modules/nginx-website/default.nix

@@ -7,7 +7,7 @@
   services.nginx.virtualHosts = {
     "www.${config.pub-solar-os.networking.domain}" = {
       enableACME = true;
-      addSSL = true;
+      forceSSL = true;
 
       extraConfig = ''
         error_log /dev/null;

tests/keycloak.nix

@@ -63,8 +63,6 @@ in
     };
   };
 
-  enableOCR = true;
-
   testScript =
     { nodes, ... }:
     let

tests/website.nix

@@ -13,22 +13,47 @@
   node.pkgs = pkgs;
   node.specialArgs = self.outputs.nixosConfigurations.nachtigall._module.specialArgs;
 
-  nodes.nachtigall_test = {
+  nodes = {
+    acme-server = {
+      imports = [
+        self.nixosModules.home-manager
+        self.nixosModules.core
+        ./support/ca.nix
+      ];
+    };
+
+    nachtigall = {
       imports = [
         self.nixosModules.home-manager
         self.nixosModules.core
         self.nixosModules.nginx
-      self.nixosModules.keycloak
+        self.nixosModules.nginx-website
+        ./support/global.nix
+      ];
+
+      virtualisation.memorySize = 4096;
+
+      networking.interfaces.eth0.ipv4.addresses = [
+        {
+          address = "192.168.1.3";
+          prefixLength = 32;
+        }
       ];
     };
-
+  };
-  enableOCR = true;
 
   testScript = ''
-    nachtigall_test.wait_for_unit("system.slice")
+    start_all()
-    nachtigall_test.succeed("ping 127.0.0.1 -c 2")
+
-    nachtigall_test.wait_for_unit("nginx.service")
+    acme_server.wait_for_unit("system.slice")
-    nachtigall_test.succeed("curl https://test.pub.solar/")
+    acme_server.wait_for_unit("step-ca.service")
-    nachtigall_test.succeed("curl https://www.test.pub.solar/")
+    acme_server.succeed("ping ca.test.pub.solar -c 2")
+    acme_server.wait_until_succeeds("curl 127.0.0.1:443")
+
+    nachtigall.wait_for_unit("system.slice")
+    nachtigall.succeed("ping test.pub.solar -c 2")
+    nachtigall.succeed("ping ca.test.pub.solar -c 2")
+    nachtigall.wait_for_unit("nginx.service")
+    nachtigall.wait_until_succeeds("curl https://test.pub.solar/")
   '';
 }