+1 -1

nixos/tests/all-tests.nix

reviewed

··· 1300 1300 xxh = handleTest ./xxh.nix {}; 1301 1301 yabar = handleTest ./yabar.nix {}; 1302 1302 ydotool = handleTest ./ydotool.nix {}; 1303 1303 - yggdrasil = handleTest ./yggdrasil.nix {}; 1303 1303 + yggdrasil = runTest ./yggdrasil.nix; 1304 1304 your_spotify = runTest ./your_spotify.nix; 1305 1305 zammad = runTest ./zammad.nix; 1306 1306 zenohd = runTest ./zenohd.nix;

+138 -142

nixos/tests/yggdrasil.nix

reviewed

··· 25 25 danIp6 = bobPrefix + "::2"; 26 26 27 27 in 28 28 - import ./make-test-python.nix ( 29 29 - { pkgs, ... }: 30 30 - { 31 31 - name = "yggdrasil"; 32 32 - meta = with pkgs.lib.maintainers; { 33 33 - maintainers = [ gazally ]; 34 34 - }; 28 28 + { pkgs, ... }: 29 29 + { 30 30 + name = "yggdrasil"; 31 31 + meta = with pkgs.lib.maintainers; { 32 32 + maintainers = [ gazally ]; 33 33 + }; 35 34 36 36 - nodes = rec { 37 37 - # Alice is listening for peerings on a specified port, 38 38 - # but has multicast peering disabled. Alice has part of her 39 39 - # yggdrasil config in Nix and part of it in a file. 40 40 - alice = 41 41 - { ... }: 42 42 - { 43 43 - networking = { 44 44 - interfaces.eth1.ipv4.addresses = [ 45 45 - { 46 46 - address = "192.168.1.200"; 47 47 - prefixLength = 24; 48 48 - } 49 49 - ]; 50 50 - firewall.allowedTCPPorts = [ 51 51 - 80 52 52 - 12345 53 53 - ]; 54 54 - }; 55 55 - services.httpd.enable = true; 56 56 - services.httpd.adminAddr = "foo@example.org"; 35 35 + nodes = { 36 36 + # Alice is listening for peerings on a specified port, 37 37 + # but has multicast peering disabled. Alice has part of her 38 38 + # yggdrasil config in Nix and part of it in a file. 39 39 + alice = 40 40 + { ... }: 41 41 + { 42 42 + networking = { 43 43 + interfaces.eth1.ipv4.addresses = [ 44 44 + { 45 45 + address = "192.168.1.200"; 46 46 + prefixLength = 24; 47 47 + } 48 48 + ]; 49 49 + firewall.allowedTCPPorts = [ 50 50 + 80 51 51 + 12345 52 52 + ]; 53 53 + }; 54 54 + services.httpd.enable = true; 55 55 + services.httpd.adminAddr = "foo@example.org"; 57 56 58 58 - services.yggdrasil = { 59 59 - enable = true; 60 60 - settings = { 61 61 - Listen = [ "tcp://0.0.0.0:12345" ]; 62 62 - MulticastInterfaces = [ ]; 63 63 - }; 64 64 - configFile = toString ( 65 65 - pkgs.writeTextFile { 66 66 - name = "yggdrasil-alice-conf"; 67 67 - text = builtins.toJSON aliceKeys; 68 68 - } 69 69 - ); 57 57 + services.yggdrasil = { 58 58 + enable = true; 59 59 + settings = { 60 60 + Listen = [ "tcp://0.0.0.0:12345" ]; 61 61 + MulticastInterfaces = [ ]; 70 62 }; 63 63 + configFile = toString ( 64 64 + pkgs.writeTextFile { 65 65 + name = "yggdrasil-alice-conf"; 66 66 + text = builtins.toJSON aliceKeys; 67 67 + } 68 68 + ); 71 69 }; 70 70 + }; 72 71 73 73 - # Bob is set up to peer with Alice, and also to do local multicast 74 74 - # peering. Bob's yggdrasil config is in a file. 75 75 - bob = 76 76 - { ... }: 77 77 - { 78 78 - networking.firewall.allowedTCPPorts = [ 54321 ]; 79 79 - services.yggdrasil = { 80 80 - enable = true; 81 81 - openMulticastPort = true; 82 82 - configFile = toString ( 83 83 - pkgs.writeTextFile { 84 84 - name = "yggdrasil-bob-conf"; 85 85 - text = builtins.toJSON bobConfig; 72 72 + # Bob is set up to peer with Alice, and also to do local multicast 73 73 + # peering. Bob's yggdrasil config is in a file. 74 74 + bob = 75 75 + { ... }: 76 76 + { 77 77 + networking.firewall.allowedTCPPorts = [ 54321 ]; 78 78 + services.yggdrasil = { 79 79 + enable = true; 80 80 + openMulticastPort = true; 81 81 + configFile = toString ( 82 82 + pkgs.writeTextFile { 83 83 + name = "yggdrasil-bob-conf"; 84 84 + text = builtins.toJSON bobConfig; 85 85 + } 86 86 + ); 87 87 + }; 88 88 + 89 89 + boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = 1; 90 90 + 91 91 + networking = { 92 92 + bridges.br0.interfaces = [ ]; 93 93 + interfaces.br0 = { 94 94 + ipv6.addresses = [ 95 95 + { 96 96 + address = bobPrefix + "::1"; 97 97 + prefixLength = 64; 86 98 } 87 87 - ); 99 99 + ]; 88 100 }; 101 101 + }; 89 102 90 90 - boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = 1; 91 91 - 92 92 - networking = { 93 93 - bridges.br0.interfaces = [ ]; 94 94 - interfaces.br0 = { 95 95 - ipv6.addresses = [ 103 103 + # dan is a node inside a container running on bob's host. 104 104 + containers.dan = { 105 105 + autoStart = true; 106 106 + privateNetwork = true; 107 107 + hostBridge = "br0"; 108 108 + config = { 109 109 + networking.interfaces.eth0.ipv6 = { 110 110 + addresses = [ 96 111 { 97 97 - address = bobPrefix + "::1"; 112 112 + address = bobPrefix + "::2"; 98 113 prefixLength = 64; 99 114 } 100 115 ]; 116 116 + routes = [ 117 117 + { 118 118 + address = "200::"; 119 119 + prefixLength = 7; 120 120 + via = bobPrefix + "::1"; 121 121 + } 122 122 + ]; 101 123 }; 102 102 - }; 103 103 - 104 104 - # dan is a node inside a container running on bob's host. 105 105 - containers.dan = { 106 106 - autoStart = true; 107 107 - privateNetwork = true; 108 108 - hostBridge = "br0"; 109 109 - config = 110 110 - { config, pkgs, ... }: 111 111 - { 112 112 - networking.interfaces.eth0.ipv6 = { 113 113 - addresses = [ 114 114 - { 115 115 - address = bobPrefix + "::2"; 116 116 - prefixLength = 64; 117 117 - } 118 118 - ]; 119 119 - routes = [ 120 120 - { 121 121 - address = "200::"; 122 122 - prefixLength = 7; 123 123 - via = bobPrefix + "::1"; 124 124 - } 125 125 - ]; 126 126 - }; 127 127 - services.httpd.enable = true; 128 128 - services.httpd.adminAddr = "foo@example.org"; 129 129 - networking.firewall.allowedTCPPorts = [ 80 ]; 130 130 - }; 124 124 + services.httpd.enable = true; 125 125 + services.httpd.adminAddr = "foo@example.org"; 126 126 + networking.firewall.allowedTCPPorts = [ 80 ]; 131 127 }; 132 128 }; 129 129 + }; 133 130 134 134 - # Carol only does local peering. Carol's yggdrasil config is all Nix. 135 135 - carol = 136 136 - { ... }: 137 137 - { 138 138 - networking.firewall.allowedTCPPorts = [ 43210 ]; 139 139 - services.yggdrasil = { 140 140 - enable = true; 141 141 - extraArgs = [ 142 142 - "-loglevel" 143 143 - "error" 131 131 + # Carol only does local peering. Carol's yggdrasil config is all Nix. 132 132 + carol = 133 133 + { ... }: 134 134 + { 135 135 + networking.firewall.allowedTCPPorts = [ 43210 ]; 136 136 + services.yggdrasil = { 137 137 + enable = true; 138 138 + extraArgs = [ 139 139 + "-loglevel" 140 140 + "error" 141 141 + ]; 142 142 + denyDhcpcdInterfaces = [ "ygg0" ]; 143 143 + settings = { 144 144 + IfTAPMode = true; 145 145 + IfName = "ygg0"; 146 146 + MulticastInterfaces = [ 147 147 + { 148 148 + Port = 43210; 149 149 + } 144 150 ]; 145 145 - denyDhcpcdInterfaces = [ "ygg0" ]; 146 146 - settings = { 147 147 - IfTAPMode = true; 148 148 - IfName = "ygg0"; 149 149 - MulticastInterfaces = [ 150 150 - { 151 151 - Port = 43210; 152 152 - } 153 153 - ]; 154 154 - openMulticastPort = true; 155 155 - }; 156 156 - persistentKeys = true; 151 151 + openMulticastPort = true; 157 152 }; 153 153 + persistentKeys = true; 158 154 }; 159 159 - }; 155 155 + }; 156 156 + }; 160 157 161 161 - testScript = '' 162 162 - import re 158 158 + testScript = '' 159 159 + import re 163 160 164 164 - # Give Alice a head start so she is ready when Bob calls. 165 165 - alice.start() 166 166 - alice.wait_for_unit("yggdrasil.service") 161 161 + # Give Alice a head start so she is ready when Bob calls. 162 162 + alice.start() 163 163 + alice.wait_for_unit("yggdrasil.service") 167 164 168 168 - bob.start() 169 169 - carol.start() 170 170 - bob.wait_for_unit("default.target") 171 171 - carol.wait_for_unit("yggdrasil.service") 165 165 + bob.start() 166 166 + carol.start() 167 167 + bob.wait_for_unit("default.target") 168 168 + carol.wait_for_unit("yggdrasil.service") 172 169 173 173 - ip_addr_show = "ip -o -6 addr show dev ygg0 scope global" 174 174 - carol.wait_until_succeeds(f"[ `{ip_addr_show} | grep -v tentative | wc -l` -ge 1 ]") 175 175 - carol_ip6 = re.split(" +|/", carol.succeed(ip_addr_show))[3] 170 170 + ip_addr_show = "ip -o -6 addr show dev ygg0 scope global" 171 171 + carol.wait_until_succeeds(f"[ `{ip_addr_show} | grep -v tentative | wc -l` -ge 1 ]") 172 172 + carol_ip6 = re.split(" +|/", carol.succeed(ip_addr_show))[3] 176 173 177 177 - # If Alice can talk to Carol, then Bob's outbound peering and Carol's 178 178 - # local peering have succeeded and everybody is connected. 179 179 - alice.wait_until_succeeds(f"ping -c 1 {carol_ip6}") 180 180 - alice.succeed("ping -c 1 ${bobIp6}") 174 174 + # If Alice can talk to Carol, then Bob's outbound peering and Carol's 175 175 + # local peering have succeeded and everybody is connected. 176 176 + alice.wait_until_succeeds(f"ping -c 1 {carol_ip6}") 177 177 + alice.succeed("ping -c 1 ${bobIp6}") 181 178 182 182 - bob.succeed("ping -c 1 ${aliceIp6}") 183 183 - bob.succeed(f"ping -c 1 {carol_ip6}") 179 179 + bob.succeed("ping -c 1 ${aliceIp6}") 180 180 + bob.succeed(f"ping -c 1 {carol_ip6}") 184 181 185 185 - carol.succeed("ping -c 1 ${aliceIp6}") 186 186 - carol.succeed("ping -c 1 ${bobIp6}") 187 187 - carol.succeed("ping -c 1 ${bobPrefix}::1") 188 188 - carol.succeed("ping -c 8 ${danIp6}") 182 182 + carol.succeed("ping -c 1 ${aliceIp6}") 183 183 + carol.succeed("ping -c 1 ${bobIp6}") 184 184 + carol.succeed("ping -c 1 ${bobPrefix}::1") 185 185 + carol.succeed("ping -c 8 ${danIp6}") 189 186 190 190 - carol.fail("journalctl -u dhcpcd | grep ygg0") 187 187 + carol.fail("journalctl -u dhcpcd | grep ygg0") 191 188 192 192 - alice.wait_for_unit("httpd.service") 193 193 - carol.succeed("curl --fail -g http://[${aliceIp6}]") 194 194 - carol.succeed("curl --fail -g http://[${danIp6}]") 195 195 - ''; 196 196 - } 197 197 - ) 189 189 + alice.wait_for_unit("httpd.service") 190 190 + carol.succeed("curl --fail -g http://[${aliceIp6}]") 191 191 + carol.succeed("curl --fail -g http://[${danIp6}]") 192 192 + ''; 193 193 + }