nixos/tests/3proxy.nix at 24.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / tests / 3proxy.nix
at 24.11-pre 5.2 kB view raw
  1{ lib, pkgs, ... }: {
  2  name = "3proxy";
  3  meta.maintainers = with lib.maintainers; [ misuzu ];
  4
  5  nodes = {
  6    peer0 = { lib, ... }: {
  7      networking.useDHCP = false;
  8      networking.interfaces.eth1 = {
  9        ipv4.addresses = [
 10          {
 11            address = "192.168.0.1";
 12            prefixLength = 24;
 13          }
 14          {
 15            address = "216.58.211.111";
 16            prefixLength = 24;
 17          }
 18        ];
 19      };
 20    };
 21
 22    peer1 = { lib, ... }: {
 23      networking.useDHCP = false;
 24      networking.interfaces.eth1 = {
 25        ipv4.addresses = [
 26          {
 27            address = "192.168.0.2";
 28            prefixLength = 24;
 29          }
 30          {
 31            address = "216.58.211.112";
 32            prefixLength = 24;
 33          }
 34        ];
 35      };
 36      # test that binding to [::] is working when ipv6 is disabled
 37      networking.enableIPv6 = false;
 38      services._3proxy = {
 39        enable = true;
 40        services = [
 41          {
 42            type = "admin";
 43            bindPort = 9999;
 44            auth = [ "none" ];
 45          }
 46          {
 47            type = "proxy";
 48            bindPort = 3128;
 49            auth = [ "none" ];
 50          }
 51        ];
 52      };
 53      networking.firewall.allowedTCPPorts = [ 3128 9999 ];
 54    };
 55
 56    peer2 = { lib, ... }: {
 57      networking.useDHCP = false;
 58      networking.interfaces.eth1 = {
 59        ipv4.addresses = [
 60          {
 61            address = "192.168.0.3";
 62            prefixLength = 24;
 63          }
 64          {
 65            address = "216.58.211.113";
 66            prefixLength = 24;
 67          }
 68        ];
 69      };
 70      services._3proxy = {
 71        enable = true;
 72        services = [
 73          {
 74            type = "admin";
 75            bindPort = 9999;
 76            auth = [ "none" ];
 77          }
 78          {
 79            type = "proxy";
 80            bindPort = 3128;
 81            auth = [ "iponly" ];
 82            acl = [
 83              {
 84                rule = "allow";
 85              }
 86            ];
 87          }
 88        ];
 89      };
 90      networking.firewall.allowedTCPPorts = [ 3128 9999 ];
 91    };
 92
 93    peer3 = { lib, pkgs, ... }: {
 94      networking.useDHCP = false;
 95      networking.interfaces.eth1 = {
 96        ipv4.addresses = [
 97          {
 98            address = "192.168.0.4";
 99            prefixLength = 24;
100          }
101          {
102            address = "216.58.211.114";
103            prefixLength = 24;
104          }
105        ];
106      };
107      services._3proxy = {
108        enable = true;
109        usersFile = pkgs.writeText "3proxy.passwd" ''
110          admin:CR:$1$.GUV4Wvk$WnEVQtaqutD9.beO5ar1W/
111        '';
112        services = [
113          {
114            type = "admin";
115            bindPort = 9999;
116            auth = [ "none" ];
117          }
118          {
119            type = "proxy";
120            bindPort = 3128;
121            auth = [ "strong" ];
122            acl = [
123              {
124                rule = "allow";
125              }
126            ];
127          }
128        ];
129      };
130      networking.firewall.allowedTCPPorts = [ 3128 9999 ];
131    };
132  };
133
134  testScript = ''
135    start_all()
136
137    peer0.systemctl("start network-online.target")
138    peer0.wait_for_unit("network-online.target")
139
140    peer1.wait_for_unit("3proxy.service")
141    peer1.wait_for_open_port(9999)
142
143    # test none auth
144    peer0.succeed(
145        "${pkgs.wget}/bin/wget -e use_proxy=yes -e http_proxy=http://192.168.0.2:3128 -S -O /dev/null http://216.58.211.112:9999"
146    )
147    peer0.succeed(
148        "${pkgs.wget}/bin/wget -e use_proxy=yes -e http_proxy=http://192.168.0.2:3128 -S -O /dev/null http://192.168.0.2:9999"
149    )
150    peer0.succeed(
151        "${pkgs.wget}/bin/wget -e use_proxy=yes -e http_proxy=http://192.168.0.2:3128 -S -O /dev/null http://127.0.0.1:9999"
152    )
153
154    peer2.wait_for_unit("3proxy.service")
155    peer2.wait_for_open_port(9999)
156
157    # test iponly auth
158    peer0.succeed(
159        "${pkgs.wget}/bin/wget -e use_proxy=yes -e http_proxy=http://192.168.0.3:3128 -S -O /dev/null http://216.58.211.113:9999"
160    )
161    peer0.fail(
162        "${pkgs.wget}/bin/wget -e use_proxy=yes -e http_proxy=http://192.168.0.3:3128 -S -O /dev/null http://192.168.0.3:9999"
163    )
164    peer0.fail(
165        "${pkgs.wget}/bin/wget -e use_proxy=yes -e http_proxy=http://192.168.0.3:3128 -S -O /dev/null http://127.0.0.1:9999"
166    )
167
168    peer3.wait_for_unit("3proxy.service")
169    peer3.wait_for_open_port(9999)
170
171    # test strong auth
172    peer0.succeed(
173        "${pkgs.wget}/bin/wget -e use_proxy=yes -e http_proxy=http://admin:bigsecret\@192.168.0.4:3128 -S -O /dev/null http://216.58.211.114:9999"
174    )
175    peer0.fail(
176        "${pkgs.wget}/bin/wget -e use_proxy=yes -e http_proxy=http://admin:bigsecret\@192.168.0.4:3128 -S -O /dev/null http://192.168.0.4:9999"
177    )
178    peer0.fail(
179        "${pkgs.wget}/bin/wget -e use_proxy=yes -e http_proxy=http://192.168.0.4:3128 -S -O /dev/null http://216.58.211.114:9999"
180    )
181    peer0.fail(
182        "${pkgs.wget}/bin/wget -e use_proxy=yes -e http_proxy=http://192.168.0.4:3128 -S -O /dev/null http://192.168.0.4:9999"
183    )
184    peer0.fail(
185        "${pkgs.wget}/bin/wget -e use_proxy=yes -e http_proxy=http://192.168.0.4:3128 -S -O /dev/null http://127.0.0.1:9999"
186    )
187  '';
188}