Deployment tests: comment on Pebble's certificate

2025-06-04 15:38:38 +02:00 · 2025-06-04 15:38:38 +02:00 · 046f7c5998
commit 046f7c5998
parent 69579fea1c
1 changed files with 4 additions and 1 deletions
--- a/deployment/check/common/targetNode.nix
+++ b/deployment/check/common/targetNode.nix
@ -50,13 +50,16 @@ in
      };

      security.pki.certificateFiles = [
+        ## NOTE: This certificate is the one used by the Pebble HTTPS server.
+        ## This is NOT the root CA of the Pebble server. We do add it here so
+        ## that Pebble clients can talk to its API, but this will not allow
+        ## those machines to verify generated certificates.
        testCerts.ca.cert
      ];

      ## FIXME: it is a bit sad that all this logistics is necessary. look into
      ## better DNS stuff
      networking.extraHosts = "${config.acmeNodeIP} acme.test";
-
    })
  ];
 }