about summary refs log tree commit diff stats
path: root/tests/common
diff options
context:
space:
mode:
Diffstat (limited to '')
-rwxr-xr-xtests/common/acme/certs/generate (renamed from tests/by-name/em/email-dns/nodes/acme/certs/generate)0
-rwxr-xr-xtests/common/acme/certs/generate.ca (renamed from tests/by-name/em/email-dns/nodes/acme/certs/generate.ca)0
-rwxr-xr-xtests/common/acme/certs/generate.client (renamed from tests/by-name/em/email-dns/nodes/acme/certs/generate.client)0
-rw-r--r--tests/common/acme/certs/output/acme.test.cert.pem (renamed from tests/by-name/em/email-dns/nodes/acme/certs/output/acme.test.cert.pem)0
-rw-r--r--tests/common/acme/certs/output/acme.test.key.pem (renamed from tests/by-name/em/email-dns/nodes/acme/certs/output/acme.test.key.pem)0
-rw-r--r--tests/common/acme/certs/output/acme.test.template (renamed from tests/by-name/em/email-dns/nodes/acme/certs/output/acme.test.template)0
-rw-r--r--tests/common/acme/certs/output/ca.cert.pem (renamed from tests/by-name/em/email-dns/nodes/acme/certs/output/ca.cert.pem)0
-rw-r--r--tests/common/acme/certs/output/ca.key.pem (renamed from tests/by-name/em/email-dns/nodes/acme/certs/output/ca.key.pem)0
-rw-r--r--tests/common/acme/certs/output/ca.template (renamed from tests/by-name/em/email-dns/nodes/acme/certs/output/ca.template)0
-rw-r--r--tests/common/acme/certs/snakeoil-certs.nix (renamed from tests/by-name/em/email-dns/nodes/acme/certs/snakeoil-certs.nix)0
-rw-r--r--tests/common/acme/client.nix (renamed from tests/by-name/em/email-dns/nodes/acme/client.nix)0
-rw-r--r--tests/common/acme/default.nix47
-rw-r--r--tests/common/acme/server.nix (renamed from tests/by-name/em/email-dns/nodes/acme/default.nix)27
-rw-r--r--tests/common/dns/client.nix10
-rw-r--r--tests/common/dns/server.nix43
-rw-r--r--tests/common/email/dkim/alice.com/private.age (renamed from tests/by-name/em/email-dns/secrets/dkim/alice.com/private.age)0
-rw-r--r--tests/common/email/dkim/alice.com/public (renamed from tests/by-name/em/email-dns/secrets/dkim/alice.com/public)0
-rw-r--r--tests/common/email/dkim/bob.com/private.age (renamed from tests/by-name/em/email-dns/secrets/dkim/bob.com/private.age)0
-rw-r--r--tests/common/email/dkim/bob.com/public (renamed from tests/by-name/em/email-dns/secrets/dkim/bob.com/public)0
-rwxr-xr-xtests/common/email/dkim/gen_key.sh (renamed from tests/by-name/em/email-dns/secrets/dkim/gen_key.sh)2
-rw-r--r--tests/common/email/dkim/mail1.server.com/private.age (renamed from tests/by-name/em/email-dns/secrets/dkim/mail1.server.com/private.age)0
-rw-r--r--tests/common/email/dkim/mail1.server.com/public (renamed from tests/by-name/em/email-dns/secrets/dkim/mail1.server.com/public)0
-rw-r--r--tests/common/email/dkim/mail2.server.com/private.age (renamed from tests/by-name/em/email-dns/secrets/dkim/mail2.server.com/private.age)0
-rw-r--r--tests/common/email/dkim/mail2.server.com/public (renamed from tests/by-name/em/email-dns/secrets/dkim/mail2.server.com/public)0
-rw-r--r--tests/common/email/hostKey (renamed from tests/by-name/em/email-dns/secrets/hostKey)0
25 files changed, 104 insertions, 25 deletions
diff --git a/tests/by-name/em/email-dns/nodes/acme/certs/generate b/tests/common/acme/certs/generate
index 0d6258e..0d6258e 100755
--- a/tests/by-name/em/email-dns/nodes/acme/certs/generate
+++ b/tests/common/acme/certs/generate
diff --git a/tests/by-name/em/email-dns/nodes/acme/certs/generate.ca b/tests/common/acme/certs/generate.ca
index 92832c5..92832c5 100755
--- a/tests/by-name/em/email-dns/nodes/acme/certs/generate.ca
+++ b/tests/common/acme/certs/generate.ca
diff --git a/tests/by-name/em/email-dns/nodes/acme/certs/generate.client b/tests/common/acme/certs/generate.client
index 5930298..5930298 100755
--- a/tests/by-name/em/email-dns/nodes/acme/certs/generate.client
+++ b/tests/common/acme/certs/generate.client
diff --git a/tests/by-name/em/email-dns/nodes/acme/certs/output/acme.test.cert.pem b/tests/common/acme/certs/output/acme.test.cert.pem
index 687101d..687101d 100644
--- a/tests/by-name/em/email-dns/nodes/acme/certs/output/acme.test.cert.pem
+++ b/tests/common/acme/certs/output/acme.test.cert.pem
diff --git a/tests/by-name/em/email-dns/nodes/acme/certs/output/acme.test.key.pem b/tests/common/acme/certs/output/acme.test.key.pem
index 06195b8..06195b8 100644
--- a/tests/by-name/em/email-dns/nodes/acme/certs/output/acme.test.key.pem
+++ b/tests/common/acme/certs/output/acme.test.key.pem
diff --git a/tests/by-name/em/email-dns/nodes/acme/certs/output/acme.test.template b/tests/common/acme/certs/output/acme.test.template
index 320a170..320a170 100644
--- a/tests/by-name/em/email-dns/nodes/acme/certs/output/acme.test.template
+++ b/tests/common/acme/certs/output/acme.test.template
diff --git a/tests/by-name/em/email-dns/nodes/acme/certs/output/ca.cert.pem b/tests/common/acme/certs/output/ca.cert.pem
index 0fa9d14..0fa9d14 100644
--- a/tests/by-name/em/email-dns/nodes/acme/certs/output/ca.cert.pem
+++ b/tests/common/acme/certs/output/ca.cert.pem
diff --git a/tests/by-name/em/email-dns/nodes/acme/certs/output/ca.key.pem b/tests/common/acme/certs/output/ca.key.pem
index 64263bc..64263bc 100644
--- a/tests/by-name/em/email-dns/nodes/acme/certs/output/ca.key.pem
+++ b/tests/common/acme/certs/output/ca.key.pem
diff --git a/tests/by-name/em/email-dns/nodes/acme/certs/output/ca.template b/tests/common/acme/certs/output/ca.template
index a2295d8..a2295d8 100644
--- a/tests/by-name/em/email-dns/nodes/acme/certs/output/ca.template
+++ b/tests/common/acme/certs/output/ca.template
diff --git a/tests/by-name/em/email-dns/nodes/acme/certs/snakeoil-certs.nix b/tests/common/acme/certs/snakeoil-certs.nix
index aeb6dfc..aeb6dfc 100644
--- a/tests/by-name/em/email-dns/nodes/acme/certs/snakeoil-certs.nix
+++ b/tests/common/acme/certs/snakeoil-certs.nix
diff --git a/tests/by-name/em/email-dns/nodes/acme/client.nix b/tests/common/acme/client.nix
index 2b870e8..2b870e8 100644
--- a/tests/by-name/em/email-dns/nodes/acme/client.nix
+++ b/tests/common/acme/client.nix
diff --git a/tests/common/acme/default.nix b/tests/common/acme/default.nix
new file mode 100644
index 0000000..c756a4f
--- /dev/null
+++ b/tests/common/acme/default.nix
@@ -0,0 +1,47 @@
+{pkgs}: let
+  add_pebble_ca_certs = pkgs.writeShellScript "fetch-and-set-ca" ''
+    set -xe
+
+    # Fetch the randomly generated ca certificate
+    curl https://acme.test:15000/roots/0 > /tmp/ca.crt
+    curl https://acme.test:15000/intermediates/0 >> /tmp/ca.crt
+
+    # Append it to the various system stores
+    # The file paths are from <nixpgks>/modules/security/ca.nix
+    for cert_path in "ssl/certs/ca-certificates.crt" "ssl/certs/ca-bundle.crt" "pki/tls/certs/ca-bundle.crt"; do
+      cert_path="/etc/$cert_path"
+
+      mv "$cert_path" "$cert_path.old"
+      cat "$cert_path.old" > "$cert_path"
+      cat /tmp/ca.crt >> "$cert_path"
+    done
+
+    export NIX_SSL_CERT_FILE=/tmp/ca.crt
+    export SSL_CERT_FILE=/tmp/ca.crt
+
+    # TODO
+    # # P11-Kit trust source.
+    # environment.etc."ssl/trust-source".source = "$${cacertPackage.p11kit}/etc/ssl/trust-source";
+  '';
+in {
+  prepare = clients: extra:
+  # The parens are needed for the syntax highlighting to work.
+    ( # python
+      ''
+        # Start dependencies for the other services
+        acme.start()
+        acme.wait_for_unit("pebble.service")
+        name_server.start()
+        name_server.wait_for_unit("nsd.service")
+
+        # Start actual test
+        start_all()
+
+        with subtest("Add pebble ca key to all services"):
+          for node in [name_server, ${builtins.concatStringsSep "," clients}]:
+            node.wait_until_succeeds("curl https://acme.test:15000/roots/0")
+            node.succeed("${add_pebble_ca_certs}")
+      ''
+    )
+    + extra;
+}
diff --git a/tests/by-name/em/email-dns/nodes/acme/default.nix b/tests/common/acme/server.nix
index 236ba6a..997c944 100644
--- a/tests/by-name/em/email-dns/nodes/acme/default.nix
+++ b/tests/common/acme/server.nix
@@ -1,28 +1,5 @@
-# The certificate for the ACME service is exported as:
-#
-#   config.test-support.acme.caCert
-#
-# This value can be used inside the configuration of other test nodes to inject
-# the test certificate into security.pki.certificateFiles or into package
-# overlays.
-#
-# {
-#   acme = { nodes, lib, ... }: {
-#     imports = [ ./common/acme/server ];
-#     networking.nameservers = lib.mkForce [
-#       nodes.mydnsresolver.networking.primaryIPAddress
-#     ];
-#   };
-#
-#   dnsmyresolver = ...;
-# }
-#
-# Keep in mind, that currently only _one_ resolver is supported, if you have
-# more than one resolver in networking.nameservers only the first one will be
-# used.
-#
-# Also make sure that whenever you use a resolver from a different test node
-# that it has to be started _before_ the ACME service.
+# Add this node as acme server.
+# This also needs a DNS server.
 {
   config,
   pkgs,
diff --git a/tests/common/dns/client.nix b/tests/common/dns/client.nix
new file mode 100644
index 0000000..52f3267
--- /dev/null
+++ b/tests/common/dns/client.nix
@@ -0,0 +1,10 @@
+{
+  lib,
+  nodes,
+  ...
+}: {
+  networking.nameservers = lib.mkForce [
+    nodes.name_server.networking.primaryIPAddress
+    nodes.name_server.networking.primaryIPv6Address
+  ];
+}
diff --git a/tests/common/dns/server.nix b/tests/common/dns/server.nix
new file mode 100644
index 0000000..0c8d72c
--- /dev/null
+++ b/tests/common/dns/server.nix
@@ -0,0 +1,43 @@
+{
+  lib,
+  nodes,
+  ...
+}: {
+  imports = [
+    ../../../modules
+  ];
+
+  networking.nameservers = lib.mkForce [
+    nodes.name_server.networking.primaryIPAddress
+    nodes.name_server.networking.primaryIPv6Address
+  ];
+
+  vhack = {
+    dns = {
+      enable = true;
+      openFirewall = true;
+      interfaces = [
+        nodes.name_server.networking.primaryIPAddress
+        nodes.name_server.networking.primaryIPv6Address
+      ];
+
+      zones = {
+        "acme.test" = {
+          SOA = {
+            nameServer = "ns";
+            adminEmail = "admin@server.com";
+            serial = 2025012301;
+          };
+          useOrigin = false;
+
+          A = [
+            nodes.acme.networking.primaryIPAddress
+          ];
+          AAAA = [
+            nodes.acme.networking.primaryIPv6Address
+          ];
+        };
+      };
+    };
+  };
+}
diff --git a/tests/by-name/em/email-dns/secrets/dkim/alice.com/private.age b/tests/common/email/dkim/alice.com/private.age
index 5415fdc..5415fdc 100644
--- a/tests/by-name/em/email-dns/secrets/dkim/alice.com/private.age
+++ b/tests/common/email/dkim/alice.com/private.age
diff --git a/tests/by-name/em/email-dns/secrets/dkim/alice.com/public b/tests/common/email/dkim/alice.com/public
index 0f3c3b2..0f3c3b2 100644
--- a/tests/by-name/em/email-dns/secrets/dkim/alice.com/public
+++ b/tests/common/email/dkim/alice.com/public
diff --git a/tests/by-name/em/email-dns/secrets/dkim/bob.com/private.age b/tests/common/email/dkim/bob.com/private.age
index c07c997..c07c997 100644
--- a/tests/by-name/em/email-dns/secrets/dkim/bob.com/private.age
+++ b/tests/common/email/dkim/bob.com/private.age
diff --git a/tests/by-name/em/email-dns/secrets/dkim/bob.com/public b/tests/common/email/dkim/bob.com/public
index ddea670..ddea670 100644
--- a/tests/by-name/em/email-dns/secrets/dkim/bob.com/public
+++ b/tests/common/email/dkim/bob.com/public
diff --git a/tests/by-name/em/email-dns/secrets/dkim/gen_key.sh b/tests/common/email/dkim/gen_key.sh
index 1e090f4..48b4434 100755
--- a/tests/by-name/em/email-dns/secrets/dkim/gen_key.sh
+++ b/tests/common/email/dkim/gen_key.sh
@@ -1,6 +1,8 @@
 #! /usr/bin/env nix-shell
 #! nix-shell -p rage -p openssl -p dash -i dash --impure
 
+# shellcheck shell=dash
+
 cd "$(dirname "$0")" || {
     echo "No basedir?!"
     exit 1
diff --git a/tests/by-name/em/email-dns/secrets/dkim/mail1.server.com/private.age b/tests/common/email/dkim/mail1.server.com/private.age
index 8c5d3c3..8c5d3c3 100644
--- a/tests/by-name/em/email-dns/secrets/dkim/mail1.server.com/private.age
+++ b/tests/common/email/dkim/mail1.server.com/private.age
diff --git a/tests/by-name/em/email-dns/secrets/dkim/mail1.server.com/public b/tests/common/email/dkim/mail1.server.com/public
index 4941b85..4941b85 100644
--- a/tests/by-name/em/email-dns/secrets/dkim/mail1.server.com/public
+++ b/tests/common/email/dkim/mail1.server.com/public
diff --git a/tests/by-name/em/email-dns/secrets/dkim/mail2.server.com/private.age b/tests/common/email/dkim/mail2.server.com/private.age
index d39631a..d39631a 100644
--- a/tests/by-name/em/email-dns/secrets/dkim/mail2.server.com/private.age
+++ b/tests/common/email/dkim/mail2.server.com/private.age
diff --git a/tests/by-name/em/email-dns/secrets/dkim/mail2.server.com/public b/tests/common/email/dkim/mail2.server.com/public
index 5c4406d..5c4406d 100644
--- a/tests/by-name/em/email-dns/secrets/dkim/mail2.server.com/public
+++ b/tests/common/email/dkim/mail2.server.com/public
diff --git a/tests/by-name/em/email-dns/secrets/hostKey b/tests/common/email/hostKey
index 79c9d6c..79c9d6c 100644
--- a/tests/by-name/em/email-dns/secrets/hostKey
+++ b/tests/common/email/hostKey
generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-07-12 01:53:00 +0000