pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / tests / shadowsocks / common.nix
at 23.11-beta 2.5 kB view raw
1{ name 2, plugin ? null 3, pluginOpts ? "" 4}: 5 6import ../make-test-python.nix ({ pkgs, lib, ... }: { 7 inherit name; 8 meta = { 9 maintainers = with lib.maintainers; [ hmenke ]; 10 }; 11 12 nodes = { 13 server = { 14 boot.kernel.sysctl."net.ipv4.ip_forward" = "1"; 15 networking.useDHCP = false; 16 networking.interfaces.eth1.ipv4.addresses = [ 17 { address = "192.168.0.1"; prefixLength = 24; } 18 ]; 19 networking.firewall.rejectPackets = true; 20 networking.firewall.allowedTCPPorts = [ 8488 ]; 21 networking.firewall.allowedUDPPorts = [ 8488 ]; 22 services.shadowsocks = { 23 enable = true; 24 encryptionMethod = "chacha20-ietf-poly1305"; 25 password = "pa$$w0rd"; 26 localAddress = [ "0.0.0.0" ]; 27 port = 8488; 28 fastOpen = false; 29 mode = "tcp_and_udp"; 30 } // lib.optionalAttrs (plugin != null) { 31 inherit plugin; 32 pluginOpts = "server;${pluginOpts}"; 33 }; 34 services.nginx = { 35 enable = true; 36 virtualHosts.server = { 37 locations."/".root = pkgs.writeTextDir "index.html" "It works!"; 38 }; 39 }; 40 }; 41 42 client = { 43 networking.useDHCP = false; 44 networking.interfaces.eth1.ipv4.addresses = [ 45 { address = "192.168.0.2"; prefixLength = 24; } 46 ]; 47 systemd.services.shadowsocks-client = { 48 description = "connect to shadowsocks"; 49 after = [ "network.target" ]; 50 wantedBy = [ "multi-user.target" ]; 51 path = with pkgs; [ shadowsocks-libev ]; 52 script = '' 53 exec ss-local \ 54 -s 192.168.0.1 \ 55 -p 8488 \ 56 -l 1080 \ 57 -k 'pa$$w0rd' \ 58 -m chacha20-ietf-poly1305 \ 59 -a nobody \ 60 ${lib.optionalString (plugin != null) '' 61 --plugin "${plugin}" --plugin-opts "${pluginOpts}" 62 ''} 63 ''; 64 }; 65 }; 66 }; 67 68 testScript = '' 69 start_all() 70 71 server.wait_for_unit("shadowsocks-libev.service") 72 server.wait_for_unit("nginx.service") 73 client.wait_for_unit("shadowsocks-client.service") 74 75 client.fail( 76 "${pkgs.curl}/bin/curl 192.168.0.1:80" 77 ) 78 79 msg = client.succeed( 80 "${pkgs.curl}/bin/curl --socks5 localhost:1080 192.168.0.1:80" 81 ) 82 assert msg == "It works!", "Could not connect through shadowsocks" 83 ''; 84 } 85)