1
0
Fork 0
pvv-nixos-config/overlays/nginx-test.nix

33 lines
1.5 KiB
Nix
Raw Normal View History

2024-04-11 23:19:41 +02:00
acme-certs: final: prev:
let
problematicHosts = [ "matrix.pvv.ntnu.no" "tom.pvv.ntnu.no" ];
2024-04-11 23:19:41 +02:00
lib = final.lib;
crt = "${final.path}/nixos/tests/common/acme/server/acme.test.cert.pem";
key = "${final.path}/nixos/tests/common/acme/server/acme.test.key.pem";
in {
writers = prev.writers // {
writeNginxConfig = name: text: final.runCommandLocal name {
nginxConfig = prev.writers.writeNginxConfig name text;
2024-04-11 23:19:41 +02:00
nativeBuildInputs = [ final.bubblewrap ];
} ''
cat "$nginxConfig" > "$out"
substituteInPlace "$out" ${lib.concatMapStrings (host: "--replace ${host} \"localhost\" ") problematicHosts}
substituteInPlace "$out" --replace ":443" ":4443"
substituteInPlace "$out" --replace ":80" ":8808"
2024-04-11 23:19:41 +02:00
set +o pipefail
bwrap \
--ro-bind "${crt}" "/etc/certs/nginx.crt" \
--ro-bind "${key}" "/etc/certs/nginx.key" \
--ro-bind "/nix" "/nix" \
--ro-bind "/etc/hosts" "/etc/hosts" \
--dir "/run/nginx" \
--dir "/tmp" \
--dir "/var/log/nginx" \
${lib.concatMapStrings (name: "--ro-bind \"${crt}\" \"/var/lib/acme/${name}/fullchain.pem\" \\") acme-certs}
${lib.concatMapStrings (name: "--ro-bind \"${key}\" \"/var/lib/acme/${name}/key.pem\" \\") acme-certs}
${lib.concatMapStrings (name: "--ro-bind \"${crt}\" \"/var/lib/acme/${name}/chain.pem\" \\") acme-certs}
2024-04-12 00:41:57 +02:00
${lib.getExe' final.nginx "nginx"} -t -c "$out" |& grep "syntax is ok"
'';
};
}