diff --git a/nixos/tests/common/acme/server/generate-certs.nix b/nixos/tests/common/acme/server/generate-certs.nix index 0cec83282707..a95c58a45964 100644 --- a/nixos/tests/common/acme/server/generate-certs.nix +++ b/nixos/tests/common/acme/server/generate-certs.nix @@ -4,11 +4,8 @@ pkgs ? import { }, minica ? pkgs.minica, mkDerivation ? pkgs.stdenv.mkDerivation, + domain ? (import ./snakeoil-certs.nix).domain, }: -let - conf = import ./snakeoil-certs.nix; - domain = conf.domain; -in mkDerivation { name = "test-certs"; buildInputs = [ diff --git a/nixos/tests/redlib.nix b/nixos/tests/redlib.nix index e03df475fe3d..9d7e7ec1632a 100644 --- a/nixos/tests/redlib.nix +++ b/nixos/tests/redlib.nix @@ -1,4 +1,8 @@ { lib, pkgs, ... }: +let + certs = import redlib/snakeoil-certs.nix; + redditDomain = certs.domain; +in { name = "redlib"; meta.maintainers = with lib.maintainers; [ @@ -7,6 +11,24 @@ ]; nodes.machine = { + # The test will hang if Redlib can't initialize its OAuth client, so we + # provide it with a mock endpoint. + networking.hosts."127.0.0.1" = [ redditDomain ]; + security.pki.certificates = [ + (builtins.readFile certs.ca.cert) + ]; + services.nginx = { + enable = true; + virtualHosts.${redditDomain} = { + onlySSL = true; + sslCertificate = certs.${redditDomain}.cert; + sslCertificateKey = certs.${redditDomain}.key; + locations."/auth/v2/oauth/access-token/loid".extraConfig = '' + return 200 "{\"access_token\":\"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\",\"expires_in\":0}"; + ''; + }; + }; + services.redlib = { package = pkgs.redlib; enable = true; diff --git a/nixos/tests/redlib/ca.cert.pem b/nixos/tests/redlib/ca.cert.pem new file mode 100644 index 000000000000..0e0496e1ac37 --- /dev/null +++ b/nixos/tests/redlib/ca.cert.pem @@ -0,0 +1,13 @@ +-----BEGIN CERTIFICATE----- +MIIB/TCCAYKgAwIBAgIIR+NCHSDJCIAwCgYIKoZIzj0EAwMwIDEeMBwGA1UEAxMV +bWluaWNhIHJvb3QgY2EgNDdlMzQyMCAXDTI1MTEwOTA2MjMwNFoYDzIxMjUxMTA5 +MDYyMzA0WjAgMR4wHAYDVQQDExVtaW5pY2Egcm9vdCBjYSA0N2UzNDIwdjAQBgcq +hkjOPQIBBgUrgQQAIgNiAASo81ED5tomfR47qFXpan+0cBKP7eoAhAAkJeT9w/h2 +axpVVQ/X+rDFu1QbKDqE7lJ2j3Ue7eb/6Q5Zrt9MSFPDcQz7eFr6kX0S2u5AHO9z +6E60gUNUwZBDBenr0P/uTQ6jgYYwgYMwDgYDVR0PAQH/BAQDAgKEMB0GA1UdJQQW +MBQGCCsGAQUFBwMBBggrBgEFBQcDAjASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1Ud +DgQWBBQuPLVPdRiEUCga2W3RKwL4diQVMDAfBgNVHSMEGDAWgBQuPLVPdRiEUCga +2W3RKwL4diQVMDAKBggqhkjOPQQDAwNpADBmAjEAqG8PIYJ0CQG3CfLsQFpwDLmj +DoEFgcRMkRQz4vtAQMpLhoo8VAPo7Vl+AAaZgRVPAjEA6XDte56Oou5qMj4Zkzi8 +EYIucHtYrfTNJOarDSYYvTlNrmuQ73KTP4Hxfd26TA2q +-----END CERTIFICATE----- diff --git a/nixos/tests/redlib/ca.key.pem b/nixos/tests/redlib/ca.key.pem new file mode 100644 index 000000000000..d085e8ba3f85 --- /dev/null +++ b/nixos/tests/redlib/ca.key.pem @@ -0,0 +1,6 @@ +-----BEGIN PRIVATE KEY----- +MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDBuuWbxl4uwwcIT0SvT +jcQHDekytbQrLw4imrpfrAJmTdvyHcfEGiWuwscs36mq50WhZANiAASo81ED5tom +fR47qFXpan+0cBKP7eoAhAAkJeT9w/h2axpVVQ/X+rDFu1QbKDqE7lJ2j3Ue7eb/ +6Q5Zrt9MSFPDcQz7eFr6kX0S2u5AHO9z6E60gUNUwZBDBenr0P/uTQ4= +-----END PRIVATE KEY----- diff --git a/nixos/tests/redlib/snakeoil-certs.nix b/nixos/tests/redlib/snakeoil-certs.nix new file mode 100644 index 000000000000..6fd0badcca7d --- /dev/null +++ b/nixos/tests/redlib/snakeoil-certs.nix @@ -0,0 +1,17 @@ +# To generate cert files: +# cp $(nix-build ../common/acme/server/generate-certs.nix --arg domain '(import ./snakeoil-certs.nix).domain' --no-out-link)/* . + +let + domain = "www.reddit.com"; +in +{ + inherit domain; + ca = { + cert = ./ca.cert.pem; + key = ./ca.key.pem; + }; + ${domain} = { + cert = ./${domain}.cert.pem; + key = ./${domain}.key.pem; + }; +} diff --git a/nixos/tests/redlib/www.reddit.com.cert.pem b/nixos/tests/redlib/www.reddit.com.cert.pem new file mode 100644 index 000000000000..fbd8636683f4 --- /dev/null +++ b/nixos/tests/redlib/www.reddit.com.cert.pem @@ -0,0 +1,13 @@ +-----BEGIN CERTIFICATE----- +MIIB5jCCAW2gAwIBAgIIFaN6FT3RbaswCgYIKoZIzj0EAwMwIDEeMBwGA1UEAxMV +bWluaWNhIHJvb3QgY2EgNDdlMzQyMB4XDTI1MTEwOTA2MjMwNFoXDTQ1MTEwOTA2 +MjMwNFowGTEXMBUGA1UEAxMOd3d3LnJlZGRpdC5jb20wdjAQBgcqhkjOPQIBBgUr +gQQAIgNiAAQpU1quYyW3g2ZjtwSFLNOhucqkjFhCN5rcSZOLpbnieelZ6axvoH6x +2Znfcu4YqYtK8G/zHDv2o9gQQpDBcWp7dobpUVbfrSRxsr5LEYlEXPUslbFkFWau +HzKTx5QTyu2jezB5MA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcD +AQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBQuPLVPdRiEUCga +2W3RKwL4diQVMDAZBgNVHREEEjAQgg53d3cucmVkZGl0LmNvbTAKBggqhkjOPQQD +AwNnADBkAjAqU0nW3KRXEZMTP9qjnNqherjVYa8WPWMCtwYqiFDOWilByZFjEZUs +8it+unxaNe4CMA12fOFHgsM1tKRiSslIHXSx5V71RkXGrQxxqfRlD0w7LjsJWXRv +Z6DKyxfF6MJPEA== +-----END CERTIFICATE----- diff --git a/nixos/tests/redlib/www.reddit.com.key.pem b/nixos/tests/redlib/www.reddit.com.key.pem new file mode 100644 index 000000000000..d9f7056e6d68 --- /dev/null +++ b/nixos/tests/redlib/www.reddit.com.key.pem @@ -0,0 +1,6 @@ +-----BEGIN PRIVATE KEY----- +MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDB1r7aQH0yOtCYquZXn +1jVqo9gD7kIZRa4TaeHNRRKcv9w9WswTfSJ/0QILIFP0K7WhZANiAAQpU1quYyW3 +g2ZjtwSFLNOhucqkjFhCN5rcSZOLpbnieelZ6axvoH6x2Znfcu4YqYtK8G/zHDv2 +o9gQQpDBcWp7dobpUVbfrSRxsr5LEYlEXPUslbFkFWauHzKTx5QTyu0= +-----END PRIVATE KEY-----