···

       
1319
       
 
       
  stratis = handleTest ./stratis { };

     

       
1320
       
 
       
  strongswan-swanctl = runTest ./strongswan-swanctl.nix;

     

       
1321
       
 
       
  stub-ld = handleTestOn [ "x86_64-linux" "aarch64-linux" ] ./stub-ld.nix { };

     

       
1322
       
-
       
  stunnel = handleTest ./stunnel.nix { };

     

       
1323
       
 
       
  sudo = runTest ./sudo.nix;

     

       
1324
       
 
       
  sudo-rs = runTest ./sudo-rs.nix;

     

       
1325
       
 
       
  sunshine = runTest ./sunshine.nix;

     

···

       
1319
       
 
       
  stratis = handleTest ./stratis { };

     

       
1320
       
 
       
  strongswan-swanctl = runTest ./strongswan-swanctl.nix;

     

       
1321
       
 
       
  stub-ld = handleTestOn [ "x86_64-linux" "aarch64-linux" ] ./stub-ld.nix { };

     

       
1322
       
+
       
  stunnel = import ./stunnel.nix { inherit runTest; };

     

       
1323
       
 
       
  sudo = runTest ./sudo.nix;

     

       
1324
       
 
       
  sudo-rs = runTest ./sudo-rs.nix;

     

       
1325
       
 
       
  sunshine = runTest ./sunshine.nix;

     

···

       
1
       
-
       
{

     

       
2
       
-
       
  system ? builtins.currentSystem,

     

       
3
       
-
       
  config ? { },

     

       
4
       
-
       
  pkgs ? import ../.. { inherit system config; },

     

       
5
       
-
       
}:

     

       
6
       
-
       


     

       
7
       
-
       
with import ../lib/testing-python.nix { inherit system pkgs; };

     

       
8
       
-
       
with pkgs.lib;

     

       
9
       
 
       


     

       
10
       
 
       
let

     

       
11
       
 
       
  stunnelCommon = {

     
···

       
20
       
 
       
    };

     

       
21
       
 
       
  };

     

       
22
       
 
       
  makeCert =

     

       
23
       
-
       
    { config, pkgs, ... }:

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
24
       
 
       
    {

     

       
25
       
 
       
      systemd.services.create-test-cert = {

     

       
26
       
 
       
        wantedBy = [ "sysinit.target" ];

     
···

       
32
       
 
       
        unitConfig.DefaultDependencies = false;

     

       
33
       
 
       
        serviceConfig.Type = "oneshot";

     

       
34
       
 
       
        script = ''

     

       
35
       
-
       
          ${pkgs.openssl}/bin/openssl req -batch -x509 -newkey rsa -nodes -out /test-cert.pem -keyout /test-key.pem -subj /CN=${config.networking.hostName}

     

       
36
       
 
       
          ( umask 077; cat /test-key.pem /test-cert.pem > /test-key-and-cert.pem )

     

       
37
       
 
       
          chown stunnel /test-key.pem /test-key-and-cert.pem

     

       
38
       
 
       
        '';

     

       
39
       
 
       
      };

     

       
40
       
 
       
    };

     

       
41
       
 
       
  serverCommon =

     

       
42
       
-
       
    { pkgs, ... }:

     

       
43
       
 
       
    {

     

       
44
       
 
       
      networking.firewall.allowedTCPPorts = [ 443 ];

     

       
45
       
 
       
      services.stunnel.servers.https = {

     
···

       
51
       
 
       
        wantedBy = [ "multi-user.target" ];

     

       
52
       
 
       
        script = ''

     

       
53
       
 
       
          cd /etc/webroot

     

       
54
       
-
       
          ${pkgs.python3}/bin/python -m http.server 80

     

       
55
       
 
       
        '';

     

       
56
       
 
       
      };

     

       
57
       
 
       
    };

     
···

       
61
       
 
       
    server_cert = ${src}.succeed("cat /test-cert.pem")

     

       
62
       
 
       
    ${dest}.succeed("echo %s > ${filename}" % quote(server_cert))

     

       
63
       
 
       
  '';

     

       
64
       
-
       


     

       
65
       
 
       
in

     

       
66
       
 
       
{

     

       
67
       
-
       
  basicServer = makeTest {

     

       
68
       
 
       
    name = "basicServer";

     

       
69
       
 
       


     

       
70
       
 
       
    nodes = {

     
···

       
92
       
 
       
    '';

     

       
93
       
 
       
  };

     

       
94
       
 
       


     

       
95
       
-
       
  serverAndClient = makeTest {

     

       
96
       
 
       
    name = "serverAndClient";

     

       
97
       
 
       


     

       
98
       
 
       
    nodes = {

     
···

       
150
       
 
       
    '';

     

       
151
       
 
       
  };

     

       
152
       
 
       


     

       
153
       
-
       
  mutualAuth = makeTest {

     

       
154
       
 
       
    name = "mutualAuth";

     

       
155
       
 
       


     

       
156
       
 
       
    nodes = rec {

     

···

       
1
       
+
       
{ runTest }:

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
2
       
 
       


     

       
3
       
 
       
let

     

       
4
       
 
       
  stunnelCommon = {

     
···

       
13
       
 
       
    };

     

       
14
       
 
       
  };

     

       
15
       
 
       
  makeCert =

     

       
16
       
+
       
    {

     

       
17
       
+
       
      config,

     

       
18
       
+
       
      lib,

     

       
19
       
+
       
      pkgs,

     

       
20
       
+
       
      ...

     

       
21
       
+
       
    }:

     

       
22
       
 
       
    {

     

       
23
       
 
       
      systemd.services.create-test-cert = {

     

       
24
       
 
       
        wantedBy = [ "sysinit.target" ];

     
···

       
30
       
 
       
        unitConfig.DefaultDependencies = false;

     

       
31
       
 
       
        serviceConfig.Type = "oneshot";

     

       
32
       
 
       
        script = ''

     

       
33
       
+
       
          ${lib.getExe pkgs.openssl} req -batch -x509 -newkey rsa -nodes -out /test-cert.pem -keyout /test-key.pem -subj /CN=${config.networking.hostName}

     

       
34
       
 
       
          ( umask 077; cat /test-key.pem /test-cert.pem > /test-key-and-cert.pem )

     

       
35
       
 
       
          chown stunnel /test-key.pem /test-key-and-cert.pem

     

       
36
       
 
       
        '';

     

       
37
       
 
       
      };

     

       
38
       
 
       
    };

     

       
39
       
 
       
  serverCommon =

     

       
40
       
+
       
    { lib, pkgs, ... }:

     

       
41
       
 
       
    {

     

       
42
       
 
       
      networking.firewall.allowedTCPPorts = [ 443 ];

     

       
43
       
 
       
      services.stunnel.servers.https = {

     
···

       
49
       
 
       
        wantedBy = [ "multi-user.target" ];

     

       
50
       
 
       
        script = ''

     

       
51
       
 
       
          cd /etc/webroot

     

       
52
       
+
       
          ${lib.getExe' pkgs.python3 "python"} -m http.server 80

     

       
53
       
 
       
        '';

     

       
54
       
 
       
      };

     

       
55
       
 
       
    };

     
···

       
59
       
 
       
    server_cert = ${src}.succeed("cat /test-cert.pem")

     

       
60
       
 
       
    ${dest}.succeed("echo %s > ${filename}" % quote(server_cert))

     

       
61
       
 
       
  '';

     

       
0
       
 
       

     

       
62
       
 
       
in

     

       
63
       
 
       
{

     

       
64
       
+
       
  basicServer = runTest {

     

       
65
       
 
       
    name = "basicServer";

     

       
66
       
 
       


     

       
67
       
 
       
    nodes = {

     
···

       
89
       
 
       
    '';

     

       
90
       
 
       
  };

     

       
91
       
 
       


     

       
92
       
+
       
  serverAndClient = runTest {

     

       
93
       
 
       
    name = "serverAndClient";

     

       
94
       
 
       


     

       
95
       
 
       
    nodes = {

     
···

       
147
       
 
       
    '';

     

       
148
       
 
       
  };

     

       
149
       
 
       


     

       
150
       
+
       
  mutualAuth = runTest {

     

       
151
       
 
       
    name = "mutualAuth";

     

       
152
       
 
       


     

       
153
       
 
       
    nodes = rec {