pyrox.dev
1# This is a simple distributed test involving a topology with two
2# separate virtual networks - the "inside" and the "outside" - with a
3# client on the inside network, a server on the outside network, and a
4# router connected to both that performs Network Address Translation
5# for the client.
6import ./make-test-python.nix (
7 { pkgs, lib, ... }:
8 let
9 routerBase = lib.mkMerge [
10 {
11 virtualisation.vlans = [
12 2
13 1
14 ];
15 networking.nftables.enable = true;
16 networking.nat.internalIPs = [ "192.168.1.0/24" ];
17 networking.nat.externalInterface = "eth1";
18 }
19 ];
20 in
21 {
22 name = "dublin-traceroute";
23 meta = with pkgs.lib.maintainers; {
24 maintainers = [ baloo ];
25 };
26
27 nodes.client =
28 { nodes, ... }:
29 {
30 imports = [ ./common/user-account.nix ];
31 virtualisation.vlans = [ 1 ];
32
33 networking.defaultGateway =
34 (builtins.head nodes.router.networking.interfaces.eth2.ipv4.addresses).address;
35 networking.nftables.enable = true;
36
37 programs.dublin-traceroute.enable = true;
38 };
39
40 nodes.router =
41 { ... }:
42 {
43 virtualisation.vlans = [
44 2
45 1
46 ];
47 networking.nftables.enable = true;
48 networking.nat.internalIPs = [ "192.168.1.0/24" ];
49 networking.nat.externalInterface = "eth1";
50 networking.nat.enable = true;
51 };
52
53 nodes.server =
54 { ... }:
55 {
56 virtualisation.vlans = [ 2 ];
57 networking.firewall.enable = false;
58 services.httpd.enable = true;
59 services.httpd.adminAddr = "foo@example.org";
60 services.vsftpd.enable = true;
61 services.vsftpd.anonymousUser = true;
62 };
63
64 testScript = ''
65 client.start()
66 router.start()
67 server.start()
68
69 server.wait_for_unit("network.target")
70 router.wait_for_unit("network.target")
71 client.wait_for_unit("network.target")
72
73 # Make sure we can trace from an unprivileged user
74 client.succeed("sudo -u alice dublin-traceroute server")
75 '';
76 }
77)