summary refs log tree commit diff
path: root/nixos/tests
diff options
context:
space:
mode:
authorLéo Gaspard <leo@gaspard.io>2020-03-16 23:42:12 +0100
committerGitHub <noreply@github.com>2020-03-16 23:42:12 +0100
commita0307bad467e293a0fe7eee244fcf450a0af6b74 (patch)
tree1c13508fb7d54cdbd8399070397ff98e75f7a887 /nixos/tests
parentc2b72612718055147d94bc0a5a51db573cb6d33b (diff)
parent44fd320c0f083ea267ab3e69156f2e82c3912e60 (diff)
downloadnixpkgs-a0307bad467e293a0fe7eee244fcf450a0af6b74.tar
nixpkgs-a0307bad467e293a0fe7eee244fcf450a0af6b74.tar.gz
nixpkgs-a0307bad467e293a0fe7eee244fcf450a0af6b74.tar.bz2
nixpkgs-a0307bad467e293a0fe7eee244fcf450a0af6b74.tar.lz
nixpkgs-a0307bad467e293a0fe7eee244fcf450a0af6b74.tar.xz
nixpkgs-a0307bad467e293a0fe7eee244fcf450a0af6b74.tar.zst
nixpkgs-a0307bad467e293a0fe7eee244fcf450a0af6b74.zip
Merge pull request #79120 from symphorien/iodine
Iodine: ipv6 support, updates, hardening, nixos test....
Diffstat (limited to 'nixos/tests')
-rw-r--r--nixos/tests/all-tests.nix1
-rw-r--r--nixos/tests/iodine.nix63
2 files changed, 64 insertions, 0 deletions
diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix
index 7dd0f23df65..51b463747b0 100644
--- a/nixos/tests/all-tests.nix
+++ b/nixos/tests/all-tests.nix
@@ -135,6 +135,7 @@ in
   initrd-network-ssh = handleTest ./initrd-network-ssh {};
   initrdNetwork = handleTest ./initrd-network.nix {};
   installer = handleTest ./installer.nix {};
+  iodine = handleTest ./iodine.nix {};
   ipv6 = handleTest ./ipv6.nix {};
   jackett = handleTest ./jackett.nix {};
   jellyfin = handleTest ./jellyfin.nix {};
diff --git a/nixos/tests/iodine.nix b/nixos/tests/iodine.nix
new file mode 100644
index 00000000000..8bd9603a6d6
--- /dev/null
+++ b/nixos/tests/iodine.nix
@@ -0,0 +1,63 @@
+import ./make-test-python.nix (
+  { pkgs, ... }: let
+    domain = "whatever.example.com";
+  in
+    {
+      name = "iodine";
+      nodes = {
+        server =
+          { ... }:
+
+            {
+              networking.firewall = {
+                allowedUDPPorts = [ 53 ];
+                trustedInterfaces = [ "dns0" ];
+              };
+              boot.kernel.sysctl = {
+                "net.ipv4.ip_forward" = 1;
+                "net.ipv6.ip_forward" = 1;
+              };
+
+              services.iodine.server = {
+                enable = true;
+                ip = "10.53.53.1/24";
+                passwordFile = "${builtins.toFile "password" "foo"}";
+                inherit domain;
+              };
+
+              # test resource: accessible only via tunnel
+              services.openssh = {
+                enable = true;
+                openFirewall = false;
+              };
+            };
+
+        client =
+          { ... }: {
+            services.iodine.clients.testClient = {
+              # test that ProtectHome is "read-only"
+              passwordFile = "/root/pw";
+              relay = "server";
+              server = domain;
+            };
+            systemd.tmpfiles.rules = [
+              "f /root/pw 0666 root root - foo"
+            ];
+            environment.systemPackages = [
+              pkgs.nagiosPluginsOfficial
+            ];
+          };
+
+      };
+
+      testScript = ''
+        start_all()
+
+        server.wait_for_unit("sshd")
+        server.wait_for_unit("iodined")
+        client.wait_for_unit("iodine-testClient")
+
+        client.succeed("check_ssh -H 10.53.53.1")
+      '';
+    }
+)