diff options
| author | Joachim Fasting <joachifm@fastmail.fm> | 2016-03-09 02:36:53 +0100 |
|---|---|---|
| committer | Joachim Fasting <joachifm@fastmail.fm> | 2016-03-11 11:35:09 +0100 |
| commit | 19492185fa1b4f76692978c17d92c03109abb02b (patch) | |
| tree | ae310b552d7bba9185eb354f42815faa3a2c394a /nixos/tests/dnscrypt-proxy.nix | |
| parent | dcfca100ec57b0b8a2af5dbaec7e0a41a76253ac (diff) | |
| download | nixlib-19492185fa1b4f76692978c17d92c03109abb02b.tar nixlib-19492185fa1b4f76692978c17d92c03109abb02b.tar.gz nixlib-19492185fa1b4f76692978c17d92c03109abb02b.tar.bz2 nixlib-19492185fa1b4f76692978c17d92c03109abb02b.tar.lz nixlib-19492185fa1b4f76692978c17d92c03109abb02b.tar.xz nixlib-19492185fa1b4f76692978c17d92c03109abb02b.tar.zst nixlib-19492185fa1b4f76692978c17d92c03109abb02b.zip | |
nixos/tests: implement dnscrypt-proxy test
This test verifies that the daemon actually activates upon a user-initiated ping, when using the recommended configuration.
Diffstat (limited to 'nixos/tests/dnscrypt-proxy.nix')
| -rw-r--r-- | nixos/tests/dnscrypt-proxy.nix | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/nixos/tests/dnscrypt-proxy.nix b/nixos/tests/dnscrypt-proxy.nix new file mode 100644 index 000000000000..20ec3a333e77 --- /dev/null +++ b/nixos/tests/dnscrypt-proxy.nix @@ -0,0 +1,32 @@ +import ./make-test.nix ({ pkgs, ... }: { + name = "dnscrypt-proxy"; + meta = with pkgs.stdenv.lib.maintainers; { + maintainers = [ joachifm ]; + }; + + nodes = { + # A client running the recommended setup: DNSCrypt proxy as a forwarder + # for a caching DNS client. + client = + { config, pkgs, ... }: + let localProxyPort = 43; in + { + security.apparmor.enable = true; + + services.dnscrypt-proxy.enable = true; + services.dnscrypt-proxy.localPort = localProxyPort; + + services.dnsmasq.enable = true; + services.dnsmasq.servers = [ "127.0.0.1#${toString localProxyPort}" ]; + }; + }; + + testScript = '' + $client->start; + $client->waitForUnit("multi-user.target"); + + # The daemon is socket activated; sending a single ping should activate it. + $client->execute("${pkgs.iputils}/bin/ping -c1 example.com"); + $client->succeed("systemctl is-active dnscrypt-proxy.service"); + ''; +}) |