nixos/tests/3proxy.nix at 23.11-beta · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / tests / 3proxy.nix
at 23.11-beta 5.1 kB view raw
  1{ lib, pkgs, ... }: {
  2  name = "3proxy";
  3  meta.maintainers = with lib.maintainers; [ misuzu ];
  4
  5  nodes = {
  6    peer0 = { lib, ... }: {
  7      networking.useDHCP = false;
  8      networking.interfaces.eth1 = {
  9        ipv4.addresses = [
 10          {
 11            address = "192.168.0.1";
 12            prefixLength = 24;
 13          }
 14          {
 15            address = "216.58.211.111";
 16            prefixLength = 24;
 17          }
 18        ];
 19      };
 20    };
 21
 22    peer1 = { lib, ... }: {
 23      networking.useDHCP = false;
 24      networking.interfaces.eth1 = {
 25        ipv4.addresses = [
 26          {
 27            address = "192.168.0.2";
 28            prefixLength = 24;
 29          }
 30          {
 31            address = "216.58.211.112";
 32            prefixLength = 24;
 33          }
 34        ];
 35      };
 36      # test that binding to [::] is working when ipv6 is disabled
 37      networking.enableIPv6 = false;
 38      services._3proxy = {
 39        enable = true;
 40        services = [
 41          {
 42            type = "admin";
 43            bindPort = 9999;
 44            auth = [ "none" ];
 45          }
 46          {
 47            type = "proxy";
 48            bindPort = 3128;
 49            auth = [ "none" ];
 50          }
 51        ];
 52      };
 53      networking.firewall.allowedTCPPorts = [ 3128 9999 ];
 54    };
 55
 56    peer2 = { lib, ... }: {
 57      networking.useDHCP = false;
 58      networking.interfaces.eth1 = {
 59        ipv4.addresses = [
 60          {
 61            address = "192.168.0.3";
 62            prefixLength = 24;
 63          }
 64          {
 65            address = "216.58.211.113";
 66            prefixLength = 24;
 67          }
 68        ];
 69      };
 70      services._3proxy = {
 71        enable = true;
 72        services = [
 73          {
 74            type = "admin";
 75            bindPort = 9999;
 76            auth = [ "none" ];
 77          }
 78          {
 79            type = "proxy";
 80            bindPort = 3128;
 81            auth = [ "iponly" ];
 82            acl = [
 83              {
 84                rule = "allow";
 85              }
 86            ];
 87          }
 88        ];
 89      };
 90      networking.firewall.allowedTCPPorts = [ 3128 9999 ];
 91    };
 92
 93    peer3 = { lib, pkgs, ... }: {
 94      networking.useDHCP = false;
 95      networking.interfaces.eth1 = {
 96        ipv4.addresses = [
 97          {
 98            address = "192.168.0.4";
 99            prefixLength = 24;
100          }
101          {
102            address = "216.58.211.114";
103            prefixLength = 24;
104          }
105        ];
106      };
107      services._3proxy = {
108        enable = true;
109        usersFile = pkgs.writeText "3proxy.passwd" ''
110          admin:CR:$1$.GUV4Wvk$WnEVQtaqutD9.beO5ar1W/
111        '';
112        services = [
113          {
114            type = "admin";
115            bindPort = 9999;
116            auth = [ "none" ];
117          }
118          {
119            type = "proxy";
120            bindPort = 3128;
121            auth = [ "strong" ];
122            acl = [
123              {
124                rule = "allow";
125              }
126            ];
127          }
128        ];
129      };
130      networking.firewall.allowedTCPPorts = [ 3128 9999 ];
131    };
132  };
133
134  testScript = ''
135    start_all()
136
137    peer0.wait_for_unit("network-online.target")
138
139    peer1.wait_for_unit("3proxy.service")
140    peer1.wait_for_open_port(9999)
141
142    # test none auth
143    peer0.succeed(
144        "${pkgs.wget}/bin/wget -e use_proxy=yes -e http_proxy=http://192.168.0.2:3128 -S -O /dev/null http://216.58.211.112:9999"
145    )
146    peer0.succeed(
147        "${pkgs.wget}/bin/wget -e use_proxy=yes -e http_proxy=http://192.168.0.2:3128 -S -O /dev/null http://192.168.0.2:9999"
148    )
149    peer0.succeed(
150        "${pkgs.wget}/bin/wget -e use_proxy=yes -e http_proxy=http://192.168.0.2:3128 -S -O /dev/null http://127.0.0.1:9999"
151    )
152
153    peer2.wait_for_unit("3proxy.service")
154    peer2.wait_for_open_port(9999)
155
156    # test iponly auth
157    peer0.succeed(
158        "${pkgs.wget}/bin/wget -e use_proxy=yes -e http_proxy=http://192.168.0.3:3128 -S -O /dev/null http://216.58.211.113:9999"
159    )
160    peer0.fail(
161        "${pkgs.wget}/bin/wget -e use_proxy=yes -e http_proxy=http://192.168.0.3:3128 -S -O /dev/null http://192.168.0.3:9999"
162    )
163    peer0.fail(
164        "${pkgs.wget}/bin/wget -e use_proxy=yes -e http_proxy=http://192.168.0.3:3128 -S -O /dev/null http://127.0.0.1:9999"
165    )
166
167    peer3.wait_for_unit("3proxy.service")
168    peer3.wait_for_open_port(9999)
169
170    # test strong auth
171    peer0.succeed(
172        "${pkgs.wget}/bin/wget -e use_proxy=yes -e http_proxy=http://admin:bigsecret\@192.168.0.4:3128 -S -O /dev/null http://216.58.211.114:9999"
173    )
174    peer0.fail(
175        "${pkgs.wget}/bin/wget -e use_proxy=yes -e http_proxy=http://admin:bigsecret\@192.168.0.4:3128 -S -O /dev/null http://192.168.0.4:9999"
176    )
177    peer0.fail(
178        "${pkgs.wget}/bin/wget -e use_proxy=yes -e http_proxy=http://192.168.0.4:3128 -S -O /dev/null http://216.58.211.114:9999"
179    )
180    peer0.fail(
181        "${pkgs.wget}/bin/wget -e use_proxy=yes -e http_proxy=http://192.168.0.4:3128 -S -O /dev/null http://192.168.0.4:9999"
182    )
183    peer0.fail(
184        "${pkgs.wget}/bin/wget -e use_proxy=yes -e http_proxy=http://192.168.0.4:3128 -S -O /dev/null http://127.0.0.1:9999"
185    )
186  '';
187}