nixos/tests/teleport.nix at 25.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / tests / teleport.nix
at 25.11-pre 3.1 kB view raw
  1{
  2  system ? builtins.currentSystem,
  3  config ? { },
  4  pkgs ? import ../.. { inherit system config; },
  5  lib ? pkgs.lib,
  6}:
  7
  8with import ../lib/testing-python.nix { inherit system pkgs; };
  9
 10let
 11  packages = with pkgs; {
 12    "16" = teleport_16;
 13    "17" = teleport_17;
 14  };
 15
 16  minimal = package: {
 17    services.teleport = {
 18      enable = true;
 19      inherit package;
 20    };
 21  };
 22
 23  client = package: {
 24    services.teleport = {
 25      enable = true;
 26      inherit package;
 27      settings = {
 28        teleport = {
 29          nodename = "client";
 30          advertise_ip = "192.168.1.20";
 31          auth_token = "8d1957b2-2ded-40e6-8297-d48156a898a9";
 32          auth_servers = [ "192.168.1.10:3025" ];
 33          log.severity = "DEBUG";
 34        };
 35        ssh_service = {
 36          enabled = true;
 37          labels = {
 38            role = "client";
 39          };
 40        };
 41        proxy_service.enabled = false;
 42        auth_service.enabled = false;
 43      };
 44    };
 45    networking.interfaces.eth1.ipv4.addresses = [
 46      {
 47        address = "192.168.1.20";
 48        prefixLength = 24;
 49      }
 50    ];
 51  };
 52
 53  server = package: {
 54    services.teleport = {
 55      enable = true;
 56      inherit package;
 57      settings = {
 58        teleport = {
 59          nodename = "server";
 60          advertise_ip = "192.168.1.10";
 61        };
 62        ssh_service.enabled = true;
 63        proxy_service.enabled = true;
 64        auth_service = {
 65          enabled = true;
 66          tokens = [ "node:8d1957b2-2ded-40e6-8297-d48156a898a9" ];
 67        };
 68      };
 69      diag.enable = true;
 70      insecure.enable = true;
 71    };
 72    networking = {
 73      firewall.allowedTCPPorts = [ 3025 ];
 74      interfaces.eth1.ipv4.addresses = [
 75        {
 76          address = "192.168.1.10";
 77          prefixLength = 24;
 78        }
 79      ];
 80    };
 81  };
 82in
 83lib.concatMapAttrs (name: package: {
 84  "minimal_${name}" = makeTest {
 85    # minimal setup should always work
 86    name = "teleport-minimal-setup";
 87    meta.maintainers = with pkgs.lib.maintainers; [ justinas ];
 88    nodes.minimal = minimal package;
 89
 90    testScript = ''
 91      minimal.wait_for_open_port(3025)
 92      minimal.wait_for_open_port(3080)
 93      minimal.wait_for_open_port(3022)
 94    '';
 95  };
 96
 97  "basic_${name}" = makeTest {
 98    # basic server and client test
 99    name = "teleport-server-client";
100    meta.maintainers = with pkgs.lib.maintainers; [ justinas ];
101    nodes = {
102      server = server package;
103      client = client package;
104    };
105
106    testScript = ''
107      with subtest("teleport ready"):
108          server.wait_for_open_port(3025)
109          client.wait_for_open_port(3022)
110
111      with subtest("check applied configuration"):
112          server.wait_until_succeeds("tctl get nodes --format=json | ${pkgs.jq}/bin/jq -e '.[] | select(.spec.hostname==\"client\") | .metadata.labels.role==\"client\"'")
113          server.wait_for_open_port(3000)
114          client.succeed("journalctl -u teleport.service --grep='DEBU'")
115          server.succeed("journalctl -u teleport.service --grep='Starting teleport in insecure mode.'")
116    '';
117  };
118}) packages