commit 5e6e949e84593e7fc87cdf6fc4b0a37e015a7265 · pyrox.dev/nixpkgs

nixos/tests/all-tests.nix

···

       571
        
         openresty-lua = handleTest ./openresty-lua.nix {};

     

       572
        
         opensmtpd = handleTest ./opensmtpd.nix {};

     

       573
        
         opensmtpd-rspamd = handleTest ./opensmtpd-rspamd.nix {};

     

       0
        
       
     

       574
        
         openssh = handleTest ./openssh.nix {};

     

       575
        
         octoprint = handleTest ./octoprint.nix {};

     

       576
        
         openstack-image-metadata = (handleTestOn ["x86_64-linux"] ./openstack-image.nix {}).metadata or {};

···

       571
        
         openresty-lua = handleTest ./openresty-lua.nix {};

     

       572
        
         opensmtpd = handleTest ./opensmtpd.nix {};

     

       573
        
         opensmtpd-rspamd = handleTest ./opensmtpd-rspamd.nix {};

     

       574
       +
         opensnitch = handleTest ./opensnitch.nix {};

     

       575
        
         openssh = handleTest ./openssh.nix {};

     

       576
        
         octoprint = handleTest ./octoprint.nix {};

     

       577
        
         openstack-image-metadata = (handleTestOn ["x86_64-linux"] ./openstack-image.nix {}).metadata or {};

+62

nixos/tests/opensnitch.nix

···

       1
       +
       import ./make-test-python.nix ({ pkgs, ... }: {

     

       2
       +
         name = "opensnitch";

     

       3
       +
       

     

       4
       +
         meta = with pkgs.lib.maintainers; {

     

       5
       +
           maintainers = [ onny ];

     

       6
       +
         };

     

       7
       +
       

     

       8
       +
         nodes = {

     

       9
       +
           server =

     

       10
       +
             { ... }: {

     

       11
       +
               networking.firewall.allowedTCPPorts = [ 80 ];

     

       12
       +
               services.caddy = {

     

       13
       +
                 enable = true;

     

       14
       +
                 virtualHosts."localhost".extraConfig = ''

     

       15
       +
                   respond "Hello, world!"

     

       16
       +
                 '';

     

       17
       +
               };

     

       18
       +
             };

     

       19
       +
       

     

       20
       +
           clientBlocked =

     

       21
       +
             { ... }: {

     

       22
       +
               services.opensnitch = {

     

       23
       +
                 enable = true;

     

       24
       +
                 settings.DefaultAction = "deny";

     

       25
       +
               };

     

       26
       +
             };

     

       27
       +
       

     

       28
       +
           clientAllowed =

     

       29
       +
             { ... }: {

     

       30
       +
               services.opensnitch = {

     

       31
       +
                 enable = true;

     

       32
       +
                 settings.DefaultAction = "deny";

     

       33
       +
                 rules = {

     

       34
       +
                   opensnitch = {

     

       35
       +
                     name = "curl";

     

       36
       +
                     enabled = true;

     

       37
       +
                     action = "allow";

     

       38
       +
                     duration = "always";

     

       39
       +
                     operator = {

     

       40
       +
                       type ="simple";

     

       41
       +
                       sensitive = false;

     

       42
       +
                       operand = "process.path";

     

       43
       +
                       data = "${pkgs.curl}/bin/curl";

     

       44
       +
                     };

     

       45
       +
                   };

     

       46
       +
                 };

     

       47
       +
               };

     

       48
       +
             };

     

       49
       +
         };

     

       50
       +
       

     

       51
       +
         testScript = ''

     

       52
       +
           start_all()

     

       53
       +
           server.wait_for_unit("caddy.service")

     

       54
       +
           server.wait_for_open_port(80)

     

       55
       +
       

     

       56
       +
           clientBlocked.wait_for_unit("opensnitchd.service")

     

       57
       +
           clientBlocked.fail("curl http://server")

     

       58
       +
       

     

       59
       +
           clientAllowed.wait_for_unit("opensnitchd.service")

     

       60
       +
           clientAllowed.succeed("curl http://server")

     

       61
       +
         '';

     

       62
       +
       })

+7 -3

pkgs/tools/networking/opensnitch/daemon.nix

···

       13
        
       , protoc-gen-go-grpc

     

       14
        
       , testers

     

       15
        
       , opensnitch

     

       0
        
       
     

       16
        
       }:

     

       17
        
       

     

       18
        
       buildGoModule rec {

     
···

       69
        
             --prefix PATH : ${lib.makeBinPath [ iptables ]}

     

       70
        
         '';

     

       71
        
       

     

       72
       -
         passthru.tests.version = testers.testVersion {

     

       73
       -
           package = opensnitch;

     

       74
       -
           command = "opensnitchd -version";

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       75
        
         };

     

       76
        
       

     

       77
        
         meta = with lib; {

···

       13
        
       , protoc-gen-go-grpc

     

       14
        
       , testers

     

       15
        
       , opensnitch

     

       16
       +
       , nixosTests

     

       17
        
       }:

     

       18
        
       

     

       19
        
       buildGoModule rec {

     
···

       70
        
             --prefix PATH : ${lib.makeBinPath [ iptables ]}

     

       71
        
         '';

     

       72
        
       

     

       73
       +
         passthru.tests = {

     

       74
       +
           inherit (nixosTests) opensnitch;

     

       75
       +
           version = testers.testVersion {

     

       76
       +
             package = opensnitch;

     

       77
       +
             command = "opensnitchd -version";

     

       78
       +
           };

     

       79
        
         };

     

       80
        
       

     

       81
        
         meta = with lib; {