tests/{common,email-dns}: Move last part of acme and dns handling to common

This makes re-using it even easier.

1 files changed, 30 insertions, 0 deletions

diff --git a/tests/common/acme/scripts.nix b/tests/common/acme/scripts.nix
new file mode 100644
index 0000000..2228823
--- /dev/null
+++ b/tests/common/acme/scripts.nix
@@ -0,0 +1,30 @@
+{pkgs}:
+/*
+* Extra functions useful for the test script.
+*/
+{
+  add_pebble_acme_ca = pkgs.writeShellScript "fetch-and-set-ca" ''
+    set -xe
+
+    # Fetch the randomly generated ca certificate
+    curl https://acme.test:15000/roots/0 > /tmp/ca.crt
+    curl https://acme.test:15000/intermediates/0 >> /tmp/ca.crt
+
+    # Append it to the various system stores
+    # The file paths are from <nixpgks>/modules/security/ca.nix
+    for cert_path in "ssl/certs/ca-certificates.crt" "ssl/certs/ca-bundle.crt" "pki/tls/certs/ca-bundle.crt"; do
+      cert_path="/etc/$cert_path"
+
+      mv "$cert_path" "$cert_path.old"
+      cat "$cert_path.old" > "$cert_path"
+      cat /tmp/ca.crt >> "$cert_path"
+    done
+
+    export NIX_SSL_CERT_FILE=/tmp/ca.crt
+    export SSL_CERT_FILE=/tmp/ca.crt
+
+    # TODO
+    # # P11-Kit trust source.
+    # environment.etc."ssl/trust-source".source = "$${cacertPackage.p11kit}/etc/ssl/trust-source";
+  '';
+}