mirror of
https://github.com/NixOS/nixpkgs.git
synced 2025-01-19 11:23:29 +00:00
nixos/tests/acme: use *.test domains
Shimming out the Let's Encrypt domain name to reuse client configuration
doesn't work properly (Pebble uses different endpoint URL formats), is
recommended against by upstream,[1] and is unnecessary now that the ACME
module supports specifying an ACME server. This commit changes the tests
to use the domain name acme.test instead, and renames the letsencrypt
node to acme to reflect that it has nothing to do with the ACME server
that Let's Encrypt runs. The imports are renamed for clarity:
* nixos/tests/common/{letsencrypt => acme}/{common.nix => client}
* nixos/tests/common/{letsencrypt => acme}/{default.nix => server}
The test's other domain names are also adjusted to use *.test for
consistency (and to avoid misuse of non-reserved domain names such
as standalone.com).
[1] https://github.com/letsencrypt/pebble/issues/283#issuecomment-545123242
Co-authored-by: Yegor Timoshenko <yegortimoshenko@riseup.net>
This commit is contained in:
Emily
parent
352e30df8a
commit
d0f04c1623
@ -1,5 +1,5 @@
|
|||||||
let
|
let
|
||||||
commonConfig = ./common/letsencrypt/common.nix;
|
commonConfig = ./common/acme/client;
|
||||||
|
|
||||||
dnsScript = {writeScript, dnsAddress, bash, curl}: writeScript "dns-hook.sh" ''
|
dnsScript = {writeScript, dnsAddress, bash, curl}: writeScript "dns-hook.sh" ''
|
||||||
#!${bash}/bin/bash
|
#!${bash}/bin/bash
|
||||||
@ -16,8 +16,8 @@ in import ./make-test-python.nix {
|
|||||||
name = "acme";
|
name = "acme";
|
||||||
|
|
||||||
nodes = rec {
|
nodes = rec {
|
||||||
letsencrypt = { nodes, lib, ... }: {
|
acme = { nodes, lib, ... }: {
|
||||||
imports = [ ./common/letsencrypt ];
|
imports = [ ./common/acme/server ];
|
||||||
networking.nameservers = lib.mkForce [
|
networking.nameservers = lib.mkForce [
|
||||||
nodes.dnsserver.config.networking.primaryIPAddress
|
nodes.dnsserver.config.networking.primaryIPAddress
|
||||||
];
|
];
|
||||||
@ -45,19 +45,16 @@ in import ./make-test-python.nix {
|
|||||||
nodes.dnsserver.config.networking.primaryIPAddress
|
nodes.dnsserver.config.networking.primaryIPAddress
|
||||||
];
|
];
|
||||||
networking.firewall.allowedTCPPorts = [ 80 ];
|
networking.firewall.allowedTCPPorts = [ 80 ];
|
||||||
security.acme = {
|
security.acme.certs."standalone.test" = {
|
||||||
server = "https://acme-v02.api.letsencrypt.org/dir";
|
webroot = "/var/lib/acme/acme-challenges";
|
||||||
certs."standalone.com" = {
|
|
||||||
webroot = "/var/lib/acme/acme-challenges";
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
systemd.targets."acme-finished-standalone.com" = {};
|
systemd.targets."acme-finished-standalone.test" = {};
|
||||||
systemd.services."acme-standalone.com" = {
|
systemd.services."acme-standalone.test" = {
|
||||||
wants = [ "acme-finished-standalone.com.target" ];
|
wants = [ "acme-finished-standalone.test.target" ];
|
||||||
before = [ "acme-finished-standalone.com.target" ];
|
before = [ "acme-finished-standalone.test.target" ];
|
||||||
};
|
};
|
||||||
services.nginx.enable = true;
|
services.nginx.enable = true;
|
||||||
services.nginx.virtualHosts."standalone.com" = {
|
services.nginx.virtualHosts."standalone.test" = {
|
||||||
locations."/.well-known/acme-challenge".root = "/var/lib/acme/acme-challenges";
|
locations."/.well-known/acme-challenge".root = "/var/lib/acme/acme-challenges";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
@ -71,16 +68,16 @@ in import ./make-test-python.nix {
|
|||||||
|
|
||||||
# A target remains active. Use this to probe the fact that
|
# A target remains active. Use this to probe the fact that
|
||||||
# a service fired eventhough it is not RemainAfterExit
|
# a service fired eventhough it is not RemainAfterExit
|
||||||
systemd.targets."acme-finished-a.example.com" = {};
|
systemd.targets."acme-finished-a.example.test" = {};
|
||||||
systemd.services."acme-a.example.com" = {
|
systemd.services."acme-a.example.test" = {
|
||||||
wants = [ "acme-finished-a.example.com.target" ];
|
wants = [ "acme-finished-a.example.test.target" ];
|
||||||
before = [ "acme-finished-a.example.com.target" ];
|
before = [ "acme-finished-a.example.test.target" ];
|
||||||
after = [ "nginx.service" ];
|
after = [ "nginx.service" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
services.nginx.enable = true;
|
services.nginx.enable = true;
|
||||||
|
|
||||||
services.nginx.virtualHosts."a.example.com" = {
|
services.nginx.virtualHosts."a.example.test" = {
|
||||||
enableACME = true;
|
enableACME = true;
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
locations."/".root = pkgs.runCommand "docroot" {} ''
|
locations."/".root = pkgs.runCommand "docroot" {} ''
|
||||||
@ -89,16 +86,16 @@ in import ./make-test-python.nix {
|
|||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
security.acme.server = "https://acme-v02.api.letsencrypt.org/dir";
|
security.acme.server = "https://acme.test/dir";
|
||||||
|
|
||||||
specialisation.second-cert.configuration = {pkgs, ...}: {
|
specialisation.second-cert.configuration = {pkgs, ...}: {
|
||||||
systemd.targets."acme-finished-b.example.com" = {};
|
systemd.targets."acme-finished-b.example.test" = {};
|
||||||
systemd.services."acme-b.example.com" = {
|
systemd.services."acme-b.example.test" = {
|
||||||
wants = [ "acme-finished-b.example.com.target" ];
|
wants = [ "acme-finished-b.example.test.target" ];
|
||||||
before = [ "acme-finished-b.example.com.target" ];
|
before = [ "acme-finished-b.example.test.target" ];
|
||||||
after = [ "nginx.service" ];
|
after = [ "nginx.service" ];
|
||||||
};
|
};
|
||||||
services.nginx.virtualHosts."b.example.com" = {
|
services.nginx.virtualHosts."b.example.test" = {
|
||||||
enableACME = true;
|
enableACME = true;
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
locations."/".root = pkgs.runCommand "docroot" {} ''
|
locations."/".root = pkgs.runCommand "docroot" {} ''
|
||||||
@ -108,8 +105,8 @@ in import ./make-test-python.nix {
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
specialisation.dns-01.configuration = {pkgs, config, nodes, lib, ...}: {
|
specialisation.dns-01.configuration = {pkgs, config, nodes, lib, ...}: {
|
||||||
security.acme.certs."example.com" = {
|
security.acme.certs."example.test" = {
|
||||||
domain = "*.example.com";
|
domain = "*.example.test";
|
||||||
dnsProvider = "exec";
|
dnsProvider = "exec";
|
||||||
dnsPropagationCheck = false;
|
dnsPropagationCheck = false;
|
||||||
credentialsFile = with pkgs; writeText "wildcard.env" ''
|
credentialsFile = with pkgs; writeText "wildcard.env" ''
|
||||||
@ -118,17 +115,17 @@ in import ./make-test-python.nix {
|
|||||||
user = config.services.nginx.user;
|
user = config.services.nginx.user;
|
||||||
group = config.services.nginx.group;
|
group = config.services.nginx.group;
|
||||||
};
|
};
|
||||||
systemd.targets."acme-finished-example.com" = {};
|
systemd.targets."acme-finished-example.test" = {};
|
||||||
systemd.services."acme-example.com" = {
|
systemd.services."acme-example.test" = {
|
||||||
wants = [ "acme-finished-example.com.target" ];
|
wants = [ "acme-finished-example.test.target" ];
|
||||||
before = [ "acme-finished-example.com.target" "nginx.service" ];
|
before = [ "acme-finished-example.test.target" "nginx.service" ];
|
||||||
wantedBy = [ "nginx.service" ];
|
wantedBy = [ "nginx.service" ];
|
||||||
};
|
};
|
||||||
services.nginx.virtualHosts."c.example.com" = {
|
services.nginx.virtualHosts."c.example.test" = {
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
sslCertificate = config.security.acme.certs."example.com".directory + "/cert.pem";
|
sslCertificate = config.security.acme.certs."example.test".directory + "/cert.pem";
|
||||||
sslTrustedCertificate = config.security.acme.certs."example.com".directory + "/full.pem";
|
sslTrustedCertificate = config.security.acme.certs."example.test".directory + "/full.pem";
|
||||||
sslCertificateKey = config.security.acme.certs."example.com".directory + "/key.pem";
|
sslCertificateKey = config.security.acme.certs."example.test".directory + "/key.pem";
|
||||||
locations."/".root = pkgs.runCommand "docroot" {} ''
|
locations."/".root = pkgs.runCommand "docroot" {} ''
|
||||||
mkdir -p "$out"
|
mkdir -p "$out"
|
||||||
echo hello world > "$out/index.html"
|
echo hello world > "$out/index.html"
|
||||||
@ -159,46 +156,44 @@ in import ./make-test-python.nix {
|
|||||||
client.start()
|
client.start()
|
||||||
dnsserver.start()
|
dnsserver.start()
|
||||||
|
|
||||||
letsencrypt.wait_for_unit("default.target")
|
acme.wait_for_unit("default.target")
|
||||||
dnsserver.wait_for_unit("pebble-challtestsrv.service")
|
dnsserver.wait_for_unit("pebble-challtestsrv.service")
|
||||||
client.succeed(
|
client.succeed(
|
||||||
'curl --data \'{"host": "acme-v02.api.letsencrypt.org", "addresses": ["${nodes.letsencrypt.config.networking.primaryIPAddress}"]}\' http://${nodes.dnsserver.config.networking.primaryIPAddress}:8055/add-a'
|
'curl --data \'{"host": "acme.test", "addresses": ["${nodes.acme.config.networking.primaryIPAddress}"]}\' http://${nodes.dnsserver.config.networking.primaryIPAddress}:8055/add-a'
|
||||||
)
|
)
|
||||||
client.succeed(
|
client.succeed(
|
||||||
'curl --data \'{"host": "standalone.com", "addresses": ["${nodes.acmeStandalone.config.networking.primaryIPAddress}"]}\' http://${nodes.dnsserver.config.networking.primaryIPAddress}:8055/add-a'
|
'curl --data \'{"host": "standalone.test", "addresses": ["${nodes.acmeStandalone.config.networking.primaryIPAddress}"]}\' http://${nodes.dnsserver.config.networking.primaryIPAddress}:8055/add-a'
|
||||||
)
|
)
|
||||||
|
|
||||||
letsencrypt.start()
|
acme.start()
|
||||||
acmeStandalone.start()
|
acmeStandalone.start()
|
||||||
|
|
||||||
letsencrypt.wait_for_unit("default.target")
|
acme.wait_for_unit("default.target")
|
||||||
letsencrypt.wait_for_unit("pebble.service")
|
acme.wait_for_unit("pebble.service")
|
||||||
|
|
||||||
with subtest("can request certificate with HTTPS-01 challenge"):
|
with subtest("can request certificate with HTTPS-01 challenge"):
|
||||||
acmeStandalone.wait_for_unit("default.target")
|
acmeStandalone.wait_for_unit("default.target")
|
||||||
acmeStandalone.succeed("systemctl start acme-standalone.com.service")
|
acmeStandalone.succeed("systemctl start acme-standalone.test.service")
|
||||||
acmeStandalone.wait_for_unit("acme-finished-standalone.com.target")
|
acmeStandalone.wait_for_unit("acme-finished-standalone.test.target")
|
||||||
|
|
||||||
client.wait_for_unit("default.target")
|
client.wait_for_unit("default.target")
|
||||||
|
|
||||||
client.succeed("curl https://acme-v02.api.letsencrypt.org:15000/roots/0 > /tmp/ca.crt")
|
client.succeed("curl https://acme.test:15000/roots/0 > /tmp/ca.crt")
|
||||||
client.succeed(
|
client.succeed("curl https://acme.test:15000/intermediate-keys/0 >> /tmp/ca.crt")
|
||||||
"curl https://acme-v02.api.letsencrypt.org:15000/intermediate-keys/0 >> /tmp/ca.crt"
|
|
||||||
)
|
|
||||||
|
|
||||||
with subtest("Can request certificate for nginx service"):
|
with subtest("Can request certificate for nginx service"):
|
||||||
webserver.wait_for_unit("acme-finished-a.example.com.target")
|
webserver.wait_for_unit("acme-finished-a.example.test.target")
|
||||||
client.succeed(
|
client.succeed(
|
||||||
"curl --cacert /tmp/ca.crt https://a.example.com/ | grep -qF 'hello world'"
|
"curl --cacert /tmp/ca.crt https://a.example.test/ | grep -qF 'hello world'"
|
||||||
)
|
)
|
||||||
|
|
||||||
with subtest("Can add another certificate for nginx service"):
|
with subtest("Can add another certificate for nginx service"):
|
||||||
webserver.succeed(
|
webserver.succeed(
|
||||||
"/run/current-system/specialisation/second-cert/bin/switch-to-configuration test"
|
"/run/current-system/specialisation/second-cert/bin/switch-to-configuration test"
|
||||||
)
|
)
|
||||||
webserver.wait_for_unit("acme-finished-b.example.com.target")
|
webserver.wait_for_unit("acme-finished-b.example.test.target")
|
||||||
client.succeed(
|
client.succeed(
|
||||||
"curl --cacert /tmp/ca.crt https://b.example.com/ | grep -qF 'hello world'"
|
"curl --cacert /tmp/ca.crt https://b.example.test/ | grep -qF 'hello world'"
|
||||||
)
|
)
|
||||||
|
|
||||||
with subtest("Can request wildcard certificates using DNS-01 challenge"):
|
with subtest("Can request wildcard certificates using DNS-01 challenge"):
|
||||||
@ -208,9 +203,9 @@ in import ./make-test-python.nix {
|
|||||||
webserver.succeed(
|
webserver.succeed(
|
||||||
"/run/current-system/specialisation/dns-01/bin/switch-to-configuration test"
|
"/run/current-system/specialisation/dns-01/bin/switch-to-configuration test"
|
||||||
)
|
)
|
||||||
webserver.wait_for_unit("acme-finished-example.com.target")
|
webserver.wait_for_unit("acme-finished-example.test.target")
|
||||||
client.succeed(
|
client.succeed(
|
||||||
"curl --cacert /tmp/ca.crt https://c.example.com/ | grep -qF 'hello world'"
|
"curl --cacert /tmp/ca.crt https://c.example.test/ | grep -qF 'hello world'"
|
||||||
)
|
)
|
||||||
'';
|
'';
|
||||||
}
|
}
|
||||||
|
|||||||
19
nixos/tests/common/acme/client/default.nix
Normal file
19
nixos/tests/common/acme/client/default.nix
Normal file
@ -0,0 +1,19 @@
|
|||||||
|
{ lib, nodes, pkgs, ... }:
|
||||||
|
|
||||||
|
let
|
||||||
|
acme-ca = nodes.acme.config.test-support.acme.caCert;
|
||||||
|
in
|
||||||
|
|
||||||
|
{
|
||||||
|
networking.nameservers = [
|
||||||
|
nodes.acme.config.networking.primaryIPAddress
|
||||||
|
];
|
||||||
|
|
||||||
|
security.acme = {
|
||||||
|
server = "https://acme.test/dir";
|
||||||
|
email = "hostmaster@example.test";
|
||||||
|
acceptTerms = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
security.pki.certificateFiles = [ acme-ca ];
|
||||||
|
}
|
||||||
@ -1,27 +1,27 @@
|
|||||||
# The certificate for the ACME service is exported as:
|
# The certificate for the ACME service is exported as:
|
||||||
#
|
#
|
||||||
# config.test-support.letsencrypt.caCert
|
# config.test-support.acme.caCert
|
||||||
#
|
#
|
||||||
# This value can be used inside the configuration of other test nodes to inject
|
# This value can be used inside the configuration of other test nodes to inject
|
||||||
# the snakeoil certificate into security.pki.certificateFiles or into package
|
# the snakeoil certificate into security.pki.certificateFiles or into package
|
||||||
# overlays.
|
# overlays.
|
||||||
#
|
#
|
||||||
# Another value that's needed if you don't use a custom resolver (see below for
|
# Another value that's needed if you don't use a custom resolver (see below for
|
||||||
# notes on that) is to add the letsencrypt node as a nameserver to every node
|
# notes on that) is to add the acme node as a nameserver to every node
|
||||||
# that needs to acquire certificates using ACME, because otherwise the API host
|
# that needs to acquire certificates using ACME, because otherwise the API host
|
||||||
# for letsencrypt.org can't be resolved.
|
# for acme.test can't be resolved.
|
||||||
#
|
#
|
||||||
# A configuration example of a full node setup using this would be this:
|
# A configuration example of a full node setup using this would be this:
|
||||||
#
|
#
|
||||||
# {
|
# {
|
||||||
# letsencrypt = import ./common/letsencrypt;
|
# acme = import ./common/acme/server;
|
||||||
#
|
#
|
||||||
# example = { nodes, ... }: {
|
# example = { nodes, ... }: {
|
||||||
# networking.nameservers = [
|
# networking.nameservers = [
|
||||||
# nodes.letsencrypt.config.networking.primaryIPAddress
|
# nodes.acme.config.networking.primaryIPAddress
|
||||||
# ];
|
# ];
|
||||||
# security.pki.certificateFiles = [
|
# security.pki.certificateFiles = [
|
||||||
# nodes.letsencrypt.config.test-support.letsencrypt.caCert
|
# nodes.acme.config.test-support.acme.caCert
|
||||||
# ];
|
# ];
|
||||||
# };
|
# };
|
||||||
# }
|
# }
|
||||||
@ -33,8 +33,8 @@
|
|||||||
# override networking.nameservers like this:
|
# override networking.nameservers like this:
|
||||||
#
|
#
|
||||||
# {
|
# {
|
||||||
# letsencrypt = { nodes, ... }: {
|
# acme = { nodes, ... }: {
|
||||||
# imports = [ ./common/letsencrypt ];
|
# imports = [ ./common/acme/server ];
|
||||||
# networking.nameservers = [
|
# networking.nameservers = [
|
||||||
# nodes.myresolver.config.networking.primaryIPAddress
|
# nodes.myresolver.config.networking.primaryIPAddress
|
||||||
# ];
|
# ];
|
||||||
@ -55,16 +55,16 @@
|
|||||||
let
|
let
|
||||||
snakeOilCerts = import ./snakeoil-certs.nix;
|
snakeOilCerts = import ./snakeoil-certs.nix;
|
||||||
|
|
||||||
wfeDomain = "acme-v02.api.letsencrypt.org";
|
wfeDomain = "acme.test";
|
||||||
wfeCertFile = snakeOilCerts.${wfeDomain}.cert;
|
wfeCertFile = snakeOilCerts.${wfeDomain}.cert;
|
||||||
wfeKeyFile = snakeOilCerts.${wfeDomain}.key;
|
wfeKeyFile = snakeOilCerts.${wfeDomain}.key;
|
||||||
|
|
||||||
siteDomain = "letsencrypt.org";
|
siteDomain = "acme.test";
|
||||||
siteCertFile = snakeOilCerts.${siteDomain}.cert;
|
siteCertFile = snakeOilCerts.${siteDomain}.cert;
|
||||||
siteKeyFile = snakeOilCerts.${siteDomain}.key;
|
siteKeyFile = snakeOilCerts.${siteDomain}.key;
|
||||||
pebble = pkgs.pebble;
|
pebble = pkgs.pebble;
|
||||||
resolver = let
|
resolver = let
|
||||||
message = "You need to define a resolver for the letsencrypt test module.";
|
message = "You need to define a resolver for the acme test module.";
|
||||||
firstNS = lib.head config.networking.nameservers;
|
firstNS = lib.head config.networking.nameservers;
|
||||||
in if config.networking.nameservers == [] then throw message else firstNS;
|
in if config.networking.nameservers == [] then throw message else firstNS;
|
||||||
|
|
||||||
@ -82,9 +82,9 @@ let
|
|||||||
pebbleDataDir = "/root/pebble";
|
pebbleDataDir = "/root/pebble";
|
||||||
|
|
||||||
in {
|
in {
|
||||||
imports = [ ../resolver.nix ];
|
imports = [ ../../resolver.nix ];
|
||||||
|
|
||||||
options.test-support.letsencrypt.caCert = lib.mkOption {
|
options.test-support.acme.caCert = lib.mkOption {
|
||||||
type = lib.types.path;
|
type = lib.types.path;
|
||||||
description = ''
|
description = ''
|
||||||
A certificate file to use with the <literal>nodes</literal> attribute to
|
A certificate file to use with the <literal>nodes</literal> attribute to
|
||||||
@ -98,7 +98,7 @@ in {
|
|||||||
resolver.enable = let
|
resolver.enable = let
|
||||||
isLocalResolver = config.networking.nameservers == [ "127.0.0.1" ];
|
isLocalResolver = config.networking.nameservers == [ "127.0.0.1" ];
|
||||||
in lib.mkOverride 900 isLocalResolver;
|
in lib.mkOverride 900 isLocalResolver;
|
||||||
letsencrypt.caCert = snakeOilCerts.ca.cert;
|
acme.caCert = snakeOilCerts.ca.cert;
|
||||||
};
|
};
|
||||||
|
|
||||||
# This has priority 140, because modules/testing/test-instrumentation.nix
|
# This has priority 140, because modules/testing/test-instrumentation.nix
|
||||||
@ -1,10 +1,9 @@
|
|||||||
{ pkgs ? import <nixpkgs> {}
|
{ pkgs ? import <nixpkgs> {}
|
||||||
, lib ? pkgs.lib
|
, lib ? pkgs.lib
|
||||||
|
, domains ? [ "acme.test" ]
|
||||||
, domains ? [ "acme-v02.api.letsencrypt.org" "letsencrypt.org" ]
|
|
||||||
}:
|
}:
|
||||||
|
|
||||||
pkgs.runCommand "letsencrypt-snakeoil-ca" {
|
pkgs.runCommand "acme-snakeoil-ca" {
|
||||||
nativeBuildInputs = [ pkgs.openssl ];
|
nativeBuildInputs = [ pkgs.openssl ];
|
||||||
} ''
|
} ''
|
||||||
addpem() {
|
addpem() {
|
||||||
171
nixos/tests/common/acme/server/snakeoil-certs.nix
Normal file
171
nixos/tests/common/acme/server/snakeoil-certs.nix
Normal file
@ -0,0 +1,171 @@
|
|||||||
|
# Generated via mkcert.sh in the same directory.
|
||||||
|
{
|
||||||
|
ca.key = builtins.toFile "ca.key" ''
|
||||||
|
-----BEGIN PRIVATE KEY-----
|
||||||
|
MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQDCnVZGEn68ezXl
|
||||||
|
DWE5gjsCPqutR4nxw/wvIbAxB2Vk2WeQ6HGvt2Jdrz5qer2IXd76YtpQeqd+ffet
|
||||||
|
aLtMeFTr+Xy9yqEpx2AfvmEEcLnuiWbsUGZzsHwW7/4kPgAFBy9TwJn/k892lR6u
|
||||||
|
QYa0QS39CX85kLMZ/LZXUyClIBa+IxT1OovmGqMOr4nGASRQP6d/nnyn41Knat/d
|
||||||
|
tpyaa5zgfYwA6YW6UxcywvBSpMOXM0/82BFZGyALt3nQ+ffmrtKcvMjsNLBFaslV
|
||||||
|
+zYO1PMbLbTCW8SmJTjhzuapXtBHruvoe24133XWlvcP1ylaTx0alwiQWJr1XEOU
|
||||||
|
WLEFTgOTeRyiVDxDunpz+7oGcwzcdOG8nCgd6w0aYaECz1zvS3FYTQz+MiqmEkx6
|
||||||
|
s4bj1U90I0kwUJbeWjjrGO7Y9Qq4i19GafDg7cAMn9eHCiNbNrPj6t/gfaVbCrbk
|
||||||
|
m3ZVjkvLTQ2mb2lv7+tVii45227iNPuNS6lx2FVlr/DXiRrOVfghPvoOxUfXzogJ
|
||||||
|
hZLV4Zki+ycbGQa5w8YMDYCv4c08dKA7AatVhNS60c1zgQNjuWF3BvocSySyGUon
|
||||||
|
VT6h1DYlJ9YAqgqNpedgNR9kpp034SMhB7dj9leB6LRMA+c1fG/T+1lDbkA+vope
|
||||||
|
pt4+30oDcCTYfEifl1HwqNw/bXDm1wIDAQABAoICABPbd/UYaAQVUk93yQbUKe81
|
||||||
|
s9CvbvzTMYUhm9e02Hyszitz/D2gqZHDksvMkFA8u8aylXIGwdZfRglUmV/ZG1kk
|
||||||
|
kLzQ0xbvN/ilNUL9uYsETBMqtPly9YZloHnUNa5NqF+UVGJGk7GWz5WaLANybx3V
|
||||||
|
fTzDbfLl3TkVy0vt9UQbUkUfXyzwZNjXwmgIr8rcY9vasP90a3eXqRX3Tw1Wk6A4
|
||||||
|
TzO8oB994O0WBO150Fc6Lhwvc72yzddENlLDXq8UAXtqq9mmGqJKnhZ+1mo3AkMw
|
||||||
|
q7P1JyCIxcAMm26GtRvLVljXV0x5640kxDrCin6jeeW/qWkJEW6dpmuZjR5scmLI
|
||||||
|
/9n8H+fGzdZH8bOPPotMy12doj3vJqvew3p0eIkmVctYMJKD0j/CWjvKJNE3Yx4O
|
||||||
|
Ls47X/dEypX6anR1HQUXcpd6JfRWdIJANo2Duaz+HYbyA88bHcJL9shFYcjLs3sX
|
||||||
|
R/TvnnKHvw/ud7XBgvLGwGAf/cDEuLI2tv+V7tkMGrMUv+gUJNZaJaCpdt+1iUwO
|
||||||
|
QFq8APyBNn6FFw54TwXWfSjfSNh3geIMLHuErYVu9MIXvB7Yhh+ZvLcfLbmckhAX
|
||||||
|
wb39RRHnCWvnw5Bm9hnsDhqfDsIoP+2wvUkViyHOmrKi8nSJhSk19C8AuQtSVcJg
|
||||||
|
5op+epEmjt70GHt52nuBAoIBAQD2a4Ftp4QxWE2d6oAFI6WPrX7nAwI5/ezCbO/h
|
||||||
|
yoYAn6ucTVnn5/5ITJ8V4WTWZ4lkoZP3YSJiCyBhs8fN63J+RaJ/bFRblHDns1HA
|
||||||
|
2nlMVdNLg6uOfjgUJ8Y6xVM0J2dcFtwIFyK5pfZ7loxMZfvuovg74vDOi2vnO3dO
|
||||||
|
16DP3zUx6B/yIt57CYn8NWTq+MO2bzKUnczUQRx0yEzPOfOmVbcqGP8f7WEdDWXm
|
||||||
|
7scjjN53OPyKzLOVEhOMsUhIMBMO25I9ZpcVkyj3/nj+fFLf/XjOTM00M/S/KnOj
|
||||||
|
RwaWffx6mSYS66qNc5JSsojhIiYyiGVEWIznBpNWDU35y/uXAoIBAQDKLj0dyig2
|
||||||
|
kj1r3HvdgK4sRULqBQFMqE9ylxDmpJxAj6/A8hJ0RCBR57vnIIZMzK4+6K0l3VBJ
|
||||||
|
ukzXJHJLPkZ0Uuo2zLuRLkyjBECH6KYznyTkUVRn50Oq6IoP6WTCfd3Eg+7AKYY1
|
||||||
|
VFo2iR8sxeSQQ+AylFy6QcQ1xPIW30Jj1/LFjrRdRggapPEekpJec0pEqhasT8rR
|
||||||
|
UFhRL2NdZnL5b7ZlsJc7gZKEJgNfxgzaCzloqLcjCgGpOhLKx0fFsNOqHcbIGMwG
|
||||||
|
6wQCOyNghQJ6AZtRD5TYCJow92FchWjoTIaMJ8RjMKQmxpiwM6wQG4J78Hd3mbhf
|
||||||
|
q0hiQhPHaNbBAoIBAFeIeMFq8BpXM7sUwcURlI4lIx8Mgo33FVM7PzsFpfQyw9MR
|
||||||
|
5w3p6vnjvd8X4aoHvVZxzw3hA0WwjiAmrKMJL/KK6d45rP2bDUBBAplvAgeLtTLt
|
||||||
|
4tMLIwCF4HSgA55TIPQlaqO1FDC+M4BTSiMZVxS970/WnZPBEuNgzFDFZ+pvb4X6
|
||||||
|
3t40ZLNwAAQHM4IEPAFiHqWMKGZ9eo5BWIeEHnjHmfjqSDYfLJAVYk1WJIcMUzom
|
||||||
|
lA76CBC8CxW/I94AtcRhWuFUv/Z5/+OYEYLUxtuqPm+J+JrCmf4OJmWppT1wI2+p
|
||||||
|
V00BSeRVWXTm1piieM8ahF5y1hp6y3uV3k0NmKECggEBAMC42Ms3s6NpPSE+99eJ
|
||||||
|
3P0YPJOkl7uByNGbTKH+kW89SDRsy8iGVCSe9892gm5cwU/4LWyljO3qp2qBNG2i
|
||||||
|
/DfP/bCk8bqPXsAZwoWK8DrO3bTCDepJWYhlx40pVkHLBwVXGdOVAXh+YswPY2cj
|
||||||
|
cB9QhDrSj52AKU9z36yLvtY7uBA3Wph6tCjpx2n0H4/m6AmR9LDmEpf5tWYV/OrA
|
||||||
|
SKKaqUw/y7kOZyKOtbKqr/98qYmpIYFF/ZVZZSZkVXcNeoZzgdOlR37ksVqLEsrj
|
||||||
|
nxu7wli/uItBj/FTLjyqcvjUUYDyO1KtwBuyPUPgzYhBIN2Rt9+K6WRQelwnToFL
|
||||||
|
30ECggEBALzozykZj2sr3z8tQQRZuXLGotUFGsQCB8ikeqoeB8FbNNkC+qgflQGv
|
||||||
|
zLRB2KWOvnboc94wVgBJH43xG0HBibZnBhUO8/HBI/WlmyEj9KQ/ZskUK4GVZkB6
|
||||||
|
r/81ASLwH+P/rqrLEjcp1SIPPevjzCWD9VYR5m/qPHLNxStwGSrPjtPzgaFxhq84
|
||||||
|
Jl+YVmNqVlrOKYYfIPh8exPLiTti3wfM61pVYFv56PI2gd5ysMWYnuN+vK0sbmZh
|
||||||
|
cIWwykcKlODIngI7IzYqt8NuIJI0jrYyHgtUw4jaJzdF4mEOplGONxdz15jAGHtg
|
||||||
|
JUsBXFNz132nP4iIr3UKrPedQZijSi4=
|
||||||
|
-----END PRIVATE KEY-----
|
||||||
|
'';
|
||||||
|
ca.cert = builtins.toFile "ca.cert" ''
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIFDzCCAvegAwIBAgIUTRDYSWJvmlhwIR3pzVrIQfnboLEwDQYJKoZIhvcNAQEL
|
||||||
|
BQAwFjEUMBIGA1UEAwwLU25ha2VvaWwgQ0EwIBcNMjAwMzIyMjI1NjE3WhgPMjEy
|
||||||
|
MDAyMjcyMjU2MTdaMBYxFDASBgNVBAMMC1NuYWtlb2lsIENBMIICIjANBgkqhkiG
|
||||||
|
9w0BAQEFAAOCAg8AMIICCgKCAgEAwp1WRhJ+vHs15Q1hOYI7Aj6rrUeJ8cP8LyGw
|
||||||
|
MQdlZNlnkOhxr7diXa8+anq9iF3e+mLaUHqnfn33rWi7THhU6/l8vcqhKcdgH75h
|
||||||
|
BHC57olm7FBmc7B8Fu/+JD4ABQcvU8CZ/5PPdpUerkGGtEEt/Ql/OZCzGfy2V1Mg
|
||||||
|
pSAWviMU9TqL5hqjDq+JxgEkUD+nf558p+NSp2rf3bacmmuc4H2MAOmFulMXMsLw
|
||||||
|
UqTDlzNP/NgRWRsgC7d50Pn35q7SnLzI7DSwRWrJVfs2DtTzGy20wlvEpiU44c7m
|
||||||
|
qV7QR67r6HtuNd911pb3D9cpWk8dGpcIkFia9VxDlFixBU4Dk3kcolQ8Q7p6c/u6
|
||||||
|
BnMM3HThvJwoHesNGmGhAs9c70txWE0M/jIqphJMerOG49VPdCNJMFCW3lo46xju
|
||||||
|
2PUKuItfRmnw4O3ADJ/XhwojWzaz4+rf4H2lWwq25Jt2VY5Ly00Npm9pb+/rVYou
|
||||||
|
Odtu4jT7jUupcdhVZa/w14kazlX4IT76DsVH186ICYWS1eGZIvsnGxkGucPGDA2A
|
||||||
|
r+HNPHSgOwGrVYTUutHNc4EDY7lhdwb6HEskshlKJ1U+odQ2JSfWAKoKjaXnYDUf
|
||||||
|
ZKadN+EjIQe3Y/ZXgei0TAPnNXxv0/tZQ25APr6KXqbePt9KA3Ak2HxIn5dR8Kjc
|
||||||
|
P21w5tcCAwEAAaNTMFEwHQYDVR0OBBYEFCIoeYSYjtMiPrmxfHmcrsZkyTpvMB8G
|
||||||
|
A1UdIwQYMBaAFCIoeYSYjtMiPrmxfHmcrsZkyTpvMA8GA1UdEwEB/wQFMAMBAf8w
|
||||||
|
DQYJKoZIhvcNAQELBQADggIBAHPdwOgAxyhIhbqFObNftW8K3sptorB/Fj6jwYCm
|
||||||
|
mHleFueqQnjTHMWsflOjREvQp1M307FWooGj+KQkjwvAyDc/Hmy7WgJxBg9p3vc+
|
||||||
|
/Xf/e7ZfBl8rv7vH8VXW/BC1vVsILdFncrgTrP8/4psV50/cl1F4+nPBiekvvxwZ
|
||||||
|
k+R7SgeSvcWT7YlOG8tm1M3al4F4mWzSRkYjkrXmwRCKAiya9xcGSt0Bob+LoM/O
|
||||||
|
mpDGV/PMC1WAoDc1mMuXN2hSc0n68xMcuFs+dj/nQYn8uL5pzOxpX9560ynKyLDv
|
||||||
|
yOzQlM2VuZ7H2hSIeYOFgrtHJJwhDtzjmUNDQpQdp9Fx+LONQTS1VLCTXND2i/3F
|
||||||
|
10X6PkdnLEn09RiPt5qy20pQkICxoEydmlwpFs32musYfJPdBPkZqZWrwINBv2Wb
|
||||||
|
HfOmEB4xUvXufZ5Ju5icgggBkyNA3PCLo0GZFRrMtvA7i9IXOcXNR+njhKa9246V
|
||||||
|
QQfeWiz05RmIvgShJYVsnZWtael8ni366d+UXypBYncohimyNlAD1n+Bh3z0PvBB
|
||||||
|
+FK4JgOSeouM4SuBHdwmlZ/H0mvfUG81Y8Jbrw0yuRHtuCtX5HpN5GKpZPHDE7aQ
|
||||||
|
fEShVB/GElC3n3DvgK9OJBeVVhYQgUEfJi4rsSxt3cdEI0NrdckUoZbApWVJ3CBc
|
||||||
|
F8Y7
|
||||||
|
-----END CERTIFICATE-----
|
||||||
|
'';
|
||||||
|
"acme.test".key = builtins.toFile "acme.test.key" ''
|
||||||
|
-----BEGIN RSA PRIVATE KEY-----
|
||||||
|
MIIJKAIBAAKCAgEAlgQTZjKfs3aHw0J993k7jFAs+hVRPf//zHMAiUkPKUYPTSl1
|
||||||
|
TxS/bPbhWzSoom00j4SLhGGGhbd+lnvTg0uvKbxskgATfw5clbm1ZN+gx4DuxwjL
|
||||||
|
V3xIxpeSY+PKzs5z8w/k+AJh+zOPyXwH3ut3C+ogp1S/5IhmzV3a/yU/6k0zpGxj
|
||||||
|
N6ZPRTXFrz93I1pPeCkJz90l7tj+2uFc9xtM20NQX52f0Y2oShcG8fKdNZVzuHHk
|
||||||
|
ZXkrZIhou55/nRy2jKgFeD3GQQfa9rwPWrVybQ6tKMMkoazB/Unky9xcTI2LJarf
|
||||||
|
xgHDO9v9yFBvmR4UM8B3kM82NHoENtHaZ2mmiMGZzTEQlf8xwYyHFrqBFIVRWEUr
|
||||||
|
7rr/O5Qr9gIN0T4u367HCexVYAKzbO2P9h75czzjMMoGkbXze9SMQ/ikrxEmwAHg
|
||||||
|
r1Xxh6iQYmgPNk8AR3d9+o2I7WJZMUYZARLnuhVr9BNXv510iqZTqX8lcyL5fEj3
|
||||||
|
ST4Ab+H7rfevZt6NU26iJLBYAjrA2mSvH+wvkboxrgSS8xYPkOW8NLNEbbodzofI
|
||||||
|
pB+SaK53OIk0bj9c1YAgrSNER/TDTgDXrWUNrlfVZ/M7+AEdeU06wi7sVhVif6OB
|
||||||
|
D3OpgKSNjeE6TuJH80Pi5MWugSFBr792Xb6uhVoPiVOFN+qiGB6UkwBgSKkCAwEA
|
||||||
|
AQKCAgAmN7OZfZwh5DiCDhZ5TXFWNba/n16rJOTN+R5R20L5iNetGLrCAs8hu2N+
|
||||||
|
ENRFTPzu8x14BEB5IF4niDRCZq2hPFeMemh9HfOIUV9c63vSV459NkhXaVpA/axV
|
||||||
|
tlqchQwVCB+U70Z28JPZCLgYmnQhnOvktTqNxhIqj5aTGbJGxpQ5d0Nvkfbv8tsB
|
||||||
|
4nE/mGpWel39jqFzT+Tdbjx414Ok+GkpcsacZDJTbbpfOSfD1uc8PgepskzTt8y2
|
||||||
|
v5JTPFVlUAjUsSgouQ+XfCGNQlx8XBjRIaXbal+hX4niRald91FTr0yC7UAHp+vn
|
||||||
|
dFZ586fB526OfbuZctxP+vZhEhFSseQKxHQ0tB8me81xH44daVNr9PPUM69FDT3j
|
||||||
|
ygJaUJjNEG3vVzePCDzhmxTmz2/rAClp77WTWziBWDoA6YWDDzhgNPrXWzLIbZIx
|
||||||
|
ue9ZbGEOh/u5ZzrEXxKCz9FjDe9wQu3TeYUe0M+ejzwWgn7zdWDvjjmtLUUuun2Y
|
||||||
|
wW7WANpu32qvB/V+qssw4O63tbRiwneRCnb8AF2ixgyWr6xyZwch4kacv1KMiixf
|
||||||
|
gO/5GTj7ba5GcdGoktJb29cUEgz13yPd106RsHK4vcggFxfMbOVauNRIo6ddLwyS
|
||||||
|
8UMxLf2i2cToOLkHZrIb8FgimmzRoBd3yYzwVJBydiVcsrHQAQKCAQEAxlzFYCiQ
|
||||||
|
hjEtblGnrkOC7Hx6HvqMelViOkGN8Y9VczG4GhwntmSE2nbpaAKhFBGdLfuSI3tJ
|
||||||
|
Lf24f0IGgAhzPmpo2TjbxPO3YSKFTH71fznVBhtQ1iSxwZ1InXktnuhot6VSDx6A
|
||||||
|
sbHSy1hMFy3nj+Zj5+fQ89tclzBzG9bCShaauO39KrPMwKi6CYoYdGhXBC3+OpHY
|
||||||
|
zBNvmDTxG2kW8L42rlf14EH4pAlgKs4eeZbpcbZ6fXURP2hToHJ8swyKw/1p12WA
|
||||||
|
cc19BKFJXL8nNP4uCf/fI0mVYpytz5KwUzG+z+umDqk+RRCH4mNB28xvEEuEyp/e
|
||||||
|
/C5Is+WrlDAA6QKCAQEAwZsK4AJ/w4Xf4Q/SsnZJO9bfP1ejJjzKElt8rG28JXeb
|
||||||
|
+FjykZZ6vw2gt2Boest2n9N4fBwaRkaHVtVS4iAmaDXozTlcvCLs2rVjPSguuQtW
|
||||||
|
80CKg6+dux+6gFN8IGzDCiX3pWUnhhiXvCcRYEcvgpH6GA5vuCNrXrjH0JFC0kef
|
||||||
|
aaDMGMTbzhc2IIRztmWU4v8YJSSy5KOkIQLWO+7u9aGx9IqT5/z3gx3XrItyl0Bk
|
||||||
|
aQmZEh7JOSyhmGhhf5LdeTLu2YgRw3/tzS+lPMX3+UPw99k9MdTOFn2pww5AdRmg
|
||||||
|
aBIzV+/LBYG0pPRl0D8/6yzGVBPuUDQpmK9Z3gsxwQKCAQEAnNkMZN2Ocd1+6+V7
|
||||||
|
LmtJog9HTSmWXMEZG7FsOJ661Yxx44txx2IyPsCaDNlPXxwSaiKrSo0Yr1oZQd8G
|
||||||
|
XsTPw4HGiETSWijQTulJ99PH8SLck6iTwdBgEhV5LrN75FQnQVdizHu1DUzrvkiC
|
||||||
|
Wi29FWb6howiCEDjNNVln5SwKn83NpVQgyyK8ag4+oQMlDdQ3wgzJ0Ld53hS3Eq4
|
||||||
|
f5EYR6JQgIki7YGcxrB3L0GujTxMONMuhfdEfRvUTGFawwVe0FyYDW7AIrx2Z2vV
|
||||||
|
I5YuvVNjOhrt6OwtSD1VnnWCITaLh8LwmlUu3NOWbudHUzKSe5MLXGEPo95BNKad
|
||||||
|
hl5yyQKCAQBNo0gMJtRnawMpdLfwewDJL1SdSR6S0ePS0r8/Qk4l1D5GrByyB183
|
||||||
|
yFY/0zhyra7nTt1NH9PlhJj3WFqBdZURSzUNP0iR5YuH9R9Twg5ihEqdB6/EOSOO
|
||||||
|
i521okTvl83q/ui9ecAMxUXr3NrZ+hHyUWmyRe/FLub6uCzg1a+vNauWpzXRZPgk
|
||||||
|
QCijh5oDdd7r3JIpKvtWNs01s7aHmDxZYjtDrmK7sDTtboUzm0QbpWXevUuV+aSF
|
||||||
|
+gDfZlRa3WFVHfisYSWGeYG6O7YOlfDoE7fJHGOu3QC8Ai6Wmtt8Wgd6VHokdHO8
|
||||||
|
xJPVZnCBvyt5up3Zz5hMr25S3VazdVfBAoIBAHVteqTGqWpKFxekGwR0RqE30wmN
|
||||||
|
iIEwFhgOZ8sQ+6ViZJZUR4Nn2fchn2jVwF8V8J1GrJbTknqzAwdXtO3FbgfmmyF2
|
||||||
|
9VbS/GgomXhA9vJkM4KK3Iwo/y/nE9hRhtzuVE0QPudz2fyfaDgnWjcNM59064tH
|
||||||
|
88361LVJm3ixyWSBD41UZ7NgWWJX1y2f073vErsfcPpavF5lhn1oSkQnOlgMJsnl
|
||||||
|
24qeuzAgTWu/2rFpIA2EK30Bgvsl3pjJxHwyNDAgklV7C783LIoAHi7VO7tzZ6iF
|
||||||
|
dmD5XLfcUZc3eaB7XehNQKBXDGLJeI5AFmjsHka5GUoitkU2PFrg/3+nJmg=
|
||||||
|
-----END RSA PRIVATE KEY-----
|
||||||
|
'';
|
||||||
|
"acme.test".cert = builtins.toFile "acme.test.cert" ''
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIEoTCCAokCAgKaMA0GCSqGSIb3DQEBCwUAMBYxFDASBgNVBAMMC1NuYWtlb2ls
|
||||||
|
IENBMCAXDTIwMDMyMjIyNTYxOFoYDzIxMjAwMjI3MjI1NjE4WjAUMRIwEAYDVQQD
|
||||||
|
DAlhY21lLnRlc3QwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCWBBNm
|
||||||
|
Mp+zdofDQn33eTuMUCz6FVE9///McwCJSQ8pRg9NKXVPFL9s9uFbNKiibTSPhIuE
|
||||||
|
YYaFt36We9ODS68pvGySABN/DlyVubVk36DHgO7HCMtXfEjGl5Jj48rOznPzD+T4
|
||||||
|
AmH7M4/JfAfe63cL6iCnVL/kiGbNXdr/JT/qTTOkbGM3pk9FNcWvP3cjWk94KQnP
|
||||||
|
3SXu2P7a4Vz3G0zbQ1BfnZ/RjahKFwbx8p01lXO4ceRleStkiGi7nn+dHLaMqAV4
|
||||||
|
PcZBB9r2vA9atXJtDq0owyShrMH9SeTL3FxMjYslqt/GAcM72/3IUG+ZHhQzwHeQ
|
||||||
|
zzY0egQ20dpnaaaIwZnNMRCV/zHBjIcWuoEUhVFYRSvuuv87lCv2Ag3RPi7frscJ
|
||||||
|
7FVgArNs7Y/2HvlzPOMwygaRtfN71IxD+KSvESbAAeCvVfGHqJBiaA82TwBHd336
|
||||||
|
jYjtYlkxRhkBEue6FWv0E1e/nXSKplOpfyVzIvl8SPdJPgBv4fut969m3o1TbqIk
|
||||||
|
sFgCOsDaZK8f7C+RujGuBJLzFg+Q5bw0s0Rtuh3Oh8ikH5Jornc4iTRuP1zVgCCt
|
||||||
|
I0RH9MNOANetZQ2uV9Vn8zv4AR15TTrCLuxWFWJ/o4EPc6mApI2N4TpO4kfzQ+Lk
|
||||||
|
xa6BIUGvv3Zdvq6FWg+JU4U36qIYHpSTAGBIqQIDAQABMA0GCSqGSIb3DQEBCwUA
|
||||||
|
A4ICAQBCDs0V4z00Ze6Ask3qDOLAPo4k85QCfItlRZmwl2XbPZq7kbe13MqF2wxx
|
||||||
|
yiLalm6veK+ehU9MYN104hJZnuce5iEcZurk+8A+Pwn1Ifz+oWKVbUtUP3uV8Sm3
|
||||||
|
chktJ2H1bebXtNJE5TwvdHiUkXU9ywQt2FkxiTSl6+eac7JKEQ8lVN/o6uYxF5ds
|
||||||
|
+oIZplb7bv2XxsRCzq55F2tJX7fIzqXrSa+lQTnfLGmDVMAQX4TRB/lx0Gqd1a9y
|
||||||
|
qGfFnZ7xVyW97f6PiL8MoxPfd2I2JzrzGyP/igNbFOW0ho1OwfxVmvZeS7fQSc5e
|
||||||
|
+qu+nwnFfl0S4cHRif3G3zmz8Ryx9LM5TYkH41qePIHxoEO2sV0DgWJvbSjysV2S
|
||||||
|
EU2a31dJ0aZ+z6YtZVpHlujKMVzxVTrqj74trS4LvU5h/9hv7e1gjYdox1TO0HMK
|
||||||
|
mtDfgBevB21Tvxpz67Ijf31HvfTmCerKJEOjGnbYmyYpMeMNSONRDcToWk8sUwvi
|
||||||
|
OWa5jlUFRAxgXNM09vCTPi9aRUhcFqACqfAd6I1NqGVlfplLWrc7SWaSa+PsLfBf
|
||||||
|
4EOZfk8iEKBVeYXNjg+CcD8j8yk/oEs816/jpihIk8haCDRWYWGKyyGnwn6OQb8d
|
||||||
|
MdRO2b7Oi/AAmEF3jMlICqv286GIYK5qTKk2/CKHlOLPnsWEuA==
|
||||||
|
-----END CERTIFICATE-----
|
||||||
|
'';
|
||||||
|
}
|
||||||
@ -1,12 +0,0 @@
|
|||||||
{ lib, nodes, pkgs, ... }: let
|
|
||||||
letsencrypt-ca = nodes.letsencrypt.config.test-support.letsencrypt.caCert;
|
|
||||||
in {
|
|
||||||
networking.nameservers = [
|
|
||||||
nodes.letsencrypt.config.networking.primaryIPAddress
|
|
||||||
];
|
|
||||||
|
|
||||||
security.acme.acceptTerms = true;
|
|
||||||
security.acme.email = "webmaster@example.com";
|
|
||||||
|
|
||||||
security.pki.certificateFiles = [ letsencrypt-ca ];
|
|
||||||
}
|
|
||||||
@ -1,254 +0,0 @@
|
|||||||
# Generated via mkcert.sh in the same directory.
|
|
||||||
{
|
|
||||||
ca.key = builtins.toFile "ca.key" ''
|
|
||||||
-----BEGIN PRIVATE KEY-----
|
|
||||||
MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDQ0b23I1srJZwR
|
|
||||||
2MMdvSJK5pcwLfrXU+4gEZEnWNyT8yeVweya+8vmNNOlvK3zxf+ZiY/7aQ0RZJMO
|
|
||||||
h2+VdlgHmr2QKhQTf1HwfZA/06FolD3/DcS+DMJMSTVr179/XLndeVVZUqU7tjvB
|
|
||||||
AWKSIS8H2hSF1UOPi9gBDR8MwCP6Qgj8WYhbkt9q47/lO96qAmm6U1F+Q7RYM9ZQ
|
|
||||||
IWI81N0Ms5wJocg7n6S19iV66ePh7APapZFYup61gFGWfahmA217ELIZd56n8yjO
|
|
||||||
F0epb9sC0XpYCDRrYKBWLqPiv+6wvdZtZvALItyIv08ZwXlBkFg3LbAAhPnf0Vxz
|
|
||||||
pYysQmyyyzkgy252n+Sie0kx+B4qm6fOkpfgYlPSVTb2dXx/be/SE08u0a9FO0fZ
|
|
||||||
pkByWEZJUUwngsJgLUa7MorQf3avxozfC25XqvzbieZfSXlA7mOUclZbC/WUFpyj
|
|
||||||
MlyJU2eCQ8wSwsPXl91oxcYlOkuVLgd41gr9pGXQSuKIkrgbfkftjg2tDC+7g7O8
|
|
||||||
qrdF42FjbZjIx/74AasmsGh4GTQtiSkvEnTstioC6aCV44DlJWbBIMvkyawubjUl
|
|
||||||
Ppij0H66Y9Q4tEc/ktc7oGQfqqluyLb43TeobTPHALsNeAYb39rMtBo5DDCUc81s
|
|
||||||
fuDMhMr/oYXKrFstUsg5AY6mJaRG0QIDAQABAoICAF5ZVfmoPOoKzTB3GvmV2iez
|
|
||||||
dj4rmDmwT1gn98iqasdiRtFwVGJWQHNcDQDGdmY9YNZThD2Y4nGoWpVm9jC2zuFo
|
|
||||||
thusF3QTw8cARKvCCBzDVhumce1YwHVNYpi+W2TFValOyBRathN7rBXxdUMHQUOv
|
|
||||||
8jPh/uudyNP4xL2zFs5dBchW/7g4bT/TdYGyglGYU4L/YEPHfXWYvk1oOAW6O8Ig
|
|
||||||
aPElKt5drEMW2yplATSzua4RvtEzSMBDIRn43pxxEgdXrNC67nF9+ULc2+Efi/oD
|
|
||||||
Ad9CncSiXO9zlVK/W655p6e4qd6uOqyCm8/MTegkuub7eplRe8D3zGjoNN4kCQ4S
|
|
||||||
rckVvIDDb6vZk7PKx9F7GWIqaG/YvFFFKO1MrAZg7SguFA6PtGOYAFocT03P6KXT
|
|
||||||
l2SnZQWKyxUAlh4tOBGlRFgGCx/krRIKbgNYn/qk/ezcRl8c7GpOPh+b7Icoq7u3
|
|
||||||
l4tIVBBHqS8uGgtyi+YwuJeht2MV1aEcSkykKLh2ipp8tb6spORJUkhjawDjvxeQ
|
|
||||||
GztN30Xh2riTXYZ0HExVTtJa8jyvFyp/97ptPIJXaVt2A2KIS3sBFHKnpY+/OrQg
|
|
||||||
uUauYgi13WFHsKOxZL9GYGk7Ujd8bw4CEcJFxKY7bhpGVI6Du7NRkUDWN0+0yusI
|
|
||||||
2szCJ7+ZqJkrc1+GrI/RAoIBAQDseAEggOLYZkpU2Pht15ZbxjM9ayT2ANq1+RTu
|
|
||||||
LjJx4gv2/o/XJCfMZCL0b9TJqtYeH+N6G9oDRJ99VIhUPedhWSYdj9Qj+rPd++TS
|
|
||||||
bp+MoSjmfUfxLTDrmFHL7ppquAE65aDy3B5c+OCb0I4X6CILUf0LynBzgl4kdrzN
|
|
||||||
U6BG3Mt0RiGPojlPV82B9ZUF/09YAz7BIz9X3KMhze1Gps5OeGuUnc9O2IAJYkrj
|
|
||||||
ur9H2YlNS4w+IjRLAXSXUqC8bqPZp6WTo1G/rlyAkIRXCGN90uk5JQvXoj9immFO
|
|
||||||
WaylbdcNG3YcGutreYeZL/UIWF6zCdc6pYG0cCBJS6S/RN7FAoIBAQDiERrLuUbV
|
|
||||||
3fx/a8uMeZop6hXtQpF7jlFxqUmza7QSvBuwks4QVJF+qMSiSvKDkCKqZD4qVf4N
|
|
||||||
TMxEj5vNR0PbnmDshyKJNGVjEauKJSb65CFDUcL1eR/A/oJvxiIdN1Z4cPrpnRux
|
|
||||||
/zIfPuYfYHpdz52buxxmlD7bfwYmVKVpnzjB9z0I1CasZ5uqB0Z8H0OLyUu8S4ju
|
|
||||||
RfkKBDMgVl2q96i8ZvX4C1b7XuimIUqv4WHq5+ejcYirgrYtUbBIaDU3/LORcJdy
|
|
||||||
/K76L1/up70RTDUYYm/HKaRy+vMTpUsZJ7Qbh0hrvQkUvNQ1HXjprW2AePIYi33N
|
|
||||||
h3mb1ulqw4idAoIBAQCsn0YjVjNDShkFK4bfmLv4rw2Ezoyi0SjYIsb2wN6uaBfX
|
|
||||||
7SlQIuKywH8L9f9eYMoCH8FNyLs0G4paUbVb2fzpAc1jUzXINiHL8TCvtXXfkV5s
|
|
||||||
NBSqqRTHR+CegMZVFZJATpVZ9PptYHmHBY5VQW5o2SdizhudFxRmhg95zIx6boBP
|
|
||||||
l0q0sfYoR66MKpzpTeG8HFJZZ8O7/iNQcCXAp9B/VEUkrrdBlaaSMyD8cb1lVBZ5
|
|
||||||
SKdOTGXkQ2G7feQ86n/OSiYDSvxIc56vc9BIQKVwmuEKiFLGzXh8ILrcGXaBJVgS
|
|
||||||
B3QHPFeTk5o7Z9j2iJxJEuv9sginkhrfpsrTnhEJAoIBACkrUkTtjd/e2F/gIqaH
|
|
||||||
crLVZX7a06G7rktTuA9LuvR6e1Rxt8Mzk3eMhprDqVyaQCXlsYiGNoj3hm+p84az
|
|
||||||
xsDVG/OXPIveFeSv0ByNXYbtSr12w1lu4ICGGP0ACTBm5oFymc83hFarEdas3r2y
|
|
||||||
FTbGW36D2c04jCXvARCz85fDnlN8kgnskMpu5+NUBdsO2n83fmphGyPBbHQNhb4K
|
|
||||||
3G4JQhplab/tWL7YbufqQi67jdh4uS+Duo75c/HW4ZKeH6r9gzomVf5j0/3N6NuO
|
|
||||||
gpkG1tiE/LQ5ejBSUTgvrvh6yYsF3QN53pB/PuoZXu63Xay62ePsa1GlrVjbD5EY
|
|
||||||
4OUCggEAJFr7F7AQLMJTAxHFLCsZZ0ZZ+tXYclBC4eHPkZ6sD5jvL3KIpW3Q7jXk
|
|
||||||
oIoD/XEX4B+Qe5M3jQJ/Y5ZJETHcgfcHZbDpCKN2WHQgldQbAJiFd4GY1OegdVsr
|
|
||||||
7TC8jh3Q2eYjzL8u4z7LSNI6aQSv1eWE7S1Q5j/sX/YYDR4W3CBMeIUpqoDWpn87
|
|
||||||
czbIRyA/4L0Y/HLpg/ZCbvtJZbsQwYXhyqfbjlm4BRQ6JiC5uEBKvuDRUXToBJta
|
|
||||||
JU8XMm+Ae5Ogrw7P6hg68dWpagfjb7UZ7Zxv+VDsbrU6KsDcyGCAwrrRZou/6KUG
|
|
||||||
Eq4OVTSu/s8gmY94tgbjeOaLUPEPmg==
|
|
||||||
-----END PRIVATE KEY-----
|
|
||||||
'';
|
|
||||||
ca.cert = builtins.toFile "ca.cert" ''
|
|
||||||
-----BEGIN CERTIFICATE-----
|
|
||||||
MIIFDzCCAvegAwIBAgIUU9rbCLTuvaI6gjSsFsJJjfLWIX8wDQYJKoZIhvcNAQEL
|
|
||||||
BQAwFjEUMBIGA1UEAwwLU25ha2VvaWwgQ0EwIBcNMTkxMDE4MDc1NDEyWhgPMjEx
|
|
||||||
OTA5MjQwNzU0MTJaMBYxFDASBgNVBAMMC1NuYWtlb2lsIENBMIICIjANBgkqhkiG
|
|
||||||
9w0BAQEFAAOCAg8AMIICCgKCAgEA0NG9tyNbKyWcEdjDHb0iSuaXMC3611PuIBGR
|
|
||||||
J1jck/MnlcHsmvvL5jTTpbyt88X/mYmP+2kNEWSTDodvlXZYB5q9kCoUE39R8H2Q
|
|
||||||
P9OhaJQ9/w3EvgzCTEk1a9e/f1y53XlVWVKlO7Y7wQFikiEvB9oUhdVDj4vYAQ0f
|
|
||||||
DMAj+kII/FmIW5LfauO/5TveqgJpulNRfkO0WDPWUCFiPNTdDLOcCaHIO5+ktfYl
|
|
||||||
eunj4ewD2qWRWLqetYBRln2oZgNtexCyGXeep/MozhdHqW/bAtF6WAg0a2CgVi6j
|
|
||||||
4r/usL3WbWbwCyLciL9PGcF5QZBYNy2wAIT539Fcc6WMrEJssss5IMtudp/kontJ
|
|
||||||
MfgeKpunzpKX4GJT0lU29nV8f23v0hNPLtGvRTtH2aZAclhGSVFMJ4LCYC1GuzKK
|
|
||||||
0H92r8aM3wtuV6r824nmX0l5QO5jlHJWWwv1lBacozJciVNngkPMEsLD15fdaMXG
|
|
||||||
JTpLlS4HeNYK/aRl0EriiJK4G35H7Y4NrQwvu4OzvKq3ReNhY22YyMf++AGrJrBo
|
|
||||||
eBk0LYkpLxJ07LYqAumgleOA5SVmwSDL5MmsLm41JT6Yo9B+umPUOLRHP5LXO6Bk
|
|
||||||
H6qpbsi2+N03qG0zxwC7DXgGG9/azLQaOQwwlHPNbH7gzITK/6GFyqxbLVLIOQGO
|
|
||||||
piWkRtECAwEAAaNTMFEwHQYDVR0OBBYEFAZcEiVphGxBT4OWXbM6lKu96dvbMB8G
|
|
||||||
A1UdIwQYMBaAFAZcEiVphGxBT4OWXbM6lKu96dvbMA8GA1UdEwEB/wQFMAMBAf8w
|
|
||||||
DQYJKoZIhvcNAQELBQADggIBAGJ5Jnxq1IQ++IRYxCE7r7BqzzF+HTx0EWKkSOmt
|
|
||||||
eSPqeOdhC26hJlclgGZXAF/Xosmn8vkSQMHhj/jr4HI0VF9IyvDUJm8AKsnOgu/7
|
|
||||||
DUey3lEUdOtJpTG9NyTOcrzxToMJ+hWlFLZKxx2dk4FLIvTLjmo1VHM97Bat7XYW
|
|
||||||
IrL9RRIZ25V+eCYtlR7XYjceGFQ0rCdp8SFIQwC6C/AH2tV3b1AJFsND9PcoLu7c
|
|
||||||
//fH+WUQCcD/N0grdC/QCX7AFWzd4rKQ8gjfND4TSYFTSDwW10Mud4kAVhY2P1sY
|
|
||||||
Y3ZpnxWrCHbIZMbszlbMyD+cjsCBnNvOtYGm7pDut/371rllVcB/uOWYWMCtKPoj
|
|
||||||
0elPrwNMrK+P+wceNBCRQO+9gwzB589F2morFTtsob/qtpAygW8Sfl8M+iLWXeYS
|
|
||||||
c3LBLnj0TpgXKRWg7wgIWKSZx9v6pgy70U0qvkjNS1XseUCPf7hfAbxT3xF+37Dw
|
|
||||||
zZRwF4WAWqdnJoOey21mgc+a2DQzqtykA6KfHgCqNFfDbQXPXvNy25DDThbk+paX
|
|
||||||
G2M2EWtr+Nv9s/zm7Xv/pOXlgMFavaj+ikqZ4wfJf6c/sMOdZJtMA4TsYtAJgbc8
|
|
||||||
ts+0eymTq4v5S8/fW51Lbjw6hc1Kcm8k7NbHSi9sEjBfxFLTZNQ5eb4NGr9Od3sU
|
|
||||||
kgwJ
|
|
||||||
-----END CERTIFICATE-----
|
|
||||||
'';
|
|
||||||
"acme-v02.api.letsencrypt.org".key = builtins.toFile "acme-v02.api.letsencrypt.org.key" ''
|
|
||||||
-----BEGIN RSA PRIVATE KEY-----
|
|
||||||
MIIJKQIBAAKCAgEApny0WhfDwEXe6WDTCw8qBuMAPDr88pj6kbhQWfzAW2c0TggJ
|
|
||||||
Etjs9dktENeTpSl14nnLVMiSYIJPYY3KbOIFQH1qDaOuQ7NaOhj9CdMTm5r9bl+C
|
|
||||||
YAyqLIMQ9AAZDhUcQjOy3moiL7ClFHlkFYuEzZBO9DF7hJpfUFIs0Idg50mNoZh/
|
|
||||||
K/fb4P2skNjfCjjomTRUmZHxT6G00ImSTtSaYbN/WHut1xXwJvOoT1nlEA/PghKm
|
|
||||||
JJ9ZuRMSddUJmjL+sT09L8LVkK8CKeHi4r58DHM0D0u8owIFV9qsXd5UvZHaNgvQ
|
|
||||||
4OAWGukMX+TxRuqkUZkaj84vnNL+ttEMl4jedw0ImzNtCOYehDyTPRkfng5PLWMS
|
|
||||||
vWbwyP8jDd2578mSbx5BF7ypYX366+vknjIFyZ5WezcC1pscIHxLoEwuhuf+knN+
|
|
||||||
kFkLOHeYbqQrU6mxSnu9q0hnNvGUkTP0a/1aLOGRfQ5C/pxpE/Rebi8qfM/OJFd4
|
|
||||||
mSxGL93JUTXWAItiIeBnQpIne65/Ska9dWynOEfIb0okdet3kfmNHz3zc17dZ5g4
|
|
||||||
AdOSCgHAlQgFt/Qd8W6xXUe4C5Mfv2ctxRrfQhDwtB6rMByPwzImnciC2h3vCwD3
|
|
||||||
vS/vjUyWICyhZyi2LZDUQz+sCKBXCYYcYh8ThFO40j5x1OnYMq7XQvyl8QkCAwEA
|
|
||||||
AQKCAgBSAfdssWwRF9m3p6QNPIj9H3AMOxpB/azffqTFzsSJwYp4LWkayZPfffy+
|
|
||||||
4RGvN38D8e6ActP3ifjEGu3tOGBR5fUJhujeHEiDea+a2Ug9S9kuNwmnelWQ23bM
|
|
||||||
Wgf9cdSbn4+qEymHyEFolmsAWdsuzri1fHJVXR06GWBNz4GiLA8B3HY4GD1M1Gfe
|
|
||||||
aZVkGagpXyeVBdiR2xuP5VQWVI8/NQWzdiipW/sRlNABVkyI3uDeN4VzYLL3gTeE
|
|
||||||
p021kQz4DSxIjHZacHpmWwhBnIbKMy0fo7TlrqcnIWXqTwv63Q9Zs/RN8NOyqb0Y
|
|
||||||
t1NKFWafcwUsdOnrG9uv/cVwF1FNE8puydaOi8rL1zAeK89JH8NRQ02wohR9w8qy
|
|
||||||
b2tB6DyGMtuqBt8Il6GA16ZoEuaXeayvlsvDEmG1cS9ZwBvfgrVPAmlm2AYdIf5B
|
|
||||||
RHIJu4BJC6Nn2ehVLqxx1QDhog3SOnAsCmcfg5g/fCwxcVMLIhODFoiKYGeMitDG
|
|
||||||
Q4e5JKcOg+RR8PT/n4eY4rUDBGtsR+Nw8S2DWgXmSufyfDtKCjZB4IuLWPS29tNh
|
|
||||||
zF6iYfoiTWzrSs/yqPSKIFpv+PWZwkKSvjdxia6lSBYYEON4W2QICEtiEs+SvcG4
|
|
||||||
0eIqWM+rRmPnJyMfGqX6GCs3rHDQB2VNJPBCYPQalJ/KwZumAQKCAQEA0ezM6qPJ
|
|
||||||
1JM/fddgeQ50h0T9TRXVUTCISxXza+l4NuFt1NdqUOdHsGtbL1JR4GaQUG8qD1/P
|
|
||||||
R39YgnQEQimxpmYLCZkobkwPxTZm9oiMXpcJrlN4PB5evaWShRSv3mgigpt3Wzml
|
|
||||||
Td+2R9RoA/hvF/wEyIvaWznYOyugBC7GXs20dNnZDULhUapeQu7r6JvgmxBOby7S
|
|
||||||
0FbhGplBiSDETzZURqzH/GMJKaJtNgyyVf3Hbg4mZAQDWoBRr+8HxsNbDkxP6e91
|
|
||||||
QrPHy2VZFiaTmJfoxRhyMTn7/JZaLJaUHDOniOsdMj/V7vMCgpfBqh5vR8bKzuPy
|
|
||||||
ZINggpcFPp1IYQKCAQEAywc7AQoktMBCru/3vzBqUveXbR3RKzNyZCTH5CMm3UNH
|
|
||||||
zmblFgqF2nxzNil21GqAXzSwZk5FyHbkeD3yvEZm+bXzsZTDNokAwoiTgyrr2tf8
|
|
||||||
GLMlCHHl5euIh1xHuyg/oKajVGOoXUXK8piqiDpQKd3Zwc6u2oyQlh+gYTPKh+7i
|
|
||||||
ilipkYawoE6teb6JUGpvU+d27INgNhB2oDEXY3pG2PbV+wv229ykSZxh1sJUdDwT
|
|
||||||
a8eTg+3pCGXtOZiJoQTFwKUlD2WYTGqS4Gx6dIJco5k+ZikGNST1JGE64Jl4MZdI
|
|
||||||
rtyvpcYblh5Q14sJGvp4kWYS9tjEM8pA+4Z9th3JqQKCAQEAkidH0+UM1A9gmQCm
|
|
||||||
jiHeR39ky5Jz3f7oJT63J15479yrVxBTWNhtNQrJhXzOvGkr+JQsuF+ANMsYmFql
|
|
||||||
zFqy8KMC9D/JwmD6adeif+o5sHF/r/s1LsYGOAtao4TvnOzrefs7ciwERt+GTSQ4
|
|
||||||
9uq0jgJMYkPcVr9DKI8K7V6ThdW52dECKRVzQiRXVEp7vIsqKUuFECuNYrfaKWai
|
|
||||||
FhLWGkA9FKee5L0e1/naB1N3ph72Bk2btO6GVzAXr2HADEZe0umWiczJ2xLH+3go
|
|
||||||
Oh/JiufYi8ClYFh6dDVJutlrbOcZsV3gCegfzikqijmWABcIavSgpsJVNF2zh7gV
|
|
||||||
Uq62gQKCAQAdO2FHeQpn6/at8WceY/4rC/MFhvGC4tlpidIuCtGhsfo4wZ/iWImF
|
|
||||||
N73u4nF1jBAHpTJwyHxLrLKgjWrRqOFSutvniZ/BzmAJolh63kcvL0Hg3IpMePm8
|
|
||||||
7PivZJ3/WIAwxU1m7SJkq5PY8ho7mwnHvWWI/hU26l42/z68QBS9FawQd0uS5G2x
|
|
||||||
5yIbEU/8ABcfYYhB7XiA0EYEMo1HiWeB/ag5iTN13ILbBmUf4sL+KVgygH3A1RRk
|
|
||||||
XSiWzluij2lZn22ClgIjnoSfQ38uH0bvVzUgyG9YX4XcQxOTGwWvPjT82FGB8NAw
|
|
||||||
ARVqs14QQFfzt1qrp/I38rsAfBDFk+xhAoIBAQCEKNk/oJcy9t/jMIbLcn6z3aCc
|
|
||||||
Fn8GBPSXtFj0t6weN5lHof+cggw4owMFWQQyAXxo/K6NnKNydMPZ5qjtLsHNpbpQ
|
|
||||||
aT1Or0/1YR1bJ8Lo82B4QM++7F761GWQPvE/tyrfPkfkWl92ITIpmnlw4wycRlkq
|
|
||||||
9anI2fnj1nIZwixzE2peb6PcsZU2HOs9uZ5RRd9wia696I7IpNibs4O4J2WTm4va
|
|
||||||
+NeYif3V2g9qwgT0Va0c9/Jlg3b58R0vA8j/VCU5I0TyXpkB3Xapx+pvEdZ3viUL
|
|
||||||
mXZaVotmWjgBXGDtd2VQg2ZiAMXHn3RzXSgV4Z+A/XacRs75h9bNw0ZJYrz1
|
|
||||||
-----END RSA PRIVATE KEY-----
|
|
||||||
'';
|
|
||||||
"acme-v02.api.letsencrypt.org".cert = builtins.toFile "acme-v02.api.letsencrypt.org.cert" ''
|
|
||||||
-----BEGIN CERTIFICATE-----
|
|
||||||
MIIEtDCCApwCAgKaMA0GCSqGSIb3DQEBCwUAMBYxFDASBgNVBAMMC1NuYWtlb2ls
|
|
||||||
IENBMCAXDTE5MTAxODA3NTQxM1oYDzIxMTkwOTI0MDc1NDEzWjAnMSUwIwYDVQQD
|
|
||||||
DBxhY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnMIICIjANBgkqhkiG9w0BAQEF
|
|
||||||
AAOCAg8AMIICCgKCAgEApny0WhfDwEXe6WDTCw8qBuMAPDr88pj6kbhQWfzAW2c0
|
|
||||||
TggJEtjs9dktENeTpSl14nnLVMiSYIJPYY3KbOIFQH1qDaOuQ7NaOhj9CdMTm5r9
|
|
||||||
bl+CYAyqLIMQ9AAZDhUcQjOy3moiL7ClFHlkFYuEzZBO9DF7hJpfUFIs0Idg50mN
|
|
||||||
oZh/K/fb4P2skNjfCjjomTRUmZHxT6G00ImSTtSaYbN/WHut1xXwJvOoT1nlEA/P
|
|
||||||
ghKmJJ9ZuRMSddUJmjL+sT09L8LVkK8CKeHi4r58DHM0D0u8owIFV9qsXd5UvZHa
|
|
||||||
NgvQ4OAWGukMX+TxRuqkUZkaj84vnNL+ttEMl4jedw0ImzNtCOYehDyTPRkfng5P
|
|
||||||
LWMSvWbwyP8jDd2578mSbx5BF7ypYX366+vknjIFyZ5WezcC1pscIHxLoEwuhuf+
|
|
||||||
knN+kFkLOHeYbqQrU6mxSnu9q0hnNvGUkTP0a/1aLOGRfQ5C/pxpE/Rebi8qfM/O
|
|
||||||
JFd4mSxGL93JUTXWAItiIeBnQpIne65/Ska9dWynOEfIb0okdet3kfmNHz3zc17d
|
|
||||||
Z5g4AdOSCgHAlQgFt/Qd8W6xXUe4C5Mfv2ctxRrfQhDwtB6rMByPwzImnciC2h3v
|
|
||||||
CwD3vS/vjUyWICyhZyi2LZDUQz+sCKBXCYYcYh8ThFO40j5x1OnYMq7XQvyl8QkC
|
|
||||||
AwEAATANBgkqhkiG9w0BAQsFAAOCAgEAkx0GLPuCvKSLTHxVLh5tP4jxSGG/zN37
|
|
||||||
PeZLu3QJTdRdRc8bgeOGXAVEVFbqOLTNTsuY1mvpiv2V6wxR6nns+PIHeLY/UOdc
|
|
||||||
mOreKPtMU2dWPp3ybec2Jwii6PhAXZJ26AKintmug1psMw7662crR3SCnn85/CvW
|
|
||||||
192vhr5gM1PqLBIlbsX0tAqxAwBe1YkxBb9vCq8NVghJlKme49xnwGULMTGs15MW
|
|
||||||
hIPx6sW93zwrGiTsDImH49ILGF+NcX1AgAq90nG0j/l5zhDgXGJglX+K1xP99X1R
|
|
||||||
de3I4uoufPa5q+Pjmhy7muL+o4Qt0D0Vm86RqqjTkNPsr7gAJtt66A7TJrYiIoKn
|
|
||||||
GTIBsgM6egeFLLYQsT0ap/59HJismO2Pjx4Jk/jHOkC8TJsXQNRq1Km76VMBnuc0
|
|
||||||
2CMoD9pb38GjUUH94D4hJK4Ls/gJMF3ftKUyR8Sr/LjE6qU6Yj+ZpeEQP4kW9ANq
|
|
||||||
Lv9KSNDQQpRTL4LwGLTGomksLTQEekge7/q4J2TQRZNYJ/mxnrBKRcv9EAMgBMXq
|
|
||||||
Q+7GHtKDv9tJVlMfG/MRD3CMuuSRiT3OVbvMMkFzsPkqxYAP1CqE/JGvh67TzKI+
|
|
||||||
MUfXKehA6TKuxrTVqCtoFIfGaqA9IWyoRTtugYq/xssB9ESeEYGeaM1A9Yueqz+h
|
|
||||||
KkBZO00jHSE=
|
|
||||||
-----END CERTIFICATE-----
|
|
||||||
'';
|
|
||||||
"letsencrypt.org".key = builtins.toFile "letsencrypt.org.key" ''
|
|
||||||
-----BEGIN RSA PRIVATE KEY-----
|
|
||||||
MIIJKgIBAAKCAgEA9dpdPEyzD3/BBds7tA/51s+WmLFyWuFrq4yMd2R+vi5gvK7n
|
|
||||||
lLNVKhYgiTmK2Um+UEpGucJqZHcTSZA1Bz4S/8ND/AI9I6EmwvBinY5/PubxEALk
|
|
||||||
9YiDA+IzH8ZGFM8wXg7fMbbJAsyv+SHAtr2jmCsggrpuD5fgzs2p+F2q0+oVoeFw
|
|
||||||
MAOUdAf2jNtNLEj2Q6MiR5Xq+wFOcRtXlNlXWIX3NrmubO/xOpDNpsyjyYC5Ld+W
|
|
||||||
06MS5bTHSdv56AkUg2PugMChj15TOddEJIK8zPXFTlMYye9SKwjhNUZovfe4xXCa
|
|
||||||
Tj2nmzrcuMKLz+S3sKQeTWjiRcY3w4zTlAbhtGXDjXjhMObrHoWM8e3cTL4NJMvt
|
|
||||||
tNStXficxbeTbIiYu+7dtF0q+iWaZqexc6PdAaIpFZ0XSw+i5iLdQZmBwzY7NLlH
|
|
||||||
pQupfh6ze0qDUVZAMDubo4JKUTBzH6QTuhHx+uUm7Lc8YdNArn7o/vMZDQym1Eia
|
|
||||||
xKxZuCGaqFvq8ZK4nBVsHfcXbhF/XD2HMid3t7ImbREVu9qnc+En+acU/SJaaL3r
|
|
||||||
jMW6HLVMr6+vQrCzYkvLzKYpoUm9D1Kcn6d8Ofxl2iCaY9CkMr5/6J1p1wcTdcN7
|
|
||||||
IVQ/DFBeTDauyWbyZkO/lPoZoakWyXOx9S9tgClzhFmNgRkZv9wN+QguNDcCAwEA
|
|
||||||
AQKCAgEA0ndlacGfaJ1NeN39dmBW2XZMzdrassJXkjx34528gsLhPaXdyobbWXQn
|
|
||||||
1lHUc7+VlNaBRXUR73+gm1FAlDqnuRxIjuy7ukyzCh8PzSG3/PlnVPWlXCzJPAHh
|
|
||||||
EkqCpD3agirpF34LBsKDwxsKB2bBLft9kWxX3DGA2olmAKDvJQs4CaUcjX4DEHHg
|
|
||||||
tyTmJAsyByUYq3/D8a1koZ9ukpadF8NXpxm+ILQoJqLf6vM1I8N2w7atP/BStSLV
|
|
||||||
mH0gq2tajEB4ZPCDXmC5jsKiKz9gsXWUu0CX8AdYqE6pvRnRgQ8Ytq1265QMb+8s
|
|
||||||
FV82oXqDZkyZRFuNmX3fLyDX39kkTcVS37S56Gzk4EzDWE/u2RXCAPeWla2zUFYI
|
|
||||||
hg8X4ZAwbZRODtK2cZTuCZEILM/iKmtSgHC+aQhp18EUAefa7WGrRD4AvbTxH4VF
|
|
||||||
ek60bwISBk5Mhf39MwqIiQxGOFmfLsQReZvzH4jI5zfDXf/0yZ/1SdGeu6+Walt0
|
|
||||||
V81Ua/DB6zshHpeSP74HMuJHZ4DOQfcV/ndyzvoP84pAjenSx6O034OwQTkpoMI/
|
|
||||||
f/2rK8kdzYSL4f//kFMuRLqmAwOmAFYB2oMo0/YaIoQ4vgTHDKTSxj5mbno56GdT
|
|
||||||
huMAVMKskaCSVbyMB/xyQG7senLItVv+HafVk6ChMUbkIjv9zgECggEBAP+ux1RG
|
|
||||||
cETGjK2U3CRoHGxR7FwaX6hkSokG+aFdVLer+WUrZmR8Ccvh2ALpm8K1G6TTk/5X
|
|
||||||
ZeVX4+1VFYDeTHMN8g20usS5mw3v2GF3fGxGLe4q56l4/4kKMZOrSBuWH4niiIKD
|
|
||||||
0QogdzWkpQJ93nMbZxZ5lk+lRZVf3qSm6nzyP468ndrfI57Ov5OUIWZ7KhTUH9IK
|
|
||||||
8/urUk+lEvyzQmNTlt5ZZXRz7cR01K8chx1zevVAyynzSuGjTysaBN7LTT0v3yVu
|
|
||||||
96yKNsxJvuIz2+4qSjhbnN4jH+feN0VsdF3+Qkru0lBmLVgJl4X67XFaAKMDU9yv
|
|
||||||
3alS53Pkol+Dy1cCggEBAPYodofHC1ydoOmCvUAq4oJNtyI4iIOY/ch3sxVhkNyi
|
|
||||||
KBscQqbay/DiXFiNl+NsemzB1PrHzvCaqKcBKw537XzeKqUgYuVLkFGubf9bDhXi
|
|
||||||
wSRcYbU/oNTgiTgXPW8wH60uIoLaiNi1/YjO2zh4GEY/kFqSuD54Y91iFmcC75bv
|
|
||||||
OjCNugnRdpRjOFhaeNx75tdverR37w3APVZuBSv3bJlMPCtaf+fEAKxJxeqCs3Oq
|
|
||||||
rtsw2TQ4TqfE8/w9qPCVv3bQbMbO48SwjxAz47qH2h3qGu3Ov8badeARe+Ou7nuI
|
|
||||||
U13gPuPOhPXIQP/MYOyamPJdFyng1b8vyNsfjOcWMiECggEAEkMgl6NkV3U7DRbp
|
|
||||||
1mvdQ9tiH33+wR9Qt5LY966b43aUHKbJ7Hlzla1u6V5YMsMO02oNUwhZDdWGQShn
|
|
||||||
ncnC+iDP3iy/flenfIpaETQgnfcxRqan31H2Joqk2eBNCTNi001r5K6XmrqQ6TL2
|
|
||||||
WkQ1RFF7vn42vz+VxcKQO4B0lTIUWhSczcpMWAZ6ZocZD6HScqRoFW+U16/39Bpd
|
|
||||||
TdFb944742vNNFEndXXGzy8hc3gRGz1ihX+MJKuuduyn1mX9AVbPAHR5mkhQ+6x0
|
|
||||||
xuFfXxaEMJxSiwdFOyGDHyFM+n2zrHh8ayOxL22X9gjjNspv6zTMo6GoGnUCdSOq
|
|
||||||
eVoHhwKCAQEAot5O3rOB/vuEljwcv7IgQJrvCsNg/8FgWR1p7kGpuXHJG3btWrz1
|
|
||||||
pyH+e9DjqGQD9KWjJ3LAp02NPUJ2nJIZHj9Y8/yjspb2nDTPLt+uSCjKJibBt0ys
|
|
||||||
O219HRGzYjfzHYCi8PVrCggQAk7rmUdMuF4iQutE4ICDgtz9eZbls3YBiFKdvxVK
|
|
||||||
Yg/sHflucmPAbtah13prPyvs6ZzN6zNANYXNYdn1OwHieBwvyWRFG8jY/MorTHPd
|
|
||||||
BwA3drPNbbGHBzQMZNZKub8gSVYr3SU52gUlYCclmIq+50xqLlF2FWIz1q8irVPd
|
|
||||||
gUnIR/eQQbxgaivRwbGze1ZAjUsozVVQQQKCAQEA9uAKU3O06bEUGj+L0G+7R7r/
|
|
||||||
bi2DNi2kLJ7jyq+n0OqcHEQ1zFK4LAPaXY0yMYXieUzhivMGLSNDiubGO2/KxkFF
|
|
||||||
REXUFgYWZYMwrKsUuscybB64cQDwzD0oXrhvEa2PHecdG6AZ63iLcHaaDzyCPID/
|
|
||||||
wtljekLO2jbJ5esXZd016lykFfUd/K4KP1DGyI2Dkq6q0gTc/Y36gDAcPhIWtzna
|
|
||||||
UujYCe3a8DWCElH4geKXaB5ABbV1eJ8Lch599lXJ9Hszem6QNosFsPaHDCcqLS9H
|
|
||||||
yy2WA6CY2LVU7kONN+O0kxs2fVbxIkI+d/LZyX/yIGlkXcAzL07llIlrTAYebQ==
|
|
||||||
-----END RSA PRIVATE KEY-----
|
|
||||||
'';
|
|
||||||
"letsencrypt.org".cert = builtins.toFile "letsencrypt.org.cert" ''
|
|
||||||
-----BEGIN CERTIFICATE-----
|
|
||||||
MIIEpzCCAo8CAgKaMA0GCSqGSIb3DQEBCwUAMBYxFDASBgNVBAMMC1NuYWtlb2ls
|
|
||||||
IENBMCAXDTE5MTAxODA3NTQxNVoYDzIxMTkwOTI0MDc1NDE1WjAaMRgwFgYDVQQD
|
|
||||||
DA9sZXRzZW5jcnlwdC5vcmcwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC
|
|
||||||
AQD12l08TLMPf8EF2zu0D/nWz5aYsXJa4WurjIx3ZH6+LmC8rueUs1UqFiCJOYrZ
|
|
||||||
Sb5QSka5wmpkdxNJkDUHPhL/w0P8Aj0joSbC8GKdjn8+5vEQAuT1iIMD4jMfxkYU
|
|
||||||
zzBeDt8xtskCzK/5IcC2vaOYKyCCum4Pl+DOzan4XarT6hWh4XAwA5R0B/aM200s
|
|
||||||
SPZDoyJHler7AU5xG1eU2VdYhfc2ua5s7/E6kM2mzKPJgLkt35bToxLltMdJ2/no
|
|
||||||
CRSDY+6AwKGPXlM510QkgrzM9cVOUxjJ71IrCOE1Rmi997jFcJpOPaebOty4wovP
|
|
||||||
5LewpB5NaOJFxjfDjNOUBuG0ZcONeOEw5usehYzx7dxMvg0ky+201K1d+JzFt5Ns
|
|
||||||
iJi77t20XSr6JZpmp7Fzo90BoikVnRdLD6LmIt1BmYHDNjs0uUelC6l+HrN7SoNR
|
|
||||||
VkAwO5ujgkpRMHMfpBO6EfH65Sbstzxh00Cufuj+8xkNDKbUSJrErFm4IZqoW+rx
|
|
||||||
kricFWwd9xduEX9cPYcyJ3e3siZtERW72qdz4Sf5pxT9IlpoveuMxboctUyvr69C
|
|
||||||
sLNiS8vMpimhSb0PUpyfp3w5/GXaIJpj0KQyvn/onWnXBxN1w3shVD8MUF5MNq7J
|
|
||||||
ZvJmQ7+U+hmhqRbJc7H1L22AKXOEWY2BGRm/3A35CC40NwIDAQABMA0GCSqGSIb3
|
|
||||||
DQEBCwUAA4ICAQBbJwE+qc0j6JGHWe0TGjv1viJU3WuyJkMRi+ejx0p/k7Ntp5An
|
|
||||||
2wLC7b/lVP/Nh+PKY/iXWn/BErv2MUo4POc1g8svgxsmMMh5KGGieIfGs7xT+JMH
|
|
||||||
dzZZM+pUpIB5fEO5JfjiOEOKDdAvRSs0mTAVYZEokGkXSNWyylvEaA16mHtMgPjo
|
|
||||||
Lm75d0O66RfJDdd/hTl8umGpF7kEGW1qYk2QmuPr7AqOa8na7olL5fMPh6Q7yRqx
|
|
||||||
GIS9JKQ0fWl8Ngk09WfwUN/kEMcp9Jl5iunNRkbpUJIM/lHFkSA7yOFFL+dVWzd4
|
|
||||||
2r+ddJXTFzW8Rwt65l8SV2MEhijEamKva3mqKLIRWxDsfFVT1T04LWFtnzMW4Z29
|
|
||||||
UHF9Pi7XSyKz0Y/Lz31mNTkjJYbOvbnwok8lc3wFWHc+lummZk8IkCq8xfqzwmwX
|
|
||||||
Ow6EV+Q6VaQpOHumQZ12pBBLtL8DyDhWaRUgVy2vYpwYsMYa5BFMcKCynjlSewo9
|
|
||||||
G2hNoW45cQZP1qHltRR9Xad7SaP7iTETDCiR7AWOqSpDipSh9eMfVW97ZbSfz+vl
|
|
||||||
xl8PZEZMTRIIRVXsPP+E8gtDUhUQp2+Vcz8r6q71qslXM09xl/501uaNjCc3hH2R
|
|
||||||
iw2N77Lho1F3FrBbHdML3RYHZI55eC9iQw6R4S+R4b+iWLJoHzHrW61itg==
|
|
||||||
-----END CERTIFICATE-----
|
|
||||||
'';
|
|
||||||
}
|
|
||||||
@ -18,7 +18,7 @@
|
|||||||
defining this option needs to be explicitly imported.
|
defining this option needs to be explicitly imported.
|
||||||
|
|
||||||
The reason this option exists is for the
|
The reason this option exists is for the
|
||||||
<filename>nixos/tests/common/letsencrypt</filename> module, which
|
<filename>nixos/tests/common/acme/server</filename> module, which
|
||||||
needs that option to disable the resolver once the user has set its own
|
needs that option to disable the resolver once the user has set its own
|
||||||
resolver.
|
resolver.
|
||||||
'';
|
'';
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user