nixos/tests/3proxy.nix at 23.05-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / tests / 3proxy.nix
at 23.05-pre 5.1 kB view raw
  1{ lib, pkgs, ... }: {
  2  name = "3proxy";
  3  meta = with lib.maintainers; {
  4    maintainers = [ misuzu ];
  5  };
  6
  7  nodes = {
  8    peer0 = { lib, ... }: {
  9      networking.useDHCP = false;
 10      networking.interfaces.eth1 = {
 11        ipv4.addresses = [
 12          {
 13            address = "192.168.0.1";
 14            prefixLength = 24;
 15          }
 16          {
 17            address = "216.58.211.111";
 18            prefixLength = 24;
 19          }
 20        ];
 21      };
 22    };
 23
 24    peer1 = { lib, ... }: {
 25      networking.useDHCP = false;
 26      networking.interfaces.eth1 = {
 27        ipv4.addresses = [
 28          {
 29            address = "192.168.0.2";
 30            prefixLength = 24;
 31          }
 32          {
 33            address = "216.58.211.112";
 34            prefixLength = 24;
 35          }
 36        ];
 37      };
 38      # test that binding to [::] is working when ipv6 is disabled
 39      networking.enableIPv6 = false;
 40      services._3proxy = {
 41        enable = true;
 42        services = [
 43          {
 44            type = "admin";
 45            bindPort = 9999;
 46            auth = [ "none" ];
 47          }
 48          {
 49            type = "proxy";
 50            bindPort = 3128;
 51            auth = [ "none" ];
 52          }
 53        ];
 54      };
 55      networking.firewall.allowedTCPPorts = [ 3128 9999 ];
 56    };
 57
 58    peer2 = { lib, ... }: {
 59      networking.useDHCP = false;
 60      networking.interfaces.eth1 = {
 61        ipv4.addresses = [
 62          {
 63            address = "192.168.0.3";
 64            prefixLength = 24;
 65          }
 66          {
 67            address = "216.58.211.113";
 68            prefixLength = 24;
 69          }
 70        ];
 71      };
 72      services._3proxy = {
 73        enable = true;
 74        services = [
 75          {
 76            type = "admin";
 77            bindPort = 9999;
 78            auth = [ "none" ];
 79          }
 80          {
 81            type = "proxy";
 82            bindPort = 3128;
 83            auth = [ "iponly" ];
 84            acl = [
 85              {
 86                rule = "allow";
 87              }
 88            ];
 89          }
 90        ];
 91      };
 92      networking.firewall.allowedTCPPorts = [ 3128 9999 ];
 93    };
 94
 95    peer3 = { lib, pkgs, ... }: {
 96      networking.useDHCP = false;
 97      networking.interfaces.eth1 = {
 98        ipv4.addresses = [
 99          {
100            address = "192.168.0.4";
101            prefixLength = 24;
102          }
103          {
104            address = "216.58.211.114";
105            prefixLength = 24;
106          }
107        ];
108      };
109      services._3proxy = {
110        enable = true;
111        usersFile = pkgs.writeText "3proxy.passwd" ''
112          admin:CR:$1$.GUV4Wvk$WnEVQtaqutD9.beO5ar1W/
113        '';
114        services = [
115          {
116            type = "admin";
117            bindPort = 9999;
118            auth = [ "none" ];
119          }
120          {
121            type = "proxy";
122            bindPort = 3128;
123            auth = [ "strong" ];
124            acl = [
125              {
126                rule = "allow";
127              }
128            ];
129          }
130        ];
131      };
132      networking.firewall.allowedTCPPorts = [ 3128 9999 ];
133    };
134  };
135
136  testScript = ''
137    start_all()
138
139    peer0.wait_for_unit("network-online.target")
140
141    peer1.wait_for_unit("3proxy.service")
142    peer1.wait_for_open_port(9999)
143
144    # test none auth
145    peer0.succeed(
146        "${pkgs.wget}/bin/wget -e use_proxy=yes -e http_proxy=http://192.168.0.2:3128 -S -O /dev/null http://216.58.211.112:9999"
147    )
148    peer0.succeed(
149        "${pkgs.wget}/bin/wget -e use_proxy=yes -e http_proxy=http://192.168.0.2:3128 -S -O /dev/null http://192.168.0.2:9999"
150    )
151    peer0.succeed(
152        "${pkgs.wget}/bin/wget -e use_proxy=yes -e http_proxy=http://192.168.0.2:3128 -S -O /dev/null http://127.0.0.1:9999"
153    )
154
155    peer2.wait_for_unit("3proxy.service")
156    peer2.wait_for_open_port(9999)
157
158    # test iponly auth
159    peer0.succeed(
160        "${pkgs.wget}/bin/wget -e use_proxy=yes -e http_proxy=http://192.168.0.3:3128 -S -O /dev/null http://216.58.211.113:9999"
161    )
162    peer0.fail(
163        "${pkgs.wget}/bin/wget -e use_proxy=yes -e http_proxy=http://192.168.0.3:3128 -S -O /dev/null http://192.168.0.3:9999"
164    )
165    peer0.fail(
166        "${pkgs.wget}/bin/wget -e use_proxy=yes -e http_proxy=http://192.168.0.3:3128 -S -O /dev/null http://127.0.0.1:9999"
167    )
168
169    peer3.wait_for_unit("3proxy.service")
170    peer3.wait_for_open_port(9999)
171
172    # test strong auth
173    peer0.succeed(
174        "${pkgs.wget}/bin/wget -e use_proxy=yes -e http_proxy=http://admin:bigsecret\@192.168.0.4:3128 -S -O /dev/null http://216.58.211.114:9999"
175    )
176    peer0.fail(
177        "${pkgs.wget}/bin/wget -e use_proxy=yes -e http_proxy=http://admin:bigsecret\@192.168.0.4:3128 -S -O /dev/null http://192.168.0.4:9999"
178    )
179    peer0.fail(
180        "${pkgs.wget}/bin/wget -e use_proxy=yes -e http_proxy=http://192.168.0.4:3128 -S -O /dev/null http://216.58.211.114:9999"
181    )
182    peer0.fail(
183        "${pkgs.wget}/bin/wget -e use_proxy=yes -e http_proxy=http://192.168.0.4:3128 -S -O /dev/null http://192.168.0.4:9999"
184    )
185    peer0.fail(
186        "${pkgs.wget}/bin/wget -e use_proxy=yes -e http_proxy=http://192.168.0.4:3128 -S -O /dev/null http://127.0.0.1:9999"
187    )
188  '';
189}