pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / tests / shadowsocks / common.nix
at 25.11-pre 2.6 kB view raw
1{ 2 name, 3 plugin ? null, 4 pluginOpts ? "", 5}: 6 7import ../make-test-python.nix ( 8 { pkgs, lib, ... }: 9 { 10 inherit name; 11 meta = { 12 maintainers = with lib.maintainers; [ hmenke ]; 13 }; 14 15 nodes = { 16 server = { 17 boot.kernel.sysctl."net.ipv4.ip_forward" = "1"; 18 networking.useDHCP = false; 19 networking.interfaces.eth1.ipv4.addresses = [ 20 { 21 address = "192.168.0.1"; 22 prefixLength = 24; 23 } 24 ]; 25 networking.firewall.rejectPackets = true; 26 networking.firewall.allowedTCPPorts = [ 8488 ]; 27 networking.firewall.allowedUDPPorts = [ 8488 ]; 28 services.shadowsocks = 29 { 30 enable = true; 31 encryptionMethod = "chacha20-ietf-poly1305"; 32 password = "pa$$w0rd"; 33 localAddress = [ "0.0.0.0" ]; 34 port = 8488; 35 fastOpen = false; 36 mode = "tcp_and_udp"; 37 } 38 // lib.optionalAttrs (plugin != null) { 39 inherit plugin; 40 pluginOpts = "server;${pluginOpts}"; 41 }; 42 services.nginx = { 43 enable = true; 44 virtualHosts.server = { 45 locations."/".root = pkgs.writeTextDir "index.html" "It works!"; 46 }; 47 }; 48 }; 49 50 client = { 51 networking.useDHCP = false; 52 networking.interfaces.eth1.ipv4.addresses = [ 53 { 54 address = "192.168.0.2"; 55 prefixLength = 24; 56 } 57 ]; 58 systemd.services.shadowsocks-client = { 59 description = "connect to shadowsocks"; 60 after = [ "network.target" ]; 61 wantedBy = [ "multi-user.target" ]; 62 path = with pkgs; [ shadowsocks-libev ]; 63 script = '' 64 exec ss-local \ 65 -s 192.168.0.1 \ 66 -p 8488 \ 67 -l 1080 \ 68 -k 'pa$$w0rd' \ 69 -m chacha20-ietf-poly1305 \ 70 -a nobody \ 71 ${lib.optionalString (plugin != null) '' 72 --plugin "${plugin}" --plugin-opts "${pluginOpts}" 73 ''} 74 ''; 75 }; 76 }; 77 }; 78 79 testScript = '' 80 start_all() 81 82 server.wait_for_unit("shadowsocks-libev.service") 83 server.wait_for_unit("nginx.service") 84 client.wait_for_unit("shadowsocks-client.service") 85 86 client.fail( 87 "${pkgs.curl}/bin/curl 192.168.0.1:80" 88 ) 89 90 msg = client.succeed( 91 "${pkgs.curl}/bin/curl --socks5 localhost:1080 192.168.0.1:80" 92 ) 93 assert msg == "It works!", "Could not connect through shadowsocks" 94 ''; 95 } 96)