diff options
Diffstat (limited to 'nixpkgs/nixos/tests/kea.nix')
-rw-r--r-- | nixpkgs/nixos/tests/kea.nix | 186 |
1 files changed, 186 insertions, 0 deletions
diff --git a/nixpkgs/nixos/tests/kea.nix b/nixpkgs/nixos/tests/kea.nix new file mode 100644 index 000000000000..c8ecf771fa13 --- /dev/null +++ b/nixpkgs/nixos/tests/kea.nix @@ -0,0 +1,186 @@ +# This test verifies DHCPv4 interaction between a client and a router. +# For successful DHCP allocations a dynamic update request is sent +# towards a nameserver to allocate a name in the lan.nixos.test zone. +# We then verify whether client and router can ping each other, and +# that the nameserver can resolve the clients fqdn to the correct IP +# address. + +import ./make-test-python.nix ({ pkgs, lib, ...}: { + meta.maintainers = with lib.maintainers; [ hexa ]; + + name = "kea"; + + nodes = { + router = { config, pkgs, ... }: { + virtualisation.vlans = [ 1 ]; + + networking = { + useDHCP = false; + firewall.allowedUDPPorts = [ 67 ]; + }; + + systemd.network = { + enable = true; + networks = { + "01-eth1" = { + name = "eth1"; + networkConfig = { + Address = "10.0.0.1/29"; + }; + }; + }; + }; + + services.kea.dhcp4 = { + enable = true; + settings = { + valid-lifetime = 3600; + renew-timer = 900; + rebind-timer = 1800; + + lease-database = { + type = "memfile"; + persist = true; + name = "/var/lib/kea/dhcp4.leases"; + }; + + interfaces-config = { + dhcp-socket-type = "raw"; + interfaces = [ + "eth1" + ]; + }; + + subnet4 = [ { + subnet = "10.0.0.0/29"; + pools = [ { + pool = "10.0.0.3 - 10.0.0.3"; + } ]; + } ]; + + # Enable communication between dhcp4 and a local dhcp-ddns + # instance. + # https://kea.readthedocs.io/en/kea-2.2.0/arm/dhcp4-srv.html#ddns-for-dhcpv4 + dhcp-ddns = { + enable-updates = true; + }; + + ddns-send-updates = true; + ddns-qualifying-suffix = "lan.nixos.test."; + }; + }; + + services.kea.dhcp-ddns = { + enable = true; + settings = { + forward-ddns = { + # Configure updates of a forward zone named `lan.nixos.test` + # hosted at the nameserver at 10.0.0.2 + # https://kea.readthedocs.io/en/kea-2.2.0/arm/ddns.html#adding-forward-dns-servers + ddns-domains = [ { + name = "lan.nixos.test."; + # Use a TSIG key in production! + key-name = ""; + dns-servers = [ { + ip-address = "10.0.0.2"; + port = 53; + } ]; + } ]; + }; + }; + }; + }; + + nameserver = { config, pkgs, ... }: { + virtualisation.vlans = [ 1 ]; + + networking = { + useDHCP = false; + firewall.allowedUDPPorts = [ 53 ]; + }; + + systemd.network = { + enable = true; + networks = { + "01-eth1" = { + name = "eth1"; + networkConfig = { + Address = "10.0.0.2/29"; + }; + }; + }; + }; + + services.resolved.enable = false; + + # Set up an authoritative nameserver, serving the `lan.nixos.test` + # zone and configure an ACL that allows dynamic updates from + # the router's ip address. + # This ACL is likely insufficient for production usage. Please + # use TSIG keys. + services.knot = let + zone = pkgs.writeTextDir "lan.nixos.test.zone" '' + @ SOA ns.nixos.test nox.nixos.test 0 86400 7200 3600000 172800 + @ NS nameserver + nameserver A 10.0.0.3 + router A 10.0.0.1 + ''; + zonesDir = pkgs.buildEnv { + name = "knot-zones"; + paths = [ zone ]; + }; + in { + enable = true; + extraArgs = [ + "-v" + ]; + settings = { + server.listen = [ + "0.0.0.0@53" + ]; + + log.syslog.any = "info"; + + acl.dhcp_ddns = { + address = "10.0.0.1"; + action = "update"; + }; + + template.default = { + storage = zonesDir; + zonefile-sync = "-1"; + zonefile-load = "difference-no-serial"; + journal-content = "all"; + }; + + zone."lan.nixos.test" = { + file = "lan.nixos.test.zone"; + acl = [ + "dhcp_ddns" + ]; + }; + }; + }; + + }; + + client = { config, pkgs, ... }: { + virtualisation.vlans = [ 1 ]; + systemd.services.systemd-networkd.environment.SYSTEMD_LOG_LEVEL = "debug"; + networking = { + useNetworkd = true; + useDHCP = false; + firewall.enable = false; + interfaces.eth1.useDHCP = true; + }; + }; + }; + testScript = { ... }: '' + start_all() + router.wait_for_unit("kea-dhcp4-server.service") + client.wait_for_unit("systemd-networkd-wait-online.service") + client.wait_until_succeeds("ping -c 5 10.0.0.1") + router.wait_until_succeeds("ping -c 5 10.0.0.3") + nameserver.wait_until_succeeds("kdig +short client.lan.nixos.test @10.0.0.2 | grep -q 10.0.0.3") + ''; +}) |