diff --git a/flake.nix b/flake.nix index 814801d..0c65b2d 100644 --- a/flake.nix +++ b/flake.nix @@ -65,9 +65,7 @@ pkgs = import nixpkgs { inherit system; overlays = [ - (import ./overlays/nginx-test.nix - (builtins.attrNames self.nixosConfigurations.${name}.config.security.acme.certs) - ) + # Global overlays go here ] ++ config.overlays or [ ]; }; } diff --git a/overlays/nginx-test.nix b/overlays/nginx-test.nix deleted file mode 100644 index 409cdd0..0000000 --- a/overlays/nginx-test.nix +++ /dev/null @@ -1,32 +0,0 @@ -acme-certs: final: prev: - let - problematicHosts = [ "matrix.pvv.ntnu.no" "tom.pvv.ntnu.no" ]; - lib = final.lib; - crt = "${final.path}/nixos/tests/common/acme/server/acme.test.cert.pem"; - key = "${final.path}/nixos/tests/common/acme/server/acme.test.key.pem"; - in { - writers = prev.writers // { - writeNginxConfig = name: text: final.runCommandLocal name { - nginxConfig = prev.writers.writeNginxConfig name text; - nativeBuildInputs = [ final.bubblewrap ]; - } '' - cat "$nginxConfig" > "$out" - substituteInPlace "$out" ${lib.concatMapStrings (host: "--replace ${host} \"localhost\" ") problematicHosts} - substituteInPlace "$out" --replace ":443" ":4443" - substituteInPlace "$out" --replace ":80" ":8808" - set +o pipefail - bwrap \ - --ro-bind "${crt}" "/etc/certs/nginx.crt" \ - --ro-bind "${key}" "/etc/certs/nginx.key" \ - --ro-bind "/nix" "/nix" \ - --ro-bind "/etc/hosts" "/etc/hosts" \ - --dir "/run/nginx" \ - --dir "/tmp" \ - --dir "/var/log/nginx" \ - ${lib.concatMapStrings (name: "--ro-bind \"${crt}\" \"/var/lib/acme/${name}/fullchain.pem\" \\") acme-certs} - ${lib.concatMapStrings (name: "--ro-bind \"${key}\" \"/var/lib/acme/${name}/key.pem\" \\") acme-certs} - ${lib.concatMapStrings (name: "--ro-bind \"${crt}\" \"/var/lib/acme/${name}/chain.pem\" \\") acme-certs} - ${lib.getExe' final.nginx "nginx"} -t -c "$out" |& grep "syntax is ok" - ''; - }; -}