tlaternet/tlaternet-server
1
0
Fork 0
Code Issues 8 Pull requests Activity

test(nginx): Add simple tests to assert nginx features work

Browse source
This commit is contained in:
Tristan Daniël Maat 2025-11-13 05:20:09 +08:00
parent 4e59582de2
commit f2ef91672b
Signed by: tlater
GPG key ID: 02E935006CF2E8E7
6 changed files with 176 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

64
configuration/nginx/ssl.nix
View file

@ -1,4 +1,5 @@
{
flake-inputs,
pkgs,
config,
lib,
@ -69,5 +70,68 @@
"porkbun/api-key".owner = "acme";
"porkbun/secret-api-key".owner = "acme";
};
serviceTests =
let
testHostConfig =
{ config, ... }:
{
imports = [
./.
../../modules/serviceTests/mocks.nix
];
networking.firewall.allowedTCPPorts = [ 443 ];
security.acme.certs."tlater.net".extraDomainNames = [ config.services.nginx.domain ];
services.nginx = {
domain = "testHost";
virtualHosts."${config.services.nginx.domain}" = {
useACMEHost = "tlater.net";
onlySSL = true;
enableHSTS = true;
locations."/".return = "200 ok";
};
};
};
in
{
testNginxSSL = pkgs.testers.runNixOSTest {
name = "test-nginx-ssl";
node.specialArgs = { inherit flake-inputs; };
nodes = {
testHost = testHostConfig;
client =
{ pkgs, ... }:
{
environment.systemPackages = [ pkgs.curl ];
};
};
testScript = ''
start_all()
testHost.wait_for_unit("nginx.service")
testHost.copy_from_vm("/var/lib/acme/tlater.net/", "certs")
client.copy_from_host(f"{testHost.out_dir}/certs", "/certs")
res = client.succeed(" ".join([
"curl",
"--show-error",
"--silent",
"--dump-header -",
"--cacert /certs/tlater.net/fullchain.pem",
"https://testHost",
"-o /dev/null"
]))
assert "strict-transport-security: max-age=15552000; includeSubDomains" in res
'';
};
};
};
}