-file --profile root-ca - ${pkgs.step-cli}/bin/step certificate create "Example Intermediate CA 1" $out/intermediate_ca.crt $out/intermediate_ca.key --password-file=$out/intermediate-password-file --ca-password-file=$out/root-password-file --profile intermediate-ca --ca $out/root_ca.crt --ca-key $out/root_ca.key + cp key.pem cert.pem $out ''; hosts = '' - 192.168.2.10 ca.local 192.168.2.11 mastodon.local ''; @@ -19,42 +16,6 @@ in meta.maintainers = with pkgs.lib.maintainers; [ erictapen izorkin turion ]; nodes = { - ca = { pkgs, ... }: { - networking = { - interfaces.eth1 = { - ipv4.addresses = [ - { address = "192.168.2.10"; prefixLength = 24; } - ]; - }; - extraHosts = hosts; - }; - services.step-ca = { - enable = true; - address = "0.0.0.0"; - port = 8443; - openFirewall = true; - intermediatePasswordFile = "${test-certificates}/intermediate-password-file"; - settings = { - dnsNames = [ "ca.local" ]; - root = "${test-certificates}/root_ca.crt"; - crt = "${test-certificates}/intermediate_ca.crt"; - key = "${test-certificates}/intermediate_ca.key"; - db = { - type = "badger"; - dataSource = "/var/lib/step-ca/db"; - }; - authority = { - provisioners = [ - { - type = "ACME"; - name = "acme"; - } - ]; - }; - }; - }; - }; - server = { pkgs, ... }: { virtualisation.memorySize = 2048; @@ -70,12 +31,7 @@ in }; security = { - acme = { - acceptTerms = true; - defaults.server = "https://ca.local:8443/acme/acme/directory"; - defaults.email = "mastodon@mastodon.local"; - }; - pki.certificateFiles = [ "${test-certificates}/root_ca.crt" ]; + pki.certificateFiles = [ "${cert pkgs}/cert.pem" ]; }; services.redis.servers.mastodon = { @@ -107,6 +63,14 @@ in EMAIL_DOMAIN_ALLOWLIST = "example.com"; }; }; + + services.nginx = { + virtualHosts."mastodon.local" = { + enableACME = pkgs.lib.mkForce false; + sslCertificate = "${cert pkgs}/cert.pem"; + sslCertificateKey = "${cert pkgs}/key.pem"; + }; + }; }; client = { pkgs, ... }: { @@ -121,7 +85,7 @@ in }; security = { - pki.certificateFiles = [ "${test-certificates}/root_ca.crt" ]; + pki.certificateFiles = [ "${cert pkgs}/cert.pem" ]; }; }; }; @@ -129,9 +93,6 @@ in testScript = '' start_all() - ca.wait_for_unit("step-ca.service") - ca.wait_for_open_port(8443) - # Check that mastodon-media-auto-remove is scheduled server.succeed("systemctl status mastodon-media-auto-remove.timer") @@ -169,7 +130,6 @@ in server.succeed("su - mastodon -s /bin/sh -c 'mastodon-env tootctl ip_blocks remove 192.168.0.0/16'") client.succeed("curl --fail https://mastodon.local/about") - ca.shutdown() server.shutdown() client.shutdown() ''; |