nixos/tests/iodine.nix at master · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / tests / iodine.nix
at master 1.4 kB view raw
 1{ pkgs, ... }:
 2let
 3  domain = "whatever.example.com";
 4  password = "false;foo;exit;withspecialcharacters";
 5in
 6{
 7  name = "iodine";
 8  nodes = {
 9    server =
10      { ... }:
11
12      {
13        networking.firewall = {
14          allowedUDPPorts = [ 53 ];
15          trustedInterfaces = [ "dns0" ];
16        };
17        boot.kernel.sysctl = {
18          "net.ipv4.ip_forward" = 1;
19          "net.ipv6.ip_forward" = 1;
20        };
21
22        services.iodine.server = {
23          enable = true;
24          ip = "10.53.53.1/24";
25          passwordFile = "${builtins.toFile "password" password}";
26          inherit domain;
27        };
28
29        # test resource: accessible only via tunnel
30        services.openssh = {
31          enable = true;
32          openFirewall = false;
33        };
34      };
35
36    client =
37      { ... }:
38      {
39        services.iodine.clients.testClient = {
40          # test that ProtectHome is "read-only"
41          passwordFile = "/root/pw";
42          relay = "server";
43          server = domain;
44        };
45        systemd.tmpfiles.rules = [
46          "f /root/pw 0666 root root - ${password}"
47        ];
48        environment.systemPackages = [
49          pkgs.nagiosPluginsOfficial
50        ];
51      };
52
53  };
54
55  testScript = ''
56    start_all()
57
58    server.wait_for_unit("sshd")
59    server.wait_for_unit("iodined")
60    client.wait_for_unit("iodine-testClient")
61
62    client.succeed("check_ssh -H 10.53.53.1")
63  '';
64}