pyrox.dev
1# This is a simple distributed test involving a topology with two
2# separate virtual networks - the "inside" and the "outside" - with a
3# client on the inside network, a server on the outside network, and a
4# router connected to both that performs Network Address Translation
5# for the client.
6{ pkgs, lib, ... }:
7let
8 routerBase = lib.mkMerge [
9 {
10 virtualisation.vlans = [
11 2
12 1
13 ];
14 networking.nftables.enable = true;
15 networking.nat.internalIPs = [ "192.168.1.0/24" ];
16 networking.nat.externalInterface = "eth1";
17 }
18 ];
19in
20{
21 name = "dublin-traceroute";
22 meta = with pkgs.lib.maintainers; {
23 maintainers = [ baloo ];
24 };
25
26 nodes.client =
27 { nodes, ... }:
28 {
29 imports = [ ./common/user-account.nix ];
30 virtualisation.vlans = [ 1 ];
31
32 networking.defaultGateway =
33 (builtins.head nodes.router.networking.interfaces.eth2.ipv4.addresses).address;
34 networking.nftables.enable = true;
35
36 programs.dublin-traceroute.enable = true;
37 };
38
39 nodes.router =
40 { ... }:
41 {
42 virtualisation.vlans = [
43 2
44 1
45 ];
46 networking.nftables.enable = true;
47 networking.nat.internalIPs = [ "192.168.1.0/24" ];
48 networking.nat.externalInterface = "eth1";
49 networking.nat.enable = true;
50 };
51
52 nodes.server =
53 { ... }:
54 {
55 virtualisation.vlans = [ 2 ];
56 networking.firewall.enable = false;
57 services.httpd.enable = true;
58 services.httpd.adminAddr = "foo@example.org";
59 services.vsftpd.enable = true;
60 services.vsftpd.anonymousUser = true;
61 };
62
63 testScript = ''
64 client.start()
65 router.start()
66 server.start()
67
68 server.wait_for_unit("network.target")
69 router.wait_for_unit("network.target")
70 client.wait_for_unit("network.target")
71
72 # Make sure we can trace from an unprivileged user
73 client.succeed("sudo -u alice dublin-traceroute server")
74 '';
75}