bobvanderlinden/acme.nix

## acme.nix
# Test whether `nginx` can start when configured to use `acme`.
import ./make-test.nix ({ pkgs, ... } : {
  name = "acme";
  meta = with pkgs.stdenv.lib.maintainers; {
    maintainers = [ bobvanderlinden ];
  };

  nodes = {
    server = { config, pkgs, ... }: {
      services.nginx.enable = true;
      services.nginx.httpConfig = ''
        server {
          server_name mydomain.com;
          listen 80;
          listen 443 ssl;
          ssl_certificate     ${config.security.acme.directory}/mydomain.com/fullchain.pem;
          ssl_certificate_key ${config.security.acme.directory}/mydomain.com/key.pem;
          root /var/www/mydomain.com;
        }
      '';

      security.acme.certs."mydomain.com" = {
        webroot = "/var/www/mydomain.com";
      };

      networking.firewall.allowedTCPPorts = [ 80 443 ];

      # Disable retrieving ACME certificates, as we do not have mydomain.com
      # redirected to this test-host.
      systemd.services."acme-mydomain.com".enable = false;
    };

    client = { config, pkgs, ... }: {
      environment.systemPackages = with pkgs; [ curl ];
    };
  };

  testScript =
    ''
      startAll;
      $server->waitForUnit("nginx.service");
      $client->waitForUnit("network.target");
      $server->succeed("stat /var/lib/acme/mydomain.com/key.pem");
      $client->succeed("curl http://server/");
      $client->succeed("curl --insecure https://server/");
    '';
})
	# Test whether `nginx` can start when configured to use `acme`.
	import ./make-test.nix ({ pkgs, ... } : {
	name = "acme";
	meta = with pkgs.stdenv.lib.maintainers; {
	maintainers = [ bobvanderlinden ];
	};

	nodes = {
	server = { config, pkgs, ... }: {
	services.nginx.enable = true;
	services.nginx.httpConfig = ''
	server {
	server_name mydomain.com;
	listen 80;
	listen 443 ssl;
	ssl_certificate ${config.security.acme.directory}/mydomain.com/fullchain.pem;
	ssl_certificate_key ${config.security.acme.directory}/mydomain.com/key.pem;
	root /var/www/mydomain.com;
	}
	'';

	security.acme.certs."mydomain.com" = {
	webroot = "/var/www/mydomain.com";
	};

	networking.firewall.allowedTCPPorts = [ 80 443 ];

	# Disable retrieving ACME certificates, as we do not have mydomain.com
	# redirected to this test-host.
	systemd.services."acme-mydomain.com".enable = false;
	};

	client = { config, pkgs, ... }: {
	environment.systemPackages = with pkgs; [ curl ];
	};
	};

	testScript =
	''
	startAll;
	$server->waitForUnit("nginx.service");
	$client->waitForUnit("network.target");
	$server->succeed("stat /var/lib/acme/mydomain.com/key.pem");
	$client->succeed("curl http://server/");
	$client->succeed("curl --insecure https://server/");
	'';
	})