3
0
Fork 0
forked from mirrors/nixpkgs
nixpkgs/nixos/tests
aszlig b3162a1074
nixos/tests: Add common modules for letsencrypt
These modules implement a way to test ACME based on a test instance of
Letsencrypt's Boulder service. The service implementation is in
letsencrypt.nix and the second module (resolver.nix) is a support-module
for the former, but can also be used for tests not involving ACME.

The second module provides a DNS server which hosts a root zone
containing all the zones and /etc/hosts entries (except loopback) in the
entire test network, so this can be very useful for other modules that
need DNS resolution.

Originally, I wrote these modules for the Headcounter deployment, but
I've refactored them a bit to be generally useful to NixOS users. The
original implementation can be found here:

https://github.com/headcounter/deployment/tree/89e7feafb/modules/testing

Quoting parts from the commit message of the initial implementation of
the Letsencrypt module in headcounter/deployment@95dfb31110:

    This module is going to be used for tests where we need to
    impersonate an ACME service such as the one from Letsencrypt within
    VM tests, which is the reason why this module is a bit ugly (I only
    care if it's working not if it's beautiful).

    While the module isn't used anywhere, it will serve as a pluggable
    module for testing whether ACME works properly to fetch certificates
    and also as a replacement for our snakeoil certificate generator.

Also quoting parts of the commit where I have refactored the same module
in headcounter/deployment@85fa481b34:

    Now we have a fully pluggable module which automatically discovers
    in which network it's used via the nodes attribute.

    The test environment of Boulder used "dns-test-srv", which is a fake
    DNS server that's resolving almost everything to 127.0.0.1. On our
    setup this is not useful, so instead we're now running a local BIND
    name server which has a fake root zone and uses the mentioned node
    attribute to automatically discover other zones in the network of
    machines and generate delegations from the root zone to the
    respective zones with the primaryIPAddress of the node.

    ...

    We want to use real letsencrypt.org FQDNs here, so we can't get away
    with the snakeoil test certificates from the upstream project but
    now roll our own.

    This not only has the benefit that we can easily pass the snakeoil
    certificate to other nodes, but we can (and do) also use it for an
    nginx proxy that's now serving HTTPS for the Boulder web front end.

The Headcounter deployment tests are simulating a production scenario
with real IPs and nameservers so it won't need to rely on
networking.extraHost. However in this implementation we don't
necessarily want to do that, so I've added auto-discovery of
networking.extraHosts in the resolver module.

Another change here is that the letsencrypt module now falls back to
using a local resolver, the Headcounter implementation on the other hand
always required to add an extra test node which serves as a resolver.

I could have squashed both modules into the final ACME test, but that
would make it not very reusable, so that's the main reason why I put
these modules in tests/common.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2017-09-13 23:16:33 +02:00
..
common nixos/tests: Add common modules for letsencrypt 2017-09-13 23:16:33 +02:00
ammonite.nix ammonite: add test 2017-07-04 21:36:30 -04:00
avahi.nix avahi: fix test 2016-02-28 16:18:39 +01:00
bittorrent.nix tests.bittorrent: use a file instead of a directory 2017-01-26 02:44:05 +01:00
blivet.nix blivet test: use python2 2016-11-24 22:28:03 +01:00
boot-stage1.nix tests/boot-stage1: Use runCommandCC for kcanary 2016-10-09 14:15:19 +02:00
boot.nix OVMF: separate output for ovmf binaries 2017-05-20 12:33:48 +02:00
buildbot.nix buildbot: 0.9.4 -> 0.9.5 2017-04-21 10:32:36 -04:00
cadvisor.nix cadvisor test: fix (#18671) 2016-09-16 22:06:16 +02:00
cassandra.nix cassandra service: init 2016-08-02 20:58:35 -04:00
chromium.nix nixos/tests/chromium: Run tests as normal user 2017-02-07 07:36:56 +01:00
cjdns.nix replace ping6 with ping 2017-02-17 16:04:49 +01:00
cloud-init.nix nixos/cloudinit: add cloudinit test 2017-05-23 20:51:05 +02:00
containers-bridge.nix replace ping6 with ping 2017-02-17 16:04:49 +01:00
containers-extra_veth.nix replace ping6 with ping 2017-02-17 16:04:49 +01:00
containers-hosts.nix containers: fix broken /etc/hosts entries when localAddress contains a netmask 2016-12-12 09:20:28 +01:00
containers-imperative.nix containers: add myself to the maintainers of the tests 2016-07-28 23:06:41 +02:00
containers-ipv4.nix containers: add myself to the maintainers of the tests 2016-07-28 23:06:41 +02:00
containers-ipv6.nix replace ping6 with ping 2017-02-17 16:04:49 +01:00
containers-macvlans.nix Add macvlan support for declarative containers 2016-12-12 07:34:28 +01:00
containers-physical_interfaces.nix containers: Improve device dependency tracking 2016-10-08 22:28:49 +02:00
containers-portforward.nix nixos-container: added test for port forwarding ( nixos/tests/containers-portforward.nix ) 2017-02-15 05:12:46 +01:00
containers-reloadable.nix nixos tests: add test for declarative containers, that container config changes 2017-08-23 12:43:07 +03:00
containers-restart_networking.nix network-interfaces: reload bridges on conf changes 2017-03-26 18:47:43 +02:00
containers-tmpfs.nix containers module: Add tmpfs options (#20557) 2016-11-22 02:11:33 +01:00
dnscrypt-proxy.nix nixos/dnscrypt-proxy test: exercise plugin loading 2017-03-30 13:36:06 +02:00
docker-edge.nix docker: Add test for docker-edge, check for proper versions in tests 2017-09-04 19:02:44 -04:00
docker-registry.nix docker: update service units from upstream 2016-12-23 21:39:38 +01:00
docker.nix docker: Add test for docker-edge, check for proper versions in tests 2017-09-04 19:02:44 -04:00
ec2.nix amazon-init.service: fix starting services at startup 2017-02-27 16:51:36 +00:00
ecryptfs.nix ecryptfs test: use TTY output to stabilize test 2016-12-02 19:36:27 -05:00
elk.nix ELK: update kibana and the elastic beats to 5.4 (#26252) 2017-06-13 22:36:08 +02:00
emacs-daemon.nix Remove myself from maintainers 2017-01-31 11:00:14 +01:00
env.nix tests: Add environment 2017-09-05 19:05:37 -04:00
etcd-cluster.nix etcd-cluster: split up openssl commands 2016-09-03 13:59:28 +02:00
etcd.nix etcd module: add test for simple one node etcd service 2016-08-25 14:42:22 +02:00
ferm.nix ferm: fix race condition in integration test (#18288) 2016-09-04 14:34:06 +02:00
firefox.nix nixos: tests: firefox: make more comprehensive 2017-03-15 17:25:57 +01:00
firewall.nix nixos: Fix ordering of firewall.service 2016-09-07 15:11:24 +02:00
flannel.nix flannel service: init 2016-10-01 17:08:48 +02:00
fleet.nix
gitlab.nix rename iElectric to domenkozar to match GitHub 2016-05-17 13:00:47 +01:00
glance.nix nixos/glance: add test 2016-12-31 09:36:57 +01:00
gnome3-gdm.nix panomatic: remove 2017-03-30 16:23:33 +02:00
gnome3.nix gnome3 tests: fix by providing more memory 2017-09-01 07:51:05 +02:00
gocd-agent.nix gocd-agent / gocd-server: Reduce test memory requirements so Hydra builds 2016-08-10 16:21:35 -04:00
gocd-server.nix gocd-agent / gocd-server: Reduce test memory requirements so Hydra builds 2016-08-10 16:21:35 -04:00
haka.nix
hardened.nix nixos/hardened profile: disable user namespaces at runtime 2017-04-30 15:17:27 +02:00
hibernate.nix tests: Fix hibernate 2017-09-06 22:01:48 -04:00
hound.nix hound: init module 2016-10-15 13:54:59 -04:00
hydra.nix nixos/hydra postgresql: Fix #27314 and add test case 2017-09-02 23:07:42 +02:00
i3wm.nix Fix X11 tests broken by the removal of -ac 2016-04-12 19:13:47 +02:00
influxdb.nix cadvisor test: fix (#18671) 2016-09-16 22:06:16 +02:00
initrd-network.nix
installer.nix rogue: omit from the installation media 2017-08-29 16:15:15 +02:00
ipfs.nix tests: fix ipfs test, test actual networking functionality 2017-08-30 15:28:50 +02:00
ipv6.nix replace ping6 with ping 2017-02-17 16:04:49 +01:00
jenkins.nix rename iElectric to domenkozar to match GitHub 2016-05-17 13:00:47 +01:00
kernel-copperhead.nix Add basic kernel tests 2017-09-05 10:38:07 -04:00
kernel-latest.nix Add basic kernel tests 2017-09-05 10:38:07 -04:00
kernel-lts.nix Add basic kernel tests 2017-09-05 10:38:07 -04:00
kernel-params.nix tests: Add kernelParams 2017-09-05 19:04:43 -04:00
kexec.nix
keymap.nix nixos/tests/keymap: use SLIM theme from nixos/tests/slim 2017-07-22 17:43:28 -05:00
keystone.nix nixos/keystone: add test in release.nix 2016-12-16 20:53:32 +01:00
kubernetes.nix kubernetes vm test: make dig and netcat available 2017-01-15 13:28:16 +01:00
ldap.nix nixos/tests: add tests for the LDAP stack 2017-05-27 02:51:46 +02:00
leaps.nix nixos/tests/leaps.nix: fixed race condition 2017-03-06 21:33:21 +01:00
lightdm.nix Fix X11 tests broken by the removal of -ac 2016-04-12 19:13:47 +02:00
login.nix login test: Create and use direct reads of the TTY contents. 2016-11-30 00:17:18 -05:00
make-test.nix
mathics.nix
mesos.nix mesos: 1.0.1 -> 1.1.0 2016-12-29 20:09:46 -05:00
mesos_test.py mesos: 1.0.1 -> 1.1.0 2016-12-29 20:09:46 -05:00
minio.nix minio service: add additional config options 2017-07-09 15:19:50 +02:00
misc.nix nixos tests.misc: unblock a man-page test 2017-07-11 08:55:55 +02:00
mongodb.nix mongodb service: add test case 2016-09-17 10:47:36 +01:00
mpich-example.c
mumble.nix mumble: fix failing vm tests 2016-09-13 09:45:08 +02:00
munin.nix munin: fix tests by replacing cron with systemd timer 2017-03-22 00:16:36 +01:00
mysql-replication.nix mysql test: test replication persists between slave stop / start cycle 2017-04-25 18:51:49 -04:00
mysql.nix mysql: fix replication tests (#17174) 2016-07-23 00:37:05 +02:00
nat.nix nixos.tests.nat: fix 2017-08-04 17:52:42 +02:00
networking-proxy.nix
networking.nix networking/bonds: fix examples 2017-03-08 04:54:17 +01:00
nexus.nix nexus: Add module for nexus. 2017-09-04 22:32:02 +02:00
nfs.nix nfs tests: fix nfs server unit name 2017-02-05 12:41:21 +03:00
nginx.nix nixos/tests/nginx: fix name 2017-08-11 17:37:14 +02:00
nsd.nix
openssh.nix openssh: test that startWhenNeeded works 2016-12-29 17:04:52 -05:00
pam-oath-login.nix pam_oath: require OATH and pam_unix credentials to be valid 2017-02-12 18:27:11 -05:00
panamax.nix
partition.nix
peerflix.nix
pgjwt.nix pgjwt: init at 0.0.1 (#22644) 2017-02-26 11:14:32 +01:00
phabricator.nix nixos/tests/phabricator: fix renaming warning 2017-03-03 07:26:17 -06:00
plasma5.nix tests.plasma5: fix hash 2017-08-12 00:55:32 +02:00
postgis.nix postgresql: Fix use with extensions 2016-09-02 11:51:21 +02:00
postgresql.nix nixos tests: run postgresql tests with postgres user 2017-07-19 22:13:02 +01:00
printing.nix rename iElectric to domenkozar to match GitHub 2016-05-17 13:00:47 +01:00
prometheus.nix nixos: unbreak prometheus test 2016-12-20 23:26:51 +01:00
proxy.nix
pump.io.nix pump.io: fix tests 2017-03-12 16:01:07 +01:00
quagga.nix quagga test: Add test for the quagga service. 2016-09-02 14:00:32 +03:00
quake3.nix rename iElectric to domenkozar to match GitHub 2016-05-17 13:00:47 +01:00
rabbitmq.nix
radicale.nix radicale: 1.1.4 -> 2.1.2 2017-08-13 17:23:43 +02:00
riak.nix remove elrangR15 and riak 1.3.0 as they're outdated 2016-03-22 21:40:07 +00:00
run-in-machine.nix
samba.nix samba test: fix race condition 2017-03-01 03:16:35 +03:00
sddm.nix nixos/tests/sddm: Fix detecting login screen 2017-06-22 06:26:08 +02:00
simple.nix
slim.nix nixos: Add a VM test for the SLiM display manager 2017-04-23 19:25:27 +02:00
slurm.nix
smokeping.nix Getting rid of the var indirection and using a bin path instead 2017-01-29 04:11:01 -06:00
snapper.nix snapper: add nixos module 2017-07-16 10:06:42 +01:00
subversion.nix
sysctl.nix tests: Add sysctl 2017-09-05 19:03:54 -04:00
taskserver.nix nixos/taskserver: Fix manual PKI management 2017-07-16 20:38:15 +02:00
testdb.sql
timezone.nix nixos/timezone: support imperative timezone configuration (#26608) 2017-07-31 15:55:24 +01:00
tomcat.nix Remove tomcat vm test timing issues 2016-09-13 22:46:46 +02:00
trac.nix postgresql92: remove last references 2017-09-05 18:20:56 +02:00
udisks2.nix
virtualbox.nix nixos/tests/virtualbox: Fix @shell@ expansion 2017-03-27 04:53:17 +02:00
wordpress.nix wordpress: security upgrade: 4.7.2 -> 4.7.3 & other improvements (#23837) 2017-03-14 16:11:51 +01:00
xfce.nix Add a regression test for #14623 2016-04-12 19:13:52 +02:00
xmonad.nix tests: xmonad less dependent on timings 2017-09-09 10:07:34 -04:00
xrdp.nix xrdp: init at 0.9.1 2017-04-29 17:23:35 +00:00