nixos/tests/coturn.nix at 25.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / tests / coturn.nix
at 25.11-pre 1.3 kB view raw
 1import ./make-test-python.nix (
 2  { pkgs, ... }:
 3  {
 4    name = "coturn";
 5    nodes = {
 6      default = {
 7        services.coturn.enable = true;
 8      };
 9      secretsfile = {
10        boot.postBootCommands = ''
11          echo "some-very-secret-string" > /run/coturn-secret
12        '';
13        services.coturn = {
14          enable = true;
15          static-auth-secret-file = "/run/coturn-secret";
16        };
17      };
18    };
19
20    testScript = ''
21      start_all()
22
23      with subtest("by default works without configuration"):
24          default.wait_for_unit("coturn.service")
25
26      with subtest("works with static-auth-secret-file"):
27          secretsfile.wait_for_unit("coturn.service")
28          secretsfile.wait_for_open_port(3478)
29          secretsfile.succeed("grep 'some-very-secret-string' /run/coturn/turnserver.cfg")
30          # Forbidden IP, fails:
31          secretsfile.fail("${pkgs.coturn}/bin/turnutils_uclient -W some-very-secret-string 127.0.0.1 -DgX -e 127.0.0.1 -n 1 -c -y")
32          # allowed-peer-ip, should succeed:
33          secretsfile.succeed("${pkgs.coturn}/bin/turnutils_uclient -W some-very-secret-string 192.168.1.2 -DgX -e 192.168.1.2 -n 1 -c -y")
34
35      default.log(default.execute("systemd-analyze security coturn.service | grep -v '✓'")[1])
36    '';
37  }
38)