nixos/tests/shadowsocks/common.nix at 23.05-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / tests / shadowsocks / common.nix
at 23.05-pre 2.5 kB view raw
 1{ name
 2, plugin ? null
 3, pluginOpts ? ""
 4}:
 5
 6import ../make-test-python.nix ({ pkgs, lib, ... }: {
 7    inherit name;
 8    meta = {
 9      maintainers = with lib.maintainers; [ hmenke ];
10    };
11
12    nodes = {
13      server = {
14        boot.kernel.sysctl."net.ipv4.ip_forward" = "1";
15        networking.useDHCP = false;
16        networking.interfaces.eth1.ipv4.addresses = [
17          { address = "192.168.0.1"; prefixLength = 24; }
18        ];
19        networking.firewall.rejectPackets = true;
20        networking.firewall.allowedTCPPorts = [ 8488 ];
21        networking.firewall.allowedUDPPorts = [ 8488 ];
22        services.shadowsocks = {
23          enable = true;
24          encryptionMethod = "chacha20-ietf-poly1305";
25          password = "pa$$w0rd";
26          localAddress = [ "0.0.0.0" ];
27          port = 8488;
28          fastOpen = false;
29          mode = "tcp_and_udp";
30        } // lib.optionalAttrs (plugin != null) {
31          inherit plugin;
32          pluginOpts = "server;${pluginOpts}";
33        };
34        services.nginx = {
35          enable = true;
36          virtualHosts.server = {
37            locations."/".root = pkgs.writeTextDir "index.html" "It works!";
38          };
39        };
40      };
41
42      client = {
43        networking.useDHCP = false;
44        networking.interfaces.eth1.ipv4.addresses = [
45          { address = "192.168.0.2"; prefixLength = 24; }
46        ];
47        systemd.services.shadowsocks-client = {
48          description = "connect to shadowsocks";
49          after = [ "network.target" ];
50          wantedBy = [ "multi-user.target" ];
51          path = with pkgs; [ shadowsocks-libev ];
52          script = ''
53            exec ss-local \
54                -s 192.168.0.1 \
55                -p 8488 \
56                -l 1080 \
57                -k 'pa$$w0rd' \
58                -m chacha20-ietf-poly1305 \
59                -a nobody \
60                ${lib.optionalString (plugin != null) ''
61                  --plugin "${plugin}" --plugin-opts "${pluginOpts}"
62                ''}
63          '';
64        };
65      };
66    };
67
68    testScript = ''
69      start_all()
70
71      server.wait_for_unit("shadowsocks-libev.service")
72      client.wait_for_unit("shadowsocks-client.service")
73
74      client.fail(
75          "${pkgs.curl}/bin/curl 192.168.0.1:80"
76      )
77
78      msg = client.succeed(
79          "${pkgs.curl}/bin/curl --socks5 localhost:1080 192.168.0.1:80"
80      )
81      assert msg == "It works!", "Could not connect through shadowsocks"
82    '';
83  }
84)