kiara/Fediversity
1
0
Fork 0
forked from fediversity/fediversity
Code Pull requests Activity

mv out acme logic

Browse source 
Signed-off-by: Kiara Grouwstra <kiara@procolix.eu>
This commit is contained in:
Kiara Grouwstra 2025-09-25 13:13:35 +02:00
parent a2acc86350
commit 9118e9ab2d
Signed by: kiara
SSH key fingerprint: SHA256:COspvLoLJ5WC5rFb9ZDe5urVCkK4LJZOsjfF4duRJFU
2 changed files with 31 additions and 43 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

32
deployment/check/common/nixosTest.nix
View file

@ -82,20 +82,26 @@ in
nodes = nodes =
{ {
deployer = { deployer = lib.mkMerge [
{
imports = [ ./deployerNode.nix ]; imports = [ ./deployerNode.nix ];
_module.args = { inherit inputs sources; }; _module.args = { inherit inputs sources; };
enableAcme = config.enableAcme; enableAcme = config.enableAcme;
acmeNodeIP = config.nodes.acme.networking.primaryIPAddress; acmeNodeIP = config.nodes.acme.networking.primaryIPAddress;
};
} }
(lib.mkIf config.enableAcme {
// security.acme = {
acceptTerms = true;
( defaults.email = "test@test.com";
if config.enableAcme then defaults.server = "https://acme.test/dir";
{ };
acme = { security.pki.certificateFiles = [
(import "${inputs.nixpkgs}/nixos/tests/common/acme/server/snakeoil-certs.nix").ca.cert
];
networking.extraHosts = "${config.acmeNodeIP} acme.test";
})
];
acme = lib.mkIf config.enableAcme {
## FIXME: This makes `nodes.acme` into a local resolver. Maybe this will ## FIXME: This makes `nodes.acme` into a local resolver. Maybe this will
## break things once we play with DNS? ## break things once we play with DNS?
imports = [ "${inputs.nixpkgs}/nixos/tests/common/acme/server" ]; imports = [ "${inputs.nixpkgs}/nixos/tests/common/acme/server" ];
@ -103,13 +109,7 @@ in
systemd.services.pebble.environment.PEBBLE_VA_ALWAYS_VALID = "1"; systemd.services.pebble.environment.PEBBLE_VA_ALWAYS_VALID = "1";
}; };
} }
else // genAttrs config.targetMachines (_: {
{ }
)
//
genAttrs config.targetMachines (_: {
imports = [ ./targetNode.nix ]; imports = [ ./targetNode.nix ];
_module.args = { inherit inputs sources; }; _module.args = { inherit inputs sources; };
enableAcme = config.enableAcme; enableAcme = config.enableAcme;

12
deployment/check/panel/nixosTest.nix
View file

@ -1,5 +1,4 @@
{ {
inputs,
lib, lib,
hostPkgs, hostPkgs,
config, config,
@ -151,17 +150,6 @@ in
(import ../../../panel { }).module (import ../../../panel { }).module
]; ];
## FIXME: This should be in the common stuff.
security.acme = {
acceptTerms = true;
defaults.email = "test@test.com";
defaults.server = "https://acme.test/dir";
};
security.pki.certificateFiles = [
(import "${inputs.nixpkgs}/nixos/tests/common/acme/server/snakeoil-certs.nix").ca.cert
];
networking.extraHosts = "${config.acmeNodeIP} acme.test";
services.panel = { services.panel = {
enable = true; enable = true;
production = true; production = true;