diff options
author | Morgan Jones <me@numin.it> | 2021-04-10 16:38:44 -0600 |
---|---|---|
committer | Tim <Jaculabilis@users.noreply.github.com> | 2021-04-16 19:57:02 -0700 |
commit | 064e0af80b574bfe96540f17ddd35d6e0b1d5c71 (patch) | |
tree | 08b4aede05c75bfa58c16a3b151f4c156687ab16 /nixos/tests | |
parent | 002fe4f19dcf14993dd850be100865b63bc97b80 (diff) | |
download | nixpkgs-064e0af80b574bfe96540f17ddd35d6e0b1d5c71.tar nixpkgs-064e0af80b574bfe96540f17ddd35d6e0b1d5c71.tar.gz nixpkgs-064e0af80b574bfe96540f17ddd35d6e0b1d5c71.tar.bz2 nixpkgs-064e0af80b574bfe96540f17ddd35d6e0b1d5c71.tar.lz nixpkgs-064e0af80b574bfe96540f17ddd35d6e0b1d5c71.tar.xz nixpkgs-064e0af80b574bfe96540f17ddd35d6e0b1d5c71.tar.zst nixpkgs-064e0af80b574bfe96540f17ddd35d6e0b1d5c71.zip |
nixos/nebula: Add enable option defaulting to true to Nebula networks
Diffstat (limited to 'nixos/tests')
-rw-r--r-- | nixos/tests/nebula.nix | 29 |
1 files changed, 28 insertions, 1 deletions
diff --git a/nixos/tests/nebula.nix b/nixos/tests/nebula.nix index b341017295e..372cfebdf80 100644 --- a/nixos/tests/nebula.nix +++ b/nixos/tests/nebula.nix @@ -88,6 +88,26 @@ in }]; services.nebula.networks.smoke = { + enable = true; + staticHostMap = { "10.0.100.1" = [ "192.168.1.1:4242" ]; }; + isLighthouse = false; + lighthouses = [ "10.0.100.1" ]; + firewall = { + outbound = [ { port = "any"; proto = "any"; host = "lighthouse"; } ]; + inbound = [ { port = "any"; proto = "any"; host = "any"; } ]; + }; + }; + }; + + node5 = { ... } @ args: + makeNebulaNode args "node5" { + networking.interfaces.eth1.ipv4.addresses = [{ + address = "192.168.1.5"; + prefixLength = 24; + }]; + + services.nebula.networks.smoke = { + enable = false; staticHostMap = { "10.0.100.1" = [ "192.168.1.1:4242" ]; }; isLighthouse = false; lighthouses = [ "10.0.100.1" ]; @@ -170,9 +190,16 @@ in ${signKeysFor "node4" "10.0.100.4/24"} ${restartAndCheckNebula "node4" "10.0.100.4"} - # The lighthouse can ping node2 and node3 + # Create keys for node4's nebula service and test that it does not come up. + ${setUpPrivateKey "node5"} + ${signKeysFor "node5" "10.0.100.5/24"} + node5.fail("systemctl status nebula@smoke.service") + node5.fail("ping -c5 10.0.100.5") + + # The lighthouse can ping node2 and node3 but not node5 lighthouse.succeed("ping -c3 10.0.100.2") lighthouse.succeed("ping -c3 10.0.100.3") + lighthouse.fail("ping -c3 10.0.100.5") # node2 can ping the lighthouse, but not node3 because of its inbound firewall node2.succeed("ping -c3 10.0.100.1") |