blob: b359b7fcdd6fb57027a8b49c840a7c0b75dcb588 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
|
# This is a simple distributed test involving a topology with two
# separate virtual networks - the "inside" and the "outside" - with a
# client on the inside network, a server on the outside network, and a
# router connected to both that performs Network Address Translation
# for the client.
import ./make-test-python.nix ({ pkgs, lib, ... }:
let
routerBase =
lib.mkMerge [
{ virtualisation.vlans = [ 2 1 ];
networking.nftables.enable = true;
networking.nat.internalIPs = [ "192.168.1.0/24" ];
networking.nat.externalInterface = "eth1";
}
];
in
{
name = "dublin-traceroute";
meta = with pkgs.lib.maintainers; {
maintainers = [ baloo ];
};
nodes.client = { nodes, ... }: {
imports = [ ./common/user-account.nix ];
virtualisation.vlans = [ 1 ];
networking.defaultGateway =
(builtins.head nodes.router.networking.interfaces.eth2.ipv4.addresses).address;
networking.nftables.enable = true;
programs.dublin-traceroute.enable = true;
};
nodes.router = { ... }: {
virtualisation.vlans = [ 2 1 ];
networking.nftables.enable = true;
networking.nat.internalIPs = [ "192.168.1.0/24" ];
networking.nat.externalInterface = "eth1";
networking.nat.enable = true;
};
nodes.server = { ... }: {
virtualisation.vlans = [ 2 ];
networking.firewall.enable = false;
services.httpd.enable = true;
services.httpd.adminAddr = "foo@example.org";
services.vsftpd.enable = true;
services.vsftpd.anonymousUser = true;
};
testScript = ''
client.start()
router.start()
server.start()
server.wait_for_unit("network.target")
router.wait_for_unit("network.target")
client.wait_for_unit("network.target")
# Make sure we can trace from an unprivileged user
client.succeed("sudo -u alice dublin-traceroute server")
'';
})
|