nixos/tests/wstunnel.nix at 25.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / tests / wstunnel.nix
at 25.11-pre 2.4 kB view raw
 1{ lib, ... }:
 2
 3let
 4  certs = import ./common/acme/server/snakeoil-certs.nix;
 5  domain = certs.domain;
 6in
 7
 8{
 9  name = "wstunnel";
10
11  meta.platforms = lib.platforms.linux;
12
13  nodes = {
14    server = {
15      virtualisation.vlans = [ 1 ];
16
17      security.pki.certificateFiles = [ certs.ca.cert ];
18
19      networking = {
20        useNetworkd = true;
21        useDHCP = false;
22        firewall.enable = false;
23      };
24
25      systemd.network.networks."01-eth1" = {
26        name = "eth1";
27        networkConfig.Address = "10.0.0.1/24";
28      };
29
30      services.wstunnel = {
31        enable = true;
32        servers.my-server = {
33          listen = {
34            host = "10.0.0.1";
35            port = 443;
36          };
37          tlsCertificate = certs.${domain}.cert;
38          tlsKey = certs.${domain}.key;
39        };
40      };
41    };
42
43    client = {
44      virtualisation.vlans = [ 1 ];
45
46      security.pki.certificateFiles = [ certs.ca.cert ];
47
48      networking = {
49        useNetworkd = true;
50        useDHCP = false;
51        firewall.enable = false;
52        extraHosts = ''
53          10.0.0.1 ${domain}
54        '';
55      };
56
57      systemd.network.networks."01-eth1" = {
58        name = "eth1";
59        networkConfig.Address = "10.0.0.2/24";
60      };
61
62      services.wstunnel = {
63        enable = true;
64        clients.my-client = {
65          autoStart = false;
66          connectTo = "wss://${domain}:443";
67          localToRemote = [ "tcp://8080:localhost:2080" ];
68          remoteToLocal = [ "tcp://2081:localhost:8081" ];
69        };
70      };
71    };
72  };
73
74  testScript = # python
75    ''
76      start_all()
77      server.wait_for_unit("wstunnel-server-my-server.service")
78      client.wait_for_open_port(443, "10.0.0.1")
79
80      client.systemctl("start wstunnel-client-my-client.service")
81      client.wait_for_unit("wstunnel-client-my-client.service")
82
83      with subtest("connection from client to server"):
84        server.succeed("nc -l 2080 >/tmp/msg &")
85        client.sleep(1)
86        client.succeed('nc -w1 localhost 8080 <<<"Hello from client"')
87        server.succeed('grep "Hello from client" /tmp/msg')
88
89      with subtest("connection from server to client"):
90        client.succeed("nc -l 8081 >/tmp/msg &")
91        server.sleep(1)
92        server.succeed('nc -w1 localhost 2081 <<<"Hello from server"')
93        client.succeed('grep "Hello from server" /tmp/msg')
94
95      client.systemctl("stop wstunnel-client-my-client.service")
96    '';
97}