nixos/tests/kanidm: bind certs path to fix ofborg tests

provision # [ 8.223448] (kanidmd)[819]: kanidm.service: Failed to set up mount namespacing: /ofborg/checkout/repo/38dca4e3aa6bca43ea96d2fcc04e8229/builder/ofborg-evaluator-1/nixos/tests/common/acme/server: No such file or directory (cherry picked from commit b93f6e4)
NixOS · Aug 22, 2024 · 00abdbc · 00abdbc
1 parent f10dac3
commit 00abdbc
Showing 1 changed file with 9 additions and 2 deletions.
diff --git a/nixos/tests/kanidm.nix b/nixos/tests/kanidm.nix
@@ -6,6 +6,13 @@ import ./make-test-python.nix ({ pkgs, ... }:
     testCredentials = {
       password = "Password1_cZPEwpCWvrReripJmAZdmVIZd8HHoHcl";
     };
+
+    # copy certs to store to work around mount namespacing
+    certsPath = pkgs.runCommandNoCC "snakeoil-certs" { } ''
+      mkdir $out
+      cp ${certs."${serverDomain}".cert} $out/snakeoil.crt
+      cp ${certs."${serverDomain}".key} $out/snakeoil.key
+    '';
   in
   {
     name = "kanidm";
@@ -19,8 +26,8 @@ import ./make-test-python.nix ({ pkgs, ... }:
           domain = serverDomain;
           bindaddress = "[::]:443";
           ldapbindaddress = "[::1]:636";
-          tls_chain = certs."${serverDomain}".cert;
-          tls_key = certs."${serverDomain}".key;
+          tls_chain = "${certsPath}/snakeoil.crt";
+          tls_key = "${certsPath}/snakeoil.key";
         };
       };