diff options
Diffstat (limited to 'nixos/tests/tinc/default.nix')
| -rw-r--r-- | nixos/tests/tinc/default.nix | 139 |
1 files changed, 139 insertions, 0 deletions
diff --git a/nixos/tests/tinc/default.nix b/nixos/tests/tinc/default.nix new file mode 100644 index 00000000000..31b675ad35c --- /dev/null +++ b/nixos/tests/tinc/default.nix @@ -0,0 +1,139 @@ +import ../make-test-python.nix ({ lib, ... }: + let + snakeoil-keys = import ./snakeoil-keys.nix; + + hosts = lib.attrNames snakeoil-keys; + + subnetOf = name: config: + let + subnets = config.services.tinc.networks.myNetwork.hostSettings.${name}.subnets; + in + (builtins.head subnets).address; + + makeTincHost = name: { subnet, extraConfig ? { } }: lib.mkMerge [ + { + subnets = [{ address = subnet; }]; + settings = { + Ed25519PublicKey = snakeoil-keys.${name}.ed25519Public; + }; + rsaPublicKey = snakeoil-keys.${name}.rsaPublic; + } + extraConfig + ]; + + makeTincNode = { config, ... }: name: extraConfig: lib.mkMerge [ + { + services.tinc.networks.myNetwork = { + inherit name; + rsaPrivateKeyFile = + builtins.toFile "rsa.priv" snakeoil-keys.${name}.rsaPrivate; + ed25519PrivateKeyFile = + builtins.toFile "ed25519.priv" snakeoil-keys.${name}.ed25519Private; + + hostSettings = lib.mapAttrs makeTincHost { + static = { + subnet = "10.0.0.11"; + # Only specify the addresses in the node's vlans, Tinc does not + # seem to try each one, unlike the documentation suggests... + extraConfig.addresses = map + (vlan: { address = "192.168.${toString vlan}.11"; port = 655; }) + config.virtualisation.vlans; + }; + dynamic1 = { subnet = "10.0.0.21"; }; + dynamic2 = { subnet = "10.0.0.22"; }; + }; + }; + + networking.useDHCP = false; + + networking.interfaces."tinc.myNetwork" = { + virtual = true; + virtualType = "tun"; + ipv4.addresses = [{ + address = subnetOf name config; + prefixLength = 24; + }]; + }; + + # Prevents race condition between NixOS service and tinc creating the + # interface. + # See: https://github.com/NixOS/nixpkgs/issues/27070 + systemd.services."tinc.myNetwork" = { + after = [ "network-addresses-tinc.myNetwork.service" ]; + requires = [ "network-addresses-tinc.myNetwork.service" ]; + }; + + networking.firewall.allowedTCPPorts = [ 655 ]; + networking.firewall.allowedUDPPorts = [ 655 ]; + } + extraConfig + ]; + + in + { + name = "tinc"; + meta.maintainers = with lib.maintainers; [ minijackson ]; + + nodes = { + + static = { ... } @ args: + makeTincNode args "static" { + virtualisation.vlans = [ 1 2 ]; + + networking.interfaces.eth1.ipv4.addresses = [{ + address = "192.168.1.11"; + prefixLength = 24; + }]; + + networking.interfaces.eth2.ipv4.addresses = [{ + address = "192.168.2.11"; + prefixLength = 24; + }]; + }; + + + dynamic1 = { ... } @ args: + makeTincNode args "dynamic1" { + virtualisation.vlans = [ 1 ]; + }; + + dynamic2 = { ... } @ args: + makeTincNode args "dynamic2" { + virtualisation.vlans = [ 2 ]; + }; + + }; + + testScript = '' + start_all() + + static.wait_for_unit("tinc.myNetwork.service") + dynamic1.wait_for_unit("tinc.myNetwork.service") + dynamic2.wait_for_unit("tinc.myNetwork.service") + + # Static is accessible by the other hosts + dynamic1.succeed("ping -c5 192.168.1.11") + dynamic2.succeed("ping -c5 192.168.2.11") + + # The other hosts are in separate vlans + dynamic1.fail("ping -c5 192.168.2.11") + dynamic2.fail("ping -c5 192.168.1.11") + + # Each host can ping themselves through Tinc + static.succeed("ping -c5 10.0.0.11") + dynamic1.succeed("ping -c5 10.0.0.21") + dynamic2.succeed("ping -c5 10.0.0.22") + + # Static is accessible by the other hosts through Tinc + dynamic1.succeed("ping -c5 10.0.0.11") + dynamic2.succeed("ping -c5 10.0.0.11") + + # Static can access the other hosts through Tinc + static.succeed("ping -c5 10.0.0.21") + static.succeed("ping -c5 10.0.0.22") + + # The other hosts in separate vlans can access each other through Tinc + dynamic1.succeed("ping -c5 10.0.0.22") + dynamic2.succeed("ping -c5 10.0.0.21") + ''; + }) |