nixos/tests/stunnel: replace activationScript

Replace with a separate systemd service.
2023-10-20 11:45:24 +02:00 · 2023-10-20 11:45:24 +02:00 · d345b385fe
commit d345b385fe
parent 339a866b7c
1 changed files with 9 additions and 4 deletions
--- a/nixos/tests/stunnel.nix
+++ b/nixos/tests/stunnel.nix
@ -17,11 +17,16 @@ let
    };
  };
  makeCert = { config, pkgs, ... }: {
-    system.activationScripts.create-test-cert = stringAfter [ "users" ] ''
-      ${pkgs.openssl}/bin/openssl req -batch -x509 -newkey rsa -nodes -out /test-cert.pem -keyout /test-key.pem -subj /CN=${config.networking.hostName}
-      ( umask 077; cat /test-key.pem /test-cert.pem > /test-key-and-cert.pem )
-      chown stunnel /test-key.pem /test-key-and-cert.pem
+    systemd.services.create-test-cert = {
+      wantedBy = [ "sysinit.target" ];
+      before = [ "sysinit.target" ];
+      unitConfig.DefaultDependencies = false;
+      script = ''
+        ${pkgs.openssl}/bin/openssl req -batch -x509 -newkey rsa -nodes -out /test-cert.pem -keyout /test-key.pem -subj /CN=${config.networking.hostName}
+        ( umask 077; cat /test-key.pem /test-cert.pem > /test-key-and-cert.pem )
+        chown stunnel /test-key.pem /test-key-and-cert.pem
    '';
+    };
  };
  serverCommon = { pkgs, ... }: {
    networking.firewall.allowedTCPPorts = [ 443 ];