jonmro
/
pvv-nixos-config
forked from Drift/pvv-nixos-config
1
0
Fork 0
Code Pull Requests Activity

Merge pull request 'treewide: run nginx -t on all nginx config files' (!32) from test-nginx-overlay into main 

Reviewed-on: Drift/pvv-nixos-config#32
This commit is contained in:
Daniel Lovbrotte Olsen 2024-04-11 23:39:42 +02:00
parent 36b7087a3f 8c72088d9c
commit ae4ace9fa2
2 changed files with 33 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
flake.nix
View File

@ -64,7 +64,11 @@
pkgs = import nixpkgs {
inherit system;
overlays = [ ] ++ config.overlays or [ ];
overlays = [
(import ./overlays/nginx-test.nix
(builtins.attrNames self.nixosConfigurations.${name}.config.security.acme.certs)
)
] ++ config.overlays or [ ];
};
}
(removeAttrs config [ "modules" "overlays" ])

28
overlays/nginx-test.nix Normal file
View File

@ -0,0 +1,28 @@
acme-certs: final: prev:
let
lib = final.lib;
crt = "${final.path}/nixos/tests/common/acme/server/acme.test.cert.pem";
key = "${final.path}/nixos/tests/common/acme/server/acme.test.key.pem";
in {
writers = prev.writers // {
writeNginxConfig = name: text: final.runCommandLocal name {
nginxConfig = prev.writers.writeNginxConfig name text;
nativeBuildInputs = [ final.bubblewrap ];
} ''
ln -s "$nginxConfig" "$out"
set +o pipefail
bwrap \
--ro-bind "${crt}" "/etc/certs/nginx.crt" \
--ro-bind "${key}" "/etc/certs/nginx.key" \
--ro-bind "/nix" "/nix" \
--ro-bind "/etc/hosts" "/etc/hosts" \
--dir "/run/nginx" \
--dir "/tmp" \
--dir "/var/log/nginx" \
${lib.concatMapStrings (name: "--ro-bind \"${crt}\" \"/var/lib/acme/${name}/fullchain.pem\" \\") acme-certs}
${lib.concatMapStrings (name: "--ro-bind \"${key}\" \"/var/lib/acme/${name}/key.pem\" \\") acme-certs}
${lib.concatMapStrings (name: "--ro-bind \"${crt}\" \"/var/lib/acme/${name}/chain.pem\" \\") acme-certs}
${lib.getExe final.nginx} -t -c "$out" |& grep "syntax is ok"
'';
};
}