blob: 41fb2e7778d42bdca910a609acf313a7f1cb1a4a (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
|
import ./make-test-python.nix (
{ pkgs, ... }: let
domain = "whatever.example.com";
password = "false;foo;exit;withspecialcharacters";
in
{
name = "iodine";
nodes = {
server =
{ ... }:
{
networking.firewall = {
allowedUDPPorts = [ 53 ];
trustedInterfaces = [ "dns0" ];
};
boot.kernel.sysctl = {
"net.ipv4.ip_forward" = 1;
"net.ipv6.ip_forward" = 1;
};
services.iodine.server = {
enable = true;
ip = "10.53.53.1/24";
passwordFile = "${builtins.toFile "password" password}";
inherit domain;
};
# test resource: accessible only via tunnel
services.openssh = {
enable = true;
openFirewall = false;
};
};
client =
{ ... }: {
services.iodine.clients.testClient = {
# test that ProtectHome is "read-only"
passwordFile = "/root/pw";
relay = "server";
server = domain;
};
systemd.tmpfiles.rules = [
"f /root/pw 0666 root root - ${password}"
];
environment.systemPackages = [
pkgs.nagiosPluginsOfficial
];
};
};
testScript = ''
start_all()
server.wait_for_unit("sshd")
server.wait_for_unit("iodined")
client.wait_for_unit("iodine-testClient")
client.succeed("check_ssh -H 10.53.53.1")
'';
}
)
|