nixos/tests/shadowsocks/common.nix at master · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / tests / shadowsocks / common.nix
at master 2.6 kB view raw
 1{
 2  name,
 3  plugin ? null,
 4  pluginOpts ? "",
 5}:
 6
 7import ../make-test-python.nix (
 8  { pkgs, lib, ... }:
 9  {
10    inherit name;
11    meta = {
12      maintainers = with lib.maintainers; [ hmenke ];
13    };
14
15    nodes = {
16      server = {
17        boot.kernel.sysctl."net.ipv4.ip_forward" = "1";
18        networking.useDHCP = false;
19        networking.interfaces.eth1.ipv4.addresses = [
20          {
21            address = "192.168.0.1";
22            prefixLength = 24;
23          }
24        ];
25        networking.firewall.rejectPackets = true;
26        networking.firewall.allowedTCPPorts = [ 8488 ];
27        networking.firewall.allowedUDPPorts = [ 8488 ];
28        services.shadowsocks = {
29          enable = true;
30          encryptionMethod = "chacha20-ietf-poly1305";
31          password = "pa$$w0rd";
32          localAddress = [ "0.0.0.0" ];
33          port = 8488;
34          fastOpen = false;
35          mode = "tcp_and_udp";
36        }
37        // lib.optionalAttrs (plugin != null) {
38          inherit plugin;
39          pluginOpts = "server;${pluginOpts}";
40        };
41        services.nginx = {
42          enable = true;
43          virtualHosts.server = {
44            locations."/".root = pkgs.writeTextDir "index.html" "It works!";
45          };
46        };
47      };
48
49      client = {
50        networking.useDHCP = false;
51        networking.interfaces.eth1.ipv4.addresses = [
52          {
53            address = "192.168.0.2";
54            prefixLength = 24;
55          }
56        ];
57        systemd.services.shadowsocks-client = {
58          description = "connect to shadowsocks";
59          after = [ "network.target" ];
60          wantedBy = [ "multi-user.target" ];
61          path = with pkgs; [ shadowsocks-libev ];
62          script = ''
63            exec ss-local \
64                -s 192.168.0.1 \
65                -p 8488 \
66                -l 1080 \
67                -k 'pa$$w0rd' \
68                -m chacha20-ietf-poly1305 \
69                -a nobody \
70                ${lib.optionalString (plugin != null) ''
71                  --plugin "${plugin}" --plugin-opts "${pluginOpts}"
72                ''}
73          '';
74        };
75      };
76    };
77
78    testScript = ''
79      start_all()
80
81      server.wait_for_unit("shadowsocks-libev.service")
82      server.wait_for_unit("nginx.service")
83      client.wait_for_unit("shadowsocks-client.service")
84
85      client.fail(
86          "${pkgs.curl}/bin/curl 192.168.0.1:80"
87      )
88
89      msg = client.succeed(
90          "${pkgs.curl}/bin/curl --socks5 localhost:1080 192.168.0.1:80"
91      )
92      assert msg == "It works!", "Could not connect through shadowsocks"
93    '';
94  }
95)