nixos/tests/teleport.nix at 23.05-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / tests / teleport.nix
at 23.05-pre 2.7 kB view raw
 1{ system ? builtins.currentSystem
 2, config ? { }
 3, pkgs ? import ../.. { inherit system config; }
 4}:
 5
 6with import ../lib/testing-python.nix { inherit system pkgs; };
 7
 8let
 9  minimal = { config, ... }: {
10    services.teleport.enable = true;
11  };
12
13  client = { config, ... }: {
14    services.teleport = {
15      enable = true;
16      settings = {
17        teleport = {
18          nodename = "client";
19          advertise_ip = "192.168.1.20";
20          auth_token = "8d1957b2-2ded-40e6-8297-d48156a898a9";
21          auth_servers = [ "192.168.1.10:3025" ];
22          log.severity = "DEBUG";
23        };
24        ssh_service = {
25          enabled = true;
26          labels = {
27            role = "client";
28          };
29        };
30        proxy_service.enabled = false;
31        auth_service.enabled = false;
32      };
33    };
34    networking.interfaces.eth1.ipv4.addresses = [{
35      address = "192.168.1.20";
36      prefixLength = 24;
37    }];
38  };
39
40  server = { config, ... }: {
41    services.teleport = {
42      enable = true;
43      settings = {
44        teleport = {
45          nodename = "server";
46          advertise_ip = "192.168.1.10";
47        };
48        ssh_service.enabled = true;
49        proxy_service.enabled = true;
50        auth_service = {
51          enabled = true;
52          tokens = [ "node:8d1957b2-2ded-40e6-8297-d48156a898a9" ];
53        };
54      };
55      diag.enable = true;
56      insecure.enable = true;
57    };
58    networking = {
59      firewall.allowedTCPPorts = [ 3025 ];
60      interfaces.eth1.ipv4.addresses = [{
61        address = "192.168.1.10";
62        prefixLength = 24;
63      }];
64    };
65  };
66in
67{
68  minimal = makeTest {
69    # minimal setup should always work
70    name = "teleport-minimal-setup";
71    meta.maintainers = with pkgs.lib.maintainers; [ ymatsiuk ];
72    nodes = { inherit minimal; };
73
74    testScript = ''
75      minimal.wait_for_open_port(3025)
76      minimal.wait_for_open_port(3080)
77      minimal.wait_for_open_port(3022)
78    '';
79  };
80
81  basic = makeTest {
82    # basic server and client test
83    name = "teleport-server-client";
84    meta.maintainers = with pkgs.lib.maintainers; [ ymatsiuk ];
85    nodes = { inherit server client; };
86
87    testScript = ''
88      with subtest("teleport ready"):
89          server.wait_for_open_port(3025)
90          client.wait_for_open_port(3022)
91
92      with subtest("check applied configuration"):
93          server.wait_until_succeeds("tctl get nodes --format=json | ${pkgs.jq}/bin/jq -e '.[] | select(.spec.hostname==\"client\") | .metadata.labels.role==\"client\"'")
94          server.wait_for_open_port(3000)
95          client.succeed("journalctl -u teleport.service --grep='DEBU'")
96          server.succeed("journalctl -u teleport.service --grep='Starting teleport in insecure mode.'")
97    '';
98  };
99}