diff options
author | Symphorien Gibol <symphorien+git@xlumurb.eu> | 2020-02-02 12:00:00 +0000 |
---|---|---|
committer | Symphorien Gibol <symphorien+git@xlumurb.eu> | 2020-02-04 20:54:29 +0100 |
commit | b7f27cb61a09c76973cdeb4ed4207b7f2e6f4c65 (patch) | |
tree | c5a2f76e1f036f44f96d8dbebc9783d3fe123392 /nixos/tests | |
parent | 00a91d919d6f6cdaecc67a894f372a4195fea9da (diff) | |
download | nixlib-b7f27cb61a09c76973cdeb4ed4207b7f2e6f4c65.tar nixlib-b7f27cb61a09c76973cdeb4ed4207b7f2e6f4c65.tar.gz nixlib-b7f27cb61a09c76973cdeb4ed4207b7f2e6f4c65.tar.bz2 nixlib-b7f27cb61a09c76973cdeb4ed4207b7f2e6f4c65.tar.lz nixlib-b7f27cb61a09c76973cdeb4ed4207b7f2e6f4c65.tar.xz nixlib-b7f27cb61a09c76973cdeb4ed4207b7f2e6f4c65.tar.zst nixlib-b7f27cb61a09c76973cdeb4ed4207b7f2e6f4c65.zip |
nixos/iodine: add test
Diffstat (limited to 'nixos/tests')
-rw-r--r-- | nixos/tests/all-tests.nix | 1 | ||||
-rw-r--r-- | nixos/tests/iodine.nix | 63 |
2 files changed, 64 insertions, 0 deletions
diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index eb69457fb7e9..ab8dd8972055 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -130,6 +130,7 @@ in initrd-network-ssh = handleTest ./initrd-network-ssh {}; initrdNetwork = handleTest ./initrd-network.nix {}; installer = handleTest ./installer.nix {}; + iodine = handleTest ./iodine.nix {}; ipv6 = handleTest ./ipv6.nix {}; jackett = handleTest ./jackett.nix {}; jellyfin = handleTest ./jellyfin.nix {}; diff --git a/nixos/tests/iodine.nix b/nixos/tests/iodine.nix new file mode 100644 index 000000000000..8bd9603a6d6c --- /dev/null +++ b/nixos/tests/iodine.nix @@ -0,0 +1,63 @@ +import ./make-test-python.nix ( + { pkgs, ... }: let + domain = "whatever.example.com"; + in + { + name = "iodine"; + nodes = { + server = + { ... }: + + { + networking.firewall = { + allowedUDPPorts = [ 53 ]; + trustedInterfaces = [ "dns0" ]; + }; + boot.kernel.sysctl = { + "net.ipv4.ip_forward" = 1; + "net.ipv6.ip_forward" = 1; + }; + + services.iodine.server = { + enable = true; + ip = "10.53.53.1/24"; + passwordFile = "${builtins.toFile "password" "foo"}"; + inherit domain; + }; + + # test resource: accessible only via tunnel + services.openssh = { + enable = true; + openFirewall = false; + }; + }; + + client = + { ... }: { + services.iodine.clients.testClient = { + # test that ProtectHome is "read-only" + passwordFile = "/root/pw"; + relay = "server"; + server = domain; + }; + systemd.tmpfiles.rules = [ + "f /root/pw 0666 root root - foo" + ]; + environment.systemPackages = [ + pkgs.nagiosPluginsOfficial + ]; + }; + + }; + + testScript = '' + start_all() + + server.wait_for_unit("sshd") + server.wait_for_unit("iodined") + client.wait_for_unit("iodine-testClient") + + client.succeed("check_ssh -H 10.53.53.1") + ''; + } +) |