diff options
author | Léo Gaspard <leo@gaspard.io> | 2020-03-16 23:42:12 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-03-16 23:42:12 +0100 |
commit | a0307bad467e293a0fe7eee244fcf450a0af6b74 (patch) | |
tree | 1c13508fb7d54cdbd8399070397ff98e75f7a887 /nixos/tests | |
parent | c2b72612718055147d94bc0a5a51db573cb6d33b (diff) | |
parent | 44fd320c0f083ea267ab3e69156f2e82c3912e60 (diff) | |
download | nixpkgs-a0307bad467e293a0fe7eee244fcf450a0af6b74.tar nixpkgs-a0307bad467e293a0fe7eee244fcf450a0af6b74.tar.gz nixpkgs-a0307bad467e293a0fe7eee244fcf450a0af6b74.tar.bz2 nixpkgs-a0307bad467e293a0fe7eee244fcf450a0af6b74.tar.lz nixpkgs-a0307bad467e293a0fe7eee244fcf450a0af6b74.tar.xz nixpkgs-a0307bad467e293a0fe7eee244fcf450a0af6b74.tar.zst nixpkgs-a0307bad467e293a0fe7eee244fcf450a0af6b74.zip |
Merge pull request #79120 from symphorien/iodine
Iodine: ipv6 support, updates, hardening, nixos test....
Diffstat (limited to 'nixos/tests')
-rw-r--r-- | nixos/tests/all-tests.nix | 1 | ||||
-rw-r--r-- | nixos/tests/iodine.nix | 63 |
2 files changed, 64 insertions, 0 deletions
diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index 7dd0f23df65..51b463747b0 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -135,6 +135,7 @@ in initrd-network-ssh = handleTest ./initrd-network-ssh {}; initrdNetwork = handleTest ./initrd-network.nix {}; installer = handleTest ./installer.nix {}; + iodine = handleTest ./iodine.nix {}; ipv6 = handleTest ./ipv6.nix {}; jackett = handleTest ./jackett.nix {}; jellyfin = handleTest ./jellyfin.nix {}; diff --git a/nixos/tests/iodine.nix b/nixos/tests/iodine.nix new file mode 100644 index 00000000000..8bd9603a6d6 --- /dev/null +++ b/nixos/tests/iodine.nix @@ -0,0 +1,63 @@ +import ./make-test-python.nix ( + { pkgs, ... }: let + domain = "whatever.example.com"; + in + { + name = "iodine"; + nodes = { + server = + { ... }: + + { + networking.firewall = { + allowedUDPPorts = [ 53 ]; + trustedInterfaces = [ "dns0" ]; + }; + boot.kernel.sysctl = { + "net.ipv4.ip_forward" = 1; + "net.ipv6.ip_forward" = 1; + }; + + services.iodine.server = { + enable = true; + ip = "10.53.53.1/24"; + passwordFile = "${builtins.toFile "password" "foo"}"; + inherit domain; + }; + + # test resource: accessible only via tunnel + services.openssh = { + enable = true; + openFirewall = false; + }; + }; + + client = + { ... }: { + services.iodine.clients.testClient = { + # test that ProtectHome is "read-only" + passwordFile = "/root/pw"; + relay = "server"; + server = domain; + }; + systemd.tmpfiles.rules = [ + "f /root/pw 0666 root root - foo" + ]; + environment.systemPackages = [ + pkgs.nagiosPluginsOfficial + ]; + }; + + }; + + testScript = '' + start_all() + + server.wait_for_unit("sshd") + server.wait_for_unit("iodined") + client.wait_for_unit("iodine-testClient") + + client.succeed("check_ssh -H 10.53.53.1") + ''; + } +) |