pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / tests / 3proxy.nix
at 25.11-pre 5.5 kB view raw
1{ lib, pkgs, ... }: 2{ 3 name = "3proxy"; 4 meta.maintainers = with lib.maintainers; [ misuzu ]; 5 6 nodes = { 7 peer0 = 8 { lib, ... }: 9 { 10 networking.useDHCP = false; 11 networking.interfaces.eth1 = { 12 ipv4.addresses = [ 13 { 14 address = "192.168.0.1"; 15 prefixLength = 24; 16 } 17 { 18 address = "216.58.211.111"; 19 prefixLength = 24; 20 } 21 ]; 22 }; 23 }; 24 25 peer1 = 26 { lib, ... }: 27 { 28 networking.useDHCP = false; 29 networking.interfaces.eth1 = { 30 ipv4.addresses = [ 31 { 32 address = "192.168.0.2"; 33 prefixLength = 24; 34 } 35 { 36 address = "216.58.211.112"; 37 prefixLength = 24; 38 } 39 ]; 40 }; 41 # test that binding to [::] is working when ipv6 is disabled 42 networking.enableIPv6 = false; 43 services._3proxy = { 44 enable = true; 45 services = [ 46 { 47 type = "admin"; 48 bindPort = 9999; 49 auth = [ "none" ]; 50 } 51 { 52 type = "proxy"; 53 bindPort = 3128; 54 auth = [ "none" ]; 55 } 56 ]; 57 }; 58 networking.firewall.allowedTCPPorts = [ 59 3128 60 9999 61 ]; 62 }; 63 64 peer2 = 65 { lib, ... }: 66 { 67 networking.useDHCP = false; 68 networking.interfaces.eth1 = { 69 ipv4.addresses = [ 70 { 71 address = "192.168.0.3"; 72 prefixLength = 24; 73 } 74 { 75 address = "216.58.211.113"; 76 prefixLength = 24; 77 } 78 ]; 79 }; 80 services._3proxy = { 81 enable = true; 82 services = [ 83 { 84 type = "admin"; 85 bindPort = 9999; 86 auth = [ "none" ]; 87 } 88 { 89 type = "proxy"; 90 bindPort = 3128; 91 auth = [ "iponly" ]; 92 acl = [ 93 { 94 rule = "allow"; 95 } 96 ]; 97 } 98 ]; 99 }; 100 networking.firewall.allowedTCPPorts = [ 101 3128 102 9999 103 ]; 104 }; 105 106 peer3 = 107 { lib, pkgs, ... }: 108 { 109 networking.useDHCP = false; 110 networking.interfaces.eth1 = { 111 ipv4.addresses = [ 112 { 113 address = "192.168.0.4"; 114 prefixLength = 24; 115 } 116 { 117 address = "216.58.211.114"; 118 prefixLength = 24; 119 } 120 ]; 121 }; 122 services._3proxy = { 123 enable = true; 124 usersFile = pkgs.writeText "3proxy.passwd" '' 125 admin:CR:$1$.GUV4Wvk$WnEVQtaqutD9.beO5ar1W/ 126 ''; 127 services = [ 128 { 129 type = "admin"; 130 bindPort = 9999; 131 auth = [ "none" ]; 132 } 133 { 134 type = "proxy"; 135 bindPort = 3128; 136 auth = [ "strong" ]; 137 acl = [ 138 { 139 rule = "allow"; 140 } 141 ]; 142 } 143 ]; 144 }; 145 networking.firewall.allowedTCPPorts = [ 146 3128 147 9999 148 ]; 149 }; 150 }; 151 152 testScript = '' 153 start_all() 154 155 peer0.systemctl("start network-online.target") 156 peer0.wait_for_unit("network-online.target") 157 158 peer1.wait_for_unit("3proxy.service") 159 peer1.wait_for_open_port(9999) 160 161 # test none auth 162 peer0.succeed( 163 "${pkgs.wget}/bin/wget -e use_proxy=yes -e http_proxy=http://192.168.0.2:3128 -S -O /dev/null http://216.58.211.112:9999" 164 ) 165 peer0.succeed( 166 "${pkgs.wget}/bin/wget -e use_proxy=yes -e http_proxy=http://192.168.0.2:3128 -S -O /dev/null http://192.168.0.2:9999" 167 ) 168 peer0.succeed( 169 "${pkgs.wget}/bin/wget -e use_proxy=yes -e http_proxy=http://192.168.0.2:3128 -S -O /dev/null http://127.0.0.1:9999" 170 ) 171 172 peer2.wait_for_unit("3proxy.service") 173 peer2.wait_for_open_port(9999) 174 175 # test iponly auth 176 peer0.succeed( 177 "${pkgs.wget}/bin/wget -e use_proxy=yes -e http_proxy=http://192.168.0.3:3128 -S -O /dev/null http://216.58.211.113:9999" 178 ) 179 peer0.fail( 180 "${pkgs.wget}/bin/wget -e use_proxy=yes -e http_proxy=http://192.168.0.3:3128 -S -O /dev/null http://192.168.0.3:9999" 181 ) 182 peer0.fail( 183 "${pkgs.wget}/bin/wget -e use_proxy=yes -e http_proxy=http://192.168.0.3:3128 -S -O /dev/null http://127.0.0.1:9999" 184 ) 185 186 peer3.wait_for_unit("3proxy.service") 187 peer3.wait_for_open_port(9999) 188 189 # test strong auth 190 peer0.succeed( 191 "${pkgs.wget}/bin/wget -e use_proxy=yes -e http_proxy=http://admin:bigsecret\@192.168.0.4:3128 -S -O /dev/null http://216.58.211.114:9999" 192 ) 193 peer0.fail( 194 "${pkgs.wget}/bin/wget -e use_proxy=yes -e http_proxy=http://admin:bigsecret\@192.168.0.4:3128 -S -O /dev/null http://192.168.0.4:9999" 195 ) 196 peer0.fail( 197 "${pkgs.wget}/bin/wget -e use_proxy=yes -e http_proxy=http://192.168.0.4:3128 -S -O /dev/null http://216.58.211.114:9999" 198 ) 199 peer0.fail( 200 "${pkgs.wget}/bin/wget -e use_proxy=yes -e http_proxy=http://192.168.0.4:3128 -S -O /dev/null http://192.168.0.4:9999" 201 ) 202 peer0.fail( 203 "${pkgs.wget}/bin/wget -e use_proxy=yes -e http_proxy=http://192.168.0.4:3128 -S -O /dev/null http://127.0.0.1:9999" 204 ) 205 ''; 206}