nixos/tests/iodine.nix at 23.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / tests / iodine.nix
at 23.11-pre 1.7 kB view raw
 1import ./make-test-python.nix (
 2  { pkgs, ... }: let
 3    domain = "whatever.example.com";
 4    password = "false;foo;exit;withspecialcharacters";
 5  in
 6    {
 7      name = "iodine";
 8      nodes = {
 9        server =
10          { ... }:
11
12            {
13              networking.firewall = {
14                allowedUDPPorts = [ 53 ];
15                trustedInterfaces = [ "dns0" ];
16              };
17              boot.kernel.sysctl = {
18                "net.ipv4.ip_forward" = 1;
19                "net.ipv6.ip_forward" = 1;
20              };
21
22              services.iodine.server = {
23                enable = true;
24                ip = "10.53.53.1/24";
25                passwordFile = "${builtins.toFile "password" password}";
26                inherit domain;
27              };
28
29              # test resource: accessible only via tunnel
30              services.openssh = {
31                enable = true;
32                openFirewall = false;
33              };
34            };
35
36        client =
37          { ... }: {
38            services.iodine.clients.testClient = {
39              # test that ProtectHome is "read-only"
40              passwordFile = "/root/pw";
41              relay = "server";
42              server = domain;
43            };
44            systemd.tmpfiles.rules = [
45              "f /root/pw 0666 root root - ${password}"
46            ];
47            environment.systemPackages = [
48              pkgs.nagiosPluginsOfficial
49            ];
50          };
51
52      };
53
54      testScript = ''
55        start_all()
56
57        server.wait_for_unit("sshd")
58        server.wait_for_unit("iodined")
59        client.wait_for_unit("iodine-testClient")
60
61        client.succeed("check_ssh -H 10.53.53.1")
62      '';
63    }
64)