nixos/tests/teleport.nix at 23.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / tests / teleport.nix
at 23.11-pre 3.1 kB view raw
  1{ system ? builtins.currentSystem
  2, config ? { }
  3, pkgs ? import ../.. { inherit system config; }
  4, lib ? pkgs.lib
  5}:
  6
  7with import ../lib/testing-python.nix { inherit system pkgs; };
  8
  9let
 10  packages = with pkgs; {
 11    "default" = teleport;
 12    "11" = teleport_11;
 13  };
 14
 15  minimal = package: {
 16    services.teleport = {
 17      enable = true;
 18      inherit package;
 19    };
 20  };
 21
 22  client = package: {
 23    services.teleport = {
 24      enable = true;
 25      inherit package;
 26      settings = {
 27        teleport = {
 28          nodename = "client";
 29          advertise_ip = "192.168.1.20";
 30          auth_token = "8d1957b2-2ded-40e6-8297-d48156a898a9";
 31          auth_servers = [ "192.168.1.10:3025" ];
 32          log.severity = "DEBUG";
 33        };
 34        ssh_service = {
 35          enabled = true;
 36          labels = {
 37            role = "client";
 38          };
 39        };
 40        proxy_service.enabled = false;
 41        auth_service.enabled = false;
 42      };
 43    };
 44    networking.interfaces.eth1.ipv4.addresses = [{
 45      address = "192.168.1.20";
 46      prefixLength = 24;
 47    }];
 48  };
 49
 50  server = package: {
 51    services.teleport = {
 52      enable = true;
 53      inherit package;
 54      settings = {
 55        teleport = {
 56          nodename = "server";
 57          advertise_ip = "192.168.1.10";
 58        };
 59        ssh_service.enabled = true;
 60        proxy_service.enabled = true;
 61        auth_service = {
 62          enabled = true;
 63          tokens = [ "node:8d1957b2-2ded-40e6-8297-d48156a898a9" ];
 64        };
 65      };
 66      diag.enable = true;
 67      insecure.enable = true;
 68    };
 69    networking = {
 70      firewall.allowedTCPPorts = [ 3025 ];
 71      interfaces.eth1.ipv4.addresses = [{
 72        address = "192.168.1.10";
 73        prefixLength = 24;
 74      }];
 75    };
 76  };
 77in
 78lib.concatMapAttrs
 79  (name: package: {
 80    "minimal_${name}" = makeTest {
 81      # minimal setup should always work
 82      name = "teleport-minimal-setup";
 83      meta.maintainers = with pkgs.lib.maintainers; [ justinas ];
 84      nodes.minimal = minimal package;
 85
 86      testScript = ''
 87        minimal.wait_for_open_port(3025)
 88        minimal.wait_for_open_port(3080)
 89        minimal.wait_for_open_port(3022)
 90      '';
 91    };
 92
 93    "basic_${name}" = makeTest {
 94      # basic server and client test
 95      name = "teleport-server-client";
 96      meta.maintainers = with pkgs.lib.maintainers; [ justinas ];
 97      nodes = {
 98        server = server package;
 99        client = client package;
100      };
101
102      testScript = ''
103        with subtest("teleport ready"):
104            server.wait_for_open_port(3025)
105            client.wait_for_open_port(3022)
106
107        with subtest("check applied configuration"):
108            server.wait_until_succeeds("tctl get nodes --format=json | ${pkgs.jq}/bin/jq -e '.[] | select(.spec.hostname==\"client\") | .metadata.labels.role==\"client\"'")
109            server.wait_for_open_port(3000)
110            client.succeed("journalctl -u teleport.service --grep='DEBU'")
111            server.succeed("journalctl -u teleport.service --grep='Starting teleport in insecure mode.'")
112      '';
113    };
114  })
115  packages