diff options
author | Carl Richard Theodor Schneider <dev.github@crtified.me> | 2023-09-19 13:05:59 +0200 |
---|---|---|
committer | Carl Richard Theodor Schneider <dev.github@crtified.me> | 2023-09-19 18:13:44 +0200 |
commit | cd2dead42cf9053523b8ab3ab68f93fa23422db9 (patch) | |
tree | 2eb9a0240fabfecd647b5dc1baa292a27c99d698 /nixos | |
parent | 716bde190c4b113ce309a58f34e39dba64402d2b (diff) | |
download | nixlib-cd2dead42cf9053523b8ab3ab68f93fa23422db9.tar nixlib-cd2dead42cf9053523b8ab3ab68f93fa23422db9.tar.gz nixlib-cd2dead42cf9053523b8ab3ab68f93fa23422db9.tar.bz2 nixlib-cd2dead42cf9053523b8ab3ab68f93fa23422db9.tar.lz nixlib-cd2dead42cf9053523b8ab3ab68f93fa23422db9.tar.xz nixlib-cd2dead42cf9053523b8ab3ab68f93fa23422db9.tar.zst nixlib-cd2dead42cf9053523b8ab3ab68f93fa23422db9.zip |
nixos/tests/openssh: add `Match` config for validation test
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/tests/openssh.nix | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/nixos/tests/openssh.nix b/nixos/tests/openssh.nix index 4083f5906d79..d771ffd3e0f7 100644 --- a/nixos/tests/openssh.nix +++ b/nixos/tests/openssh.nix @@ -52,6 +52,36 @@ in { }; }; + server_match_rule = + { ... }: + + { + services.openssh = { + enable = true; listenAddresses = [ { addr = "127.0.0.1"; port = 22; } ]; + extraConfig = '' + # Combined test for two (predictable) Match criterias + Match LocalAddress 127.0.0.1 LocalPort 22 + PermitRootLogin yes + + # Separate tests for Match criterias + Match User root + PermitRootLogin yes + Match Group root + PermitRootLogin yes + Match Host nohost.example + PermitRootLogin yes + Match LocalAddress 127.0.0.1 + PermitRootLogin yes + Match LocalPort 22 + PermitRootLogin yes + Match RDomain nohost.example + PermitRootLogin yes + Match Address 127.0.0.1 + PermitRootLogin yes + ''; + }; + }; + client = { ... }: { }; @@ -114,5 +144,8 @@ in { with subtest("localhost-only"): server_localhost_only.succeed("ss -nlt | grep '127.0.0.1:22'") server_localhost_only_lazy.succeed("ss -nlt | grep '127.0.0.1:22'") + + with subtest("match-rules"): + server_match_rule.succeed("ss -nlt | grep '127.0.0.1:22'") ''; }) |