diff options
Diffstat (limited to 'nixos/tests/shadowsocks/common.nix')
-rw-r--r-- | nixos/tests/shadowsocks/common.nix | 84 |
1 files changed, 84 insertions, 0 deletions
diff --git a/nixos/tests/shadowsocks/common.nix b/nixos/tests/shadowsocks/common.nix new file mode 100644 index 00000000000..8cbbc3f2068 --- /dev/null +++ b/nixos/tests/shadowsocks/common.nix @@ -0,0 +1,84 @@ +{ name +, plugin ? null +, pluginOpts ? "" +}: + +import ../make-test-python.nix ({ pkgs, lib, ... }: { + inherit name; + meta = { + maintainers = with lib.maintainers; [ hmenke ]; + }; + + nodes = { + server = { + boot.kernel.sysctl."net.ipv4.ip_forward" = "1"; + networking.useDHCP = false; + networking.interfaces.eth1.ipv4.addresses = [ + { address = "192.168.0.1"; prefixLength = 24; } + ]; + networking.firewall.rejectPackets = true; + networking.firewall.allowedTCPPorts = [ 8488 ]; + networking.firewall.allowedUDPPorts = [ 8488 ]; + services.shadowsocks = { + enable = true; + encryptionMethod = "chacha20-ietf-poly1305"; + password = "pa$$w0rd"; + localAddress = [ "0.0.0.0" ]; + port = 8488; + fastOpen = false; + mode = "tcp_and_udp"; + } // lib.optionalAttrs (plugin != null) { + inherit plugin; + pluginOpts = "server;${pluginOpts}"; + }; + services.nginx = { + enable = true; + virtualHosts.server = { + locations."/".root = pkgs.writeTextDir "index.html" "It works!"; + }; + }; + }; + + client = { + networking.useDHCP = false; + networking.interfaces.eth1.ipv4.addresses = [ + { address = "192.168.0.2"; prefixLength = 24; } + ]; + systemd.services.shadowsocks-client = { + description = "connect to shadowsocks"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + path = with pkgs; [ shadowsocks-libev ]; + script = '' + exec ss-local \ + -s 192.168.0.1 \ + -p 8488 \ + -l 1080 \ + -k 'pa$$w0rd' \ + -m chacha20-ietf-poly1305 \ + -a nobody \ + ${lib.optionalString (plugin != null) '' + --plugin "${plugin}" --plugin-opts "${pluginOpts}" + ''} + ''; + }; + }; + }; + + testScript = '' + start_all() + + server.wait_for_unit("shadowsocks-libev.service") + client.wait_for_unit("shadowsocks-client.service") + + client.fail( + "${pkgs.curl}/bin/curl 192.168.0.1:80" + ) + + msg = client.succeed( + "${pkgs.curl}/bin/curl --socks5 localhost:1080 192.168.0.1:80" + ) + assert msg == "It works!", "Could not connect through shadowsocks" + ''; + } +) |