From 4fecaae82e6de19f9f1b5a5a5c9984e911d75bf1 Mon Sep 17 00:00:00 2001
From: Benedikt Peetz <benedikt.peetz@b-peetz.de>
Date: Tue, 22 Apr 2025 21:34:56 +0200
Subject: tests/{common,email-dns}: Move last part of acme and dns handling to
 common

This makes re-using it even easier.
---
 tests/by-name/em/email-dns/test.nix | 34 ++++++----------------------------
 1 file changed, 6 insertions(+), 28 deletions(-)

(limited to 'tests/by-name/em/email-dns/test.nix')

diff --git a/tests/by-name/em/email-dns/test.nix b/tests/by-name/em/email-dns/test.nix
index 7391c86..6812d32 100644
--- a/tests/by-name/em/email-dns/test.nix
+++ b/tests/by-name/em/email-dns/test.nix
@@ -31,9 +31,9 @@ in
         lib,
         ...
       }: {
-        imports = [../../../common/acme];
-        networking.nameservers = lib.mkForce [
-          nodes.name_server.networking.primaryIPAddress
+        imports = [
+          ../../../common/acme/server.nix
+          ../../../common/dns/client.nix
         ];
       };
 
@@ -89,7 +89,8 @@ in
           exit 1
         }
       '';
-      inherit (pkgs) lib;
+
+      acme_scripts = import ../../../common/acme/scripts.nix {inherit pkgs;};
     in
       /*
       python
@@ -121,30 +122,7 @@ in
 
         with subtest("Add pebble ca key to all services"):
           for node in [name_server, mail1_server, mail2_server, alice, bob]:
-            node.succeed("${pkgs.writeShellScript "fetch-and-set-ca" ''
-          set -xe
-
-          # Fetch the randomly generated ca certificate
-          curl https://acme.test:15000/roots/0 > /tmp/ca.crt
-          curl https://acme.test:15000/intermediates/0 >> /tmp/ca.crt
-
-          # Append it to the various system stores
-          # The file paths are from <nixpgks>/modules/security/ca.nix
-          for cert_path in "ssl/certs/ca-certificates.crt" "ssl/certs/ca-bundle.crt" "pki/tls/certs/ca-bundle.crt"; do
-            cert_path="/etc/$cert_path"
-
-            mv "$cert_path" "$cert_path.old"
-            cat "$cert_path.old" > "$cert_path"
-            cat /tmp/ca.crt >> "$cert_path"
-          done
-
-          export NIX_SSL_CERT_FILE=/tmp/ca.crt
-          export SSL_CERT_FILE=/tmp/ca.crt
-
-          # TODO
-          # # P11-Kit trust source.
-          # environment.etc."ssl/trust-source".source = "$${cacertPackage.p11kit}/etc/ssl/trust-source";
-        ''}")
+            node.succeed("${acme_scripts.add_pebble_acme_ca}")
 
         with subtest("Both mailserver successfully started all services"):
           import json
-- 
cgit 1.4.1