nixpkgs/nixos/tests/common/letsencrypt/common.nix
Félix Baylac-Jacqué 0c0af28cd5 nixos/tests/letsencrypt: use Pebble instead of Boulder
Let's encrypt bumped ACME to V2. We need to update our nixos test to
be compatible with this new protocol version.

We decided to drop the Boulder ACME server in favor of the more
integration test friendly Pebble.

- overriding cacert not necessary
- this avoids rebuilding lots of packages needlessly
- nixos/tests/acme: use pebble's ca for client tests
- pebble always generates its own ca which has to be fetched

TODO: write proper commit msg :)
2019-10-23 21:17:17 +02:00

9 lines
261 B
Nix

{ lib, nodes, pkgs, ... }: let
letsencrypt-ca = nodes.letsencrypt.config.test-support.letsencrypt.caCert;
in {
networking.nameservers = [
nodes.letsencrypt.config.networking.primaryIPAddress
];
security.pki.certificateFiles = [ letsencrypt-ca ];
}