diff options
Diffstat (limited to '')
| -rwxr-xr-x | tests/common/acme/certs/generate (renamed from tests/by-name/em/email-dns/nodes/acme/certs/generate) | 0 | ||||
| -rwxr-xr-x | tests/common/acme/certs/generate.ca (renamed from tests/by-name/em/email-dns/nodes/acme/certs/generate.ca) | 0 | ||||
| -rwxr-xr-x | tests/common/acme/certs/generate.client (renamed from tests/by-name/em/email-dns/nodes/acme/certs/generate.client) | 0 | ||||
| -rw-r--r-- | tests/common/acme/certs/output/acme.test.cert.pem (renamed from tests/by-name/em/email-dns/nodes/acme/certs/output/acme.test.cert.pem) | 0 | ||||
| -rw-r--r-- | tests/common/acme/certs/output/acme.test.key.pem (renamed from tests/by-name/em/email-dns/nodes/acme/certs/output/acme.test.key.pem) | 0 | ||||
| -rw-r--r-- | tests/common/acme/certs/output/acme.test.template (renamed from tests/by-name/em/email-dns/nodes/acme/certs/output/acme.test.template) | 0 | ||||
| -rw-r--r-- | tests/common/acme/certs/output/ca.cert.pem (renamed from tests/by-name/em/email-dns/nodes/acme/certs/output/ca.cert.pem) | 0 | ||||
| -rw-r--r-- | tests/common/acme/certs/output/ca.key.pem (renamed from tests/by-name/em/email-dns/nodes/acme/certs/output/ca.key.pem) | 0 | ||||
| -rw-r--r-- | tests/common/acme/certs/output/ca.template (renamed from tests/by-name/em/email-dns/nodes/acme/certs/output/ca.template) | 0 | ||||
| -rw-r--r-- | tests/common/acme/certs/snakeoil-certs.nix (renamed from tests/by-name/em/email-dns/nodes/acme/certs/snakeoil-certs.nix) | 0 | ||||
| -rw-r--r-- | tests/common/acme/client.nix (renamed from tests/by-name/em/email-dns/nodes/acme/client.nix) | 0 | ||||
| -rw-r--r-- | tests/common/acme/default.nix | 47 | ||||
| -rw-r--r-- | tests/common/acme/server.nix (renamed from tests/by-name/em/email-dns/nodes/acme/default.nix) | 27 | ||||
| -rw-r--r-- | tests/common/dns/client.nix | 10 | ||||
| -rw-r--r-- | tests/common/dns/server.nix | 43 | ||||
| -rw-r--r-- | tests/common/email/dkim/alice.com/private.age | 15 | ||||
| -rw-r--r-- | tests/common/email/dkim/alice.com/public (renamed from tests/by-name/em/email-dns/secrets/dkim/alice.com/public) | 0 | ||||
| -rw-r--r-- | tests/common/email/dkim/bob.com/private.age | 14 | ||||
| -rw-r--r-- | tests/common/email/dkim/bob.com/public (renamed from tests/by-name/em/email-dns/secrets/dkim/bob.com/public) | 0 | ||||
| -rwxr-xr-x | tests/common/email/dkim/gen_key.sh (renamed from tests/by-name/em/email-dns/secrets/dkim/gen_key.sh) | 2 | ||||
| -rw-r--r-- | tests/common/email/dkim/mail1.server.com/private.age | 15 | ||||
| -rw-r--r-- | tests/common/email/dkim/mail1.server.com/public (renamed from tests/by-name/em/email-dns/secrets/dkim/mail1.server.com/public) | 0 | ||||
| -rw-r--r-- | tests/common/email/dkim/mail2.server.com/private.age | 15 | ||||
| -rw-r--r-- | tests/common/email/dkim/mail2.server.com/public (renamed from tests/by-name/em/email-dns/secrets/dkim/mail2.server.com/public) | 0 | ||||
| -rw-r--r-- | tests/common/email/hostKey (renamed from tests/by-name/em/email-dns/secrets/hostKey) | 0 |
25 files changed, 163 insertions, 25 deletions
diff --git a/tests/by-name/em/email-dns/nodes/acme/certs/generate b/tests/common/acme/certs/generate index 0d6258e..0d6258e 100755 --- a/tests/by-name/em/email-dns/nodes/acme/certs/generate +++ b/tests/common/acme/certs/generate diff --git a/tests/by-name/em/email-dns/nodes/acme/certs/generate.ca b/tests/common/acme/certs/generate.ca index 92832c5..92832c5 100755 --- a/tests/by-name/em/email-dns/nodes/acme/certs/generate.ca +++ b/tests/common/acme/certs/generate.ca diff --git a/tests/by-name/em/email-dns/nodes/acme/certs/generate.client b/tests/common/acme/certs/generate.client index 5930298..5930298 100755 --- a/tests/by-name/em/email-dns/nodes/acme/certs/generate.client +++ b/tests/common/acme/certs/generate.client diff --git a/tests/by-name/em/email-dns/nodes/acme/certs/output/acme.test.cert.pem b/tests/common/acme/certs/output/acme.test.cert.pem index 687101d..687101d 100644 --- a/tests/by-name/em/email-dns/nodes/acme/certs/output/acme.test.cert.pem +++ b/tests/common/acme/certs/output/acme.test.cert.pem diff --git a/tests/by-name/em/email-dns/nodes/acme/certs/output/acme.test.key.pem b/tests/common/acme/certs/output/acme.test.key.pem index 06195b8..06195b8 100644 --- a/tests/by-name/em/email-dns/nodes/acme/certs/output/acme.test.key.pem +++ b/tests/common/acme/certs/output/acme.test.key.pem diff --git a/tests/by-name/em/email-dns/nodes/acme/certs/output/acme.test.template b/tests/common/acme/certs/output/acme.test.template index 320a170..320a170 100644 --- a/tests/by-name/em/email-dns/nodes/acme/certs/output/acme.test.template +++ b/tests/common/acme/certs/output/acme.test.template diff --git a/tests/by-name/em/email-dns/nodes/acme/certs/output/ca.cert.pem b/tests/common/acme/certs/output/ca.cert.pem index 0fa9d14..0fa9d14 100644 --- a/tests/by-name/em/email-dns/nodes/acme/certs/output/ca.cert.pem +++ b/tests/common/acme/certs/output/ca.cert.pem diff --git a/tests/by-name/em/email-dns/nodes/acme/certs/output/ca.key.pem b/tests/common/acme/certs/output/ca.key.pem index 64263bc..64263bc 100644 --- a/tests/by-name/em/email-dns/nodes/acme/certs/output/ca.key.pem +++ b/tests/common/acme/certs/output/ca.key.pem diff --git a/tests/by-name/em/email-dns/nodes/acme/certs/output/ca.template b/tests/common/acme/certs/output/ca.template index a2295d8..a2295d8 100644 --- a/tests/by-name/em/email-dns/nodes/acme/certs/output/ca.template +++ b/tests/common/acme/certs/output/ca.template diff --git a/tests/by-name/em/email-dns/nodes/acme/certs/snakeoil-certs.nix b/tests/common/acme/certs/snakeoil-certs.nix index aeb6dfc..aeb6dfc 100644 --- a/tests/by-name/em/email-dns/nodes/acme/certs/snakeoil-certs.nix +++ b/tests/common/acme/certs/snakeoil-certs.nix diff --git a/tests/by-name/em/email-dns/nodes/acme/client.nix b/tests/common/acme/client.nix index 2b870e8..2b870e8 100644 --- a/tests/by-name/em/email-dns/nodes/acme/client.nix +++ b/tests/common/acme/client.nix diff --git a/tests/common/acme/default.nix b/tests/common/acme/default.nix new file mode 100644 index 0000000..c756a4f --- /dev/null +++ b/tests/common/acme/default.nix @@ -0,0 +1,47 @@ +{pkgs}: let + add_pebble_ca_certs = pkgs.writeShellScript "fetch-and-set-ca" '' + set -xe + + # Fetch the randomly generated ca certificate + curl https://acme.test:15000/roots/0 > /tmp/ca.crt + curl https://acme.test:15000/intermediates/0 >> /tmp/ca.crt + + # Append it to the various system stores + # The file paths are from <nixpgks>/modules/security/ca.nix + for cert_path in "ssl/certs/ca-certificates.crt" "ssl/certs/ca-bundle.crt" "pki/tls/certs/ca-bundle.crt"; do + cert_path="/etc/$cert_path" + + mv "$cert_path" "$cert_path.old" + cat "$cert_path.old" > "$cert_path" + cat /tmp/ca.crt >> "$cert_path" + done + + export NIX_SSL_CERT_FILE=/tmp/ca.crt + export SSL_CERT_FILE=/tmp/ca.crt + + # TODO + # # P11-Kit trust source. + # environment.etc."ssl/trust-source".source = "$${cacertPackage.p11kit}/etc/ssl/trust-source"; + ''; +in { + prepare = clients: extra: + # The parens are needed for the syntax highlighting to work. + ( # python + '' + # Start dependencies for the other services + acme.start() + acme.wait_for_unit("pebble.service") + name_server.start() + name_server.wait_for_unit("nsd.service") + + # Start actual test + start_all() + + with subtest("Add pebble ca key to all services"): + for node in [name_server, ${builtins.concatStringsSep "," clients}]: + node.wait_until_succeeds("curl https://acme.test:15000/roots/0") + node.succeed("${add_pebble_ca_certs}") + '' + ) + + extra; +} diff --git a/tests/by-name/em/email-dns/nodes/acme/default.nix b/tests/common/acme/server.nix index 236ba6a..997c944 100644 --- a/tests/by-name/em/email-dns/nodes/acme/default.nix +++ b/tests/common/acme/server.nix @@ -1,28 +1,5 @@ -# The certificate for the ACME service is exported as: -# -# config.test-support.acme.caCert -# -# This value can be used inside the configuration of other test nodes to inject -# the test certificate into security.pki.certificateFiles or into package -# overlays. -# -# { -# acme = { nodes, lib, ... }: { -# imports = [ ./common/acme/server ]; -# networking.nameservers = lib.mkForce [ -# nodes.mydnsresolver.networking.primaryIPAddress -# ]; -# }; -# -# dnsmyresolver = ...; -# } -# -# Keep in mind, that currently only _one_ resolver is supported, if you have -# more than one resolver in networking.nameservers only the first one will be -# used. -# -# Also make sure that whenever you use a resolver from a different test node -# that it has to be started _before_ the ACME service. +# Add this node as acme server. +# This also needs a DNS server. { config, pkgs, diff --git a/tests/common/dns/client.nix b/tests/common/dns/client.nix new file mode 100644 index 0000000..52f3267 --- /dev/null +++ b/tests/common/dns/client.nix @@ -0,0 +1,10 @@ +{ + lib, + nodes, + ... +}: { + networking.nameservers = lib.mkForce [ + nodes.name_server.networking.primaryIPAddress + nodes.name_server.networking.primaryIPv6Address + ]; +} diff --git a/tests/common/dns/server.nix b/tests/common/dns/server.nix new file mode 100644 index 0000000..0c8d72c --- /dev/null +++ b/tests/common/dns/server.nix @@ -0,0 +1,43 @@ +{ + lib, + nodes, + ... +}: { + imports = [ + ../../../modules + ]; + + networking.nameservers = lib.mkForce [ + nodes.name_server.networking.primaryIPAddress + nodes.name_server.networking.primaryIPv6Address + ]; + + vhack = { + dns = { + enable = true; + openFirewall = true; + interfaces = [ + nodes.name_server.networking.primaryIPAddress + nodes.name_server.networking.primaryIPv6Address + ]; + + zones = { + "acme.test" = { + SOA = { + nameServer = "ns"; + adminEmail = "admin@server.com"; + serial = 2025012301; + }; + useOrigin = false; + + A = [ + nodes.acme.networking.primaryIPAddress + ]; + AAAA = [ + nodes.acme.networking.primaryIPv6Address + ]; + }; + }; + }; + }; +} diff --git a/tests/common/email/dkim/alice.com/private.age b/tests/common/email/dkim/alice.com/private.age new file mode 100644 index 0000000..5415fdc --- /dev/null +++ b/tests/common/email/dkim/alice.com/private.age @@ -0,0 +1,15 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3dkJqTFNjOUphUWpBTmUv +MldLUUVtUWJWY2p4NGNDVlluWUdJNUVGTDBnCkRMZ3VsVGkvUUJsbUgrUHA5d1pY +d3lvQkdsSnRxYWxSbGlkQUlnMEFiWncKLT4gWDI1NTE5IGljWDF2a3JqZHBzZC9J +ZjlxSVdKQ0ErRGc1VVRTNE91RC8rR2ZhMlN5d28KYVNyMWZWSnZFNS9zWUdLS01T +UkJLaGxqWmwySzdxRk5GVUZ4NFR1aXcxcwotPiBzc2gtZWQyNTUxOSBSc2dXcFEg +alJlckZsT21YUUQrS05Xb25TeFJXUmFFTFl1U3NYOXZoWEZwa0Qrd2dnWQoxZVla +TFV3VURsaUxZdUZVRkZhdXcyV3AzMTJCc1hXUDJlK2FPc0pIU2hvCi0+IFN6Nlc4 +R0dqLWdyZWFzZSBfIQpUdERFc2xwZGkwR2p3QW0vNlIyR0pYTkkyeU02ckw2RnEv +bHE5TFQ4TlBaL3lNd1ZFbDRPZXo1RmpSeStWcjljCmFpV28KLS0tIEE2SURxTHdl +RWt5NXZRT3hFUHpjSm1BdTlwZGM2NmQvNm5Pb0s4dW5pc2sKTKoHvkHEkuPkMTDw +Un+0mSGY82ZxfpNuYH6YEjUYsXwAw4y0HFvsObc0XuYzCmQrBX8vLos0Sg5kzboT +EU81RdjI1AQPwhd+jBIDNFpUzYZ/IaQsz7Yp3G1WDfkeYPk10IuzOJoeRjLC9HPa +wfYCKZDhegV6n//kAxBGM0Q3MzyxO3eYJ+k3TaWnUPLnw+nFMAANgkYqfg== +-----END AGE ENCRYPTED FILE----- diff --git a/tests/by-name/em/email-dns/secrets/dkim/alice.com/public b/tests/common/email/dkim/alice.com/public index 0f3c3b2..0f3c3b2 100644 --- a/tests/by-name/em/email-dns/secrets/dkim/alice.com/public +++ b/tests/common/email/dkim/alice.com/public diff --git a/tests/common/email/dkim/bob.com/private.age b/tests/common/email/dkim/bob.com/private.age new file mode 100644 index 0000000..c07c997 --- /dev/null +++ b/tests/common/email/dkim/bob.com/private.age @@ -0,0 +1,14 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmN0FHQ2ZhVEVpNnB1S2Zu +T3JBS0xLUklKNUxKeENYeis3MUZHdUF1STFFCmdkTFQvcG9qWk55QjlEUDN2NGFa +Ump1TW1xRUZ3K251bFJsaEMrTXd3VzgKLT4gWDI1NTE5IFF6ZGNJbWkrc1Z5M3Rk +blpNUGpuNU0rZi9Ed2dicnM4WXhrbjdQVDFzeGsKd2V6clA0UjZWYmJxZytaa3B3 +T2drNkhiQVBKU2tOL2gxeGtjQnAra2NxawotPiBzc2gtZWQyNTUxOSBSc2dXcFEg +Y2xrRDduWXo1Qk81VFMxMHZ0T3FhaXZXUm1VMDNhVGZscEJ6Q2owWXFCMApsMTQ4 +K2hGNm4ybGNkSTFOeHdwZnI5YjRZQm1uVC9xUEtRSjBxV0JKdERRCi0+IFlzLWdy +ZWFzZSBbZztrCk1sWFhaZXNZOUhMbAotLS0gbkNRK2hkZ0dEZEkxeFVJKysyUUY3 +UWVBRjZoVXJCWk5YTEh4ZktpM1IwNArrxTAoCB+Ubb79nB53ZnbakCaDfrfLx7Oi +Khq4CZh64r2LaQWFP0m5dhHWDF/8Fg+E42zbXN1KQwggz2h59EqI2ouOXmjiZeHN +O50mfruF9xybdAFVIThEsjRTRQDPfO5qq6PI+g+w4s+S8kl6yp61t6z3y+zI3GGw +RxCsY2uEn5naMuBMqkYL5dhA/G5deNMpUQ8rcRZw +-----END AGE ENCRYPTED FILE----- diff --git a/tests/by-name/em/email-dns/secrets/dkim/bob.com/public b/tests/common/email/dkim/bob.com/public index ddea670..ddea670 100644 --- a/tests/by-name/em/email-dns/secrets/dkim/bob.com/public +++ b/tests/common/email/dkim/bob.com/public diff --git a/tests/by-name/em/email-dns/secrets/dkim/gen_key.sh b/tests/common/email/dkim/gen_key.sh index 1e090f4..48b4434 100755 --- a/tests/by-name/em/email-dns/secrets/dkim/gen_key.sh +++ b/tests/common/email/dkim/gen_key.sh @@ -1,6 +1,8 @@ #! /usr/bin/env nix-shell #! nix-shell -p rage -p openssl -p dash -i dash --impure +# shellcheck shell=dash + cd "$(dirname "$0")" || { echo "No basedir?!" exit 1 diff --git a/tests/common/email/dkim/mail1.server.com/private.age b/tests/common/email/dkim/mail1.server.com/private.age new file mode 100644 index 0000000..8c5d3c3 --- /dev/null +++ b/tests/common/email/dkim/mail1.server.com/private.age @@ -0,0 +1,15 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOYXRiK29XallqZG1vc1Bl +TlpFbk9WZmZIK1FrUHRIbmx6bEI5UkhJZUZ3Ck8zcHVGWHJjdG5wZnh0SDljc2F5 +WU1DMUNxdFdVQmRUMFNpa0VCSUkxZmsKLT4gWDI1NTE5IFhXREJyTVNueGp6YVg1 +b3FUemlodUMraWRMVnEyQTZqRlpKanhxdDBSMlkKYVNxcXFockpleGJBaU1iUUQ4 +bml2azlPSE9Jc0N0dDU2d1hYOXFpcnV2ZwotPiBzc2gtZWQyNTUxOSBSc2dXcFEg +ZUVuOHZyM3pRcTZHKzFsV2VheDkrdml4NUVIWldQY1BqcGNpTG5lU2VrVQoydnVZ +UHdpa1FmT3hNbHA1dll1dVFxS0VFanV3N3Y5Z1E5ejBiMkhRSHhRCi0+ICVuPzx1 +Ky1ncmVhc2UgYXY5PE43Om4KcWplaklGSXlMSk0yNktld21ucUdVS1dFVmt4NFhi +VG5WYUNMUGdxZ0dta1F6RVpRRTdoek1WT0hwaC9CVEcyMworUQotLS0genJEN2Jq +Y1JVbzc3NVFoSXAxSUxEQUZzZkRCcXNmSXBwZDB0eDMybE5NMApv3ghQF9tC00yI +v7Sa9ZKrA8HDb/wpUn0X+D+ShLC95rW8+oPonN6gt+z+PoVUFvXwKsP/1I+D6z+B +PRMurlvpspkIGlgi5S5H6brj9UJ7Pt61+Ld2/gaLevzCPy1QCmlAlqRKvZuZMUUR +hWbmEXi8j56ClcxpVe62p+4GCI41T2cjAogi2C33dtviIcGedq9byD5tbVt4 +-----END AGE ENCRYPTED FILE----- diff --git a/tests/by-name/em/email-dns/secrets/dkim/mail1.server.com/public b/tests/common/email/dkim/mail1.server.com/public index 4941b85..4941b85 100644 --- a/tests/by-name/em/email-dns/secrets/dkim/mail1.server.com/public +++ b/tests/common/email/dkim/mail1.server.com/public diff --git a/tests/common/email/dkim/mail2.server.com/private.age b/tests/common/email/dkim/mail2.server.com/private.age new file mode 100644 index 0000000..d39631a --- /dev/null +++ b/tests/common/email/dkim/mail2.server.com/private.age @@ -0,0 +1,15 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCRkl1SThtVnN3bUg4cmJL +aXBBUU4yRE1DOGdYclg1UXVhS1Y0UTJPVVIwCjlSOXZJdVB0R0VxbGdUWHd5U2RO +RGpFdUw4c3EyUFZNZUx4Mm5yeGNIeVUKLT4gWDI1NTE5IHc5K05EeE1xNnBHd1dS +WDJwSTdzLys3MnRncmN0WWZjTWkvM0tqeWRRU1EKek13RGRsNUhadncxQ3V6ZFcv +Ni9aMTFtRllFK0lvd2tidnRwUjE0V0d2OAotPiBzc2gtZWQyNTUxOSBSc2dXcFEg +Mml5VEt5b3R3d09Gc1hzR2pRZzJFY3VHT0JwUnBaTTNIWG5QaGdsWkh4bwp1Nzdx +dWxpbjdNRGZ6aThxM0d6a2MraklkSW03ek15YXRkSXVyaS96QlFjCi0+IDAkRDEp +bC4tZ3JlYXNlCi9lUnduUFJreTdpMEU5ejZjS1JyWmJzRkZNRVdLbnRRZC81aldN +c2FqTTgrNnFCSEYxQUhSQWxyMW9icCtQYkgKTUEKLS0tIDNmQkwwbjJiSldraDVw +ZUs3SHNpU0pGWXRLSVBtZ0Y1QW5uT0N5bnpjek0KiujqGmiYB3hCso3u4uCtZuO3 +EmPPJkbHKPNyUQy1V/Bv+sjgPDQi/0y7UR759G91iNIYQB0fWg7njWsl8GNdJwXI +YO+2utDKkrm0DowWNKpHX1KE1g93e0H5ZoptygLFtx8TWDP2i8R7JJqJ9QevSz6r +Nwjj+d3HGTxA7WvAZnNdvyfHbRRdvW+6q0uIjS5zHXAs8YmepA== +-----END AGE ENCRYPTED FILE----- diff --git a/tests/by-name/em/email-dns/secrets/dkim/mail2.server.com/public b/tests/common/email/dkim/mail2.server.com/public index 5c4406d..5c4406d 100644 --- a/tests/by-name/em/email-dns/secrets/dkim/mail2.server.com/public +++ b/tests/common/email/dkim/mail2.server.com/public diff --git a/tests/by-name/em/email-dns/secrets/hostKey b/tests/common/email/hostKey index 79c9d6c..79c9d6c 100644 --- a/tests/by-name/em/email-dns/secrets/hostKey +++ b/tests/common/email/hostKey |