···
danIp6 = bobPrefix + "::2";
-
import ./make-test-python.nix (
-
meta = with pkgs.lib.maintainers; {
-
maintainers = [ gazally ];
-
# Alice is listening for peerings on a specified port,
-
# but has multicast peering disabled. Alice has part of her
-
# yggdrasil config in Nix and part of it in a file.
-
interfaces.eth1.ipv4.addresses = [
-
address = "192.168.1.200";
-
firewall.allowedTCPPorts = [
-
services.httpd.enable = true;
-
services.httpd.adminAddr = "foo@example.org";
-
Listen = [ "tcp://0.0.0.0:12345" ];
-
MulticastInterfaces = [ ];
-
configFile = toString (
-
name = "yggdrasil-alice-conf";
-
text = builtins.toJSON aliceKeys;
-
# Bob is set up to peer with Alice, and also to do local multicast
-
# peering. Bob's yggdrasil config is in a file.
-
networking.firewall.allowedTCPPorts = [ 54321 ];
-
openMulticastPort = true;
-
configFile = toString (
-
name = "yggdrasil-bob-conf";
-
text = builtins.toJSON bobConfig;
-
boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = 1;
-
bridges.br0.interfaces = [ ];
-
address = bobPrefix + "::1";
-
# dan is a node inside a container running on bob's host.
-
networking.interfaces.eth0.ipv6 = {
-
address = bobPrefix + "::2";
-
via = bobPrefix + "::1";
-
services.httpd.enable = true;
-
services.httpd.adminAddr = "foo@example.org";
-
networking.firewall.allowedTCPPorts = [ 80 ];
-
# Carol only does local peering. Carol's yggdrasil config is all Nix.
-
networking.firewall.allowedTCPPorts = [ 43210 ];
-
denyDhcpcdInterfaces = [ "ygg0" ];
-
MulticastInterfaces = [
-
openMulticastPort = true;
-
# Give Alice a head start so she is ready when Bob calls.
-
alice.wait_for_unit("yggdrasil.service")
-
bob.wait_for_unit("default.target")
-
carol.wait_for_unit("yggdrasil.service")
-
ip_addr_show = "ip -o -6 addr show dev ygg0 scope global"
-
carol.wait_until_succeeds(f"[ `{ip_addr_show} | grep -v tentative | wc -l` -ge 1 ]")
-
carol_ip6 = re.split(" +|/", carol.succeed(ip_addr_show))[3]
-
# If Alice can talk to Carol, then Bob's outbound peering and Carol's
-
# local peering have succeeded and everybody is connected.
-
alice.wait_until_succeeds(f"ping -c 1 {carol_ip6}")
-
alice.succeed("ping -c 1 ${bobIp6}")
-
bob.succeed("ping -c 1 ${aliceIp6}")
-
bob.succeed(f"ping -c 1 {carol_ip6}")
-
carol.succeed("ping -c 1 ${aliceIp6}")
-
carol.succeed("ping -c 1 ${bobIp6}")
-
carol.succeed("ping -c 1 ${bobPrefix}::1")
-
carol.succeed("ping -c 8 ${danIp6}")
-
carol.fail("journalctl -u dhcpcd | grep ygg0")
-
alice.wait_for_unit("httpd.service")
-
carol.succeed("curl --fail -g http://[${aliceIp6}]")
-
carol.succeed("curl --fail -g http://[${danIp6}]")
pyrox.dev