···
danIp6 = bobPrefix + "::2";
28
-
import ./make-test-python.nix (
32
-
meta = with pkgs.lib.maintainers; {
33
-
maintainers = [ gazally ];
31
+
meta = with pkgs.lib.maintainers; {
32
+
maintainers = [ gazally ];
37
-
# Alice is listening for peerings on a specified port,
38
-
# but has multicast peering disabled. Alice has part of her
39
-
# yggdrasil config in Nix and part of it in a file.
44
-
interfaces.eth1.ipv4.addresses = [
46
-
address = "192.168.1.200";
50
-
firewall.allowedTCPPorts = [
55
-
services.httpd.enable = true;
56
-
services.httpd.adminAddr = "foo@example.org";
36
+
# Alice is listening for peerings on a specified port,
37
+
# but has multicast peering disabled. Alice has part of her
38
+
# yggdrasil config in Nix and part of it in a file.
43
+
interfaces.eth1.ipv4.addresses = [
45
+
address = "192.168.1.200";
49
+
firewall.allowedTCPPorts = [
54
+
services.httpd.enable = true;
55
+
services.httpd.adminAddr = "foo@example.org";
58
-
services.yggdrasil = {
61
-
Listen = [ "tcp://0.0.0.0:12345" ];
62
-
MulticastInterfaces = [ ];
64
-
configFile = toString (
65
-
pkgs.writeTextFile {
66
-
name = "yggdrasil-alice-conf";
67
-
text = builtins.toJSON aliceKeys;
57
+
services.yggdrasil = {
60
+
Listen = [ "tcp://0.0.0.0:12345" ];
61
+
MulticastInterfaces = [ ];
63
+
configFile = toString (
64
+
pkgs.writeTextFile {
65
+
name = "yggdrasil-alice-conf";
66
+
text = builtins.toJSON aliceKeys;
73
-
# Bob is set up to peer with Alice, and also to do local multicast
74
-
# peering. Bob's yggdrasil config is in a file.
78
-
networking.firewall.allowedTCPPorts = [ 54321 ];
79
-
services.yggdrasil = {
81
-
openMulticastPort = true;
82
-
configFile = toString (
83
-
pkgs.writeTextFile {
84
-
name = "yggdrasil-bob-conf";
85
-
text = builtins.toJSON bobConfig;
72
+
# Bob is set up to peer with Alice, and also to do local multicast
73
+
# peering. Bob's yggdrasil config is in a file.
77
+
networking.firewall.allowedTCPPorts = [ 54321 ];
78
+
services.yggdrasil = {
80
+
openMulticastPort = true;
81
+
configFile = toString (
82
+
pkgs.writeTextFile {
83
+
name = "yggdrasil-bob-conf";
84
+
text = builtins.toJSON bobConfig;
89
+
boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = 1;
92
+
bridges.br0.interfaces = [ ];
96
+
address = bobPrefix + "::1";
90
-
boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = 1;
93
-
bridges.br0.interfaces = [ ];
103
+
# dan is a node inside a container running on bob's host.
106
+
privateNetwork = true;
107
+
hostBridge = "br0";
109
+
networking.interfaces.eth0.ipv6 = {
97
-
address = bobPrefix + "::1";
112
+
address = bobPrefix + "::2";
120
+
via = bobPrefix + "::1";
104
-
# dan is a node inside a container running on bob's host.
107
-
privateNetwork = true;
108
-
hostBridge = "br0";
110
-
{ config, pkgs, ... }:
112
-
networking.interfaces.eth0.ipv6 = {
115
-
address = bobPrefix + "::2";
123
-
via = bobPrefix + "::1";
127
-
services.httpd.enable = true;
128
-
services.httpd.adminAddr = "foo@example.org";
129
-
networking.firewall.allowedTCPPorts = [ 80 ];
124
+
services.httpd.enable = true;
125
+
services.httpd.adminAddr = "foo@example.org";
126
+
networking.firewall.allowedTCPPorts = [ 80 ];
134
-
# Carol only does local peering. Carol's yggdrasil config is all Nix.
138
-
networking.firewall.allowedTCPPorts = [ 43210 ];
139
-
services.yggdrasil = {
131
+
# Carol only does local peering. Carol's yggdrasil config is all Nix.
135
+
networking.firewall.allowedTCPPorts = [ 43210 ];
136
+
services.yggdrasil = {
142
+
denyDhcpcdInterfaces = [ "ygg0" ];
146
+
MulticastInterfaces = [
145
-
denyDhcpcdInterfaces = [ "ygg0" ];
149
-
MulticastInterfaces = [
154
-
openMulticastPort = true;
156
-
persistentKeys = true;
151
+
openMulticastPort = true;
153
+
persistentKeys = true;
164
-
# Give Alice a head start so she is ready when Bob calls.
166
-
alice.wait_for_unit("yggdrasil.service")
161
+
# Give Alice a head start so she is ready when Bob calls.
163
+
alice.wait_for_unit("yggdrasil.service")
170
-
bob.wait_for_unit("default.target")
171
-
carol.wait_for_unit("yggdrasil.service")
167
+
bob.wait_for_unit("default.target")
168
+
carol.wait_for_unit("yggdrasil.service")
173
-
ip_addr_show = "ip -o -6 addr show dev ygg0 scope global"
174
-
carol.wait_until_succeeds(f"[ `{ip_addr_show} | grep -v tentative | wc -l` -ge 1 ]")
175
-
carol_ip6 = re.split(" +|/", carol.succeed(ip_addr_show))[3]
170
+
ip_addr_show = "ip -o -6 addr show dev ygg0 scope global"
171
+
carol.wait_until_succeeds(f"[ `{ip_addr_show} | grep -v tentative | wc -l` -ge 1 ]")
172
+
carol_ip6 = re.split(" +|/", carol.succeed(ip_addr_show))[3]
177
-
# If Alice can talk to Carol, then Bob's outbound peering and Carol's
178
-
# local peering have succeeded and everybody is connected.
179
-
alice.wait_until_succeeds(f"ping -c 1 {carol_ip6}")
180
-
alice.succeed("ping -c 1 ${bobIp6}")
174
+
# If Alice can talk to Carol, then Bob's outbound peering and Carol's
175
+
# local peering have succeeded and everybody is connected.
176
+
alice.wait_until_succeeds(f"ping -c 1 {carol_ip6}")
177
+
alice.succeed("ping -c 1 ${bobIp6}")
182
-
bob.succeed("ping -c 1 ${aliceIp6}")
183
-
bob.succeed(f"ping -c 1 {carol_ip6}")
179
+
bob.succeed("ping -c 1 ${aliceIp6}")
180
+
bob.succeed(f"ping -c 1 {carol_ip6}")
185
-
carol.succeed("ping -c 1 ${aliceIp6}")
186
-
carol.succeed("ping -c 1 ${bobIp6}")
187
-
carol.succeed("ping -c 1 ${bobPrefix}::1")
188
-
carol.succeed("ping -c 8 ${danIp6}")
182
+
carol.succeed("ping -c 1 ${aliceIp6}")
183
+
carol.succeed("ping -c 1 ${bobIp6}")
184
+
carol.succeed("ping -c 1 ${bobPrefix}::1")
185
+
carol.succeed("ping -c 8 ${danIp6}")
190
-
carol.fail("journalctl -u dhcpcd | grep ygg0")
187
+
carol.fail("journalctl -u dhcpcd | grep ygg0")
192
-
alice.wait_for_unit("httpd.service")
193
-
carol.succeed("curl --fail -g http://[${aliceIp6}]")
194
-
carol.succeed("curl --fail -g http://[${danIp6}]")
189
+
alice.wait_for_unit("httpd.service")
190
+
carol.succeed("curl --fail -g http://[${aliceIp6}]")
191
+
carol.succeed("curl --fail -g http://[${danIp6}]")
pyrox.dev