pyrox.dev / nixpkgs
lol
fork atom

nixos/tests/tinc: init with simple test

Minijackson 6cd97509 499e366d

+297
unified split
+1
nixos/tests/all-tests.nix
··· 370 telegraf = handleTest ./telegraf.nix {}; 371 tiddlywiki = handleTest ./tiddlywiki.nix {}; 372 timezone = handleTest ./timezone.nix {}; 373 tinydns = handleTest ./tinydns.nix {}; 374 tor = handleTest ./tor.nix {}; 375 # traefik test relies on docker-containers
··· 370 telegraf = handleTest ./telegraf.nix {}; 371 tiddlywiki = handleTest ./tiddlywiki.nix {}; 372 timezone = handleTest ./timezone.nix {}; 373 + tinc = handleTest ./tinc {}; 374 tinydns = handleTest ./tinydns.nix {}; 375 tor = handleTest ./tor.nix {}; 376 # traefik test relies on docker-containers
+139
nixos/tests/tinc/default.nix
···
··· 1 + import ../make-test-python.nix ({ lib, ... }: 2 + let 3 + snakeoil-keys = import ./snakeoil-keys.nix; 4 + 5 + hosts = lib.attrNames snakeoil-keys; 6 + 7 + subnetOf = name: config: 8 + let 9 + subnets = config.services.tinc.networks.myNetwork.hostSettings.${name}.subnets; 10 + in 11 + (builtins.head subnets).address; 12 + 13 + makeTincHost = name: { subnet, extraConfig ? { } }: lib.mkMerge [ 14 + { 15 + subnets = [{ address = subnet; }]; 16 + settings = { 17 + Ed25519PublicKey = snakeoil-keys.${name}.ed25519Public; 18 + }; 19 + rsaPublicKey = snakeoil-keys.${name}.rsaPublic; 20 + } 21 + extraConfig 22 + ]; 23 + 24 + makeTincNode = { config, ... }: name: extraConfig: lib.mkMerge [ 25 + { 26 + services.tinc.networks.myNetwork = { 27 + inherit name; 28 + rsaPrivateKeyFile = 29 + builtins.toFile "rsa.priv" snakeoil-keys.${name}.rsaPrivate; 30 + ed25519PrivateKeyFile = 31 + builtins.toFile "ed25519.priv" snakeoil-keys.${name}.ed25519Private; 32 + 33 + hostSettings = lib.mapAttrs makeTincHost { 34 + static = { 35 + subnet = "10.0.0.11"; 36 + # Only specify the addresses in the node's vlans, Tinc does not 37 + # seem to try each one, unlike the documentation suggests... 38 + extraConfig.addresses = map 39 + (vlan: { address = "192.168.${toString vlan}.11"; port = 655; }) 40 + config.virtualisation.vlans; 41 + }; 42 + dynamic1 = { subnet = "10.0.0.21"; }; 43 + dynamic2 = { subnet = "10.0.0.22"; }; 44 + }; 45 + }; 46 + 47 + networking.useDHCP = false; 48 + 49 + networking.interfaces."tinc.myNetwork" = { 50 + virtual = true; 51 + virtualType = "tun"; 52 + ipv4.addresses = [{ 53 + address = subnetOf name config; 54 + prefixLength = 24; 55 + }]; 56 + }; 57 + 58 + # Prevents race condition between NixOS service and tinc creating the 59 + # interface. 60 + # See: https://github.com/NixOS/nixpkgs/issues/27070 61 + systemd.services."tinc.myNetwork" = { 62 + after = [ "network-addresses-tinc.myNetwork.service" ]; 63 + requires = [ "network-addresses-tinc.myNetwork.service" ]; 64 + }; 65 + 66 + networking.firewall.allowedTCPPorts = [ 655 ]; 67 + networking.firewall.allowedUDPPorts = [ 655 ]; 68 + } 69 + extraConfig 70 + ]; 71 + 72 + in 73 + { 74 + name = "tinc"; 75 + meta.maintainers = with lib.maintainers; [ minijackson ]; 76 + 77 + nodes = { 78 + 79 + static = { ... } @ args: 80 + makeTincNode args "static" { 81 + virtualisation.vlans = [ 1 2 ]; 82 + 83 + networking.interfaces.eth1.ipv4.addresses = [{ 84 + address = "192.168.1.11"; 85 + prefixLength = 24; 86 + }]; 87 + 88 + networking.interfaces.eth2.ipv4.addresses = [{ 89 + address = "192.168.2.11"; 90 + prefixLength = 24; 91 + }]; 92 + }; 93 + 94 + 95 + dynamic1 = { ... } @ args: 96 + makeTincNode args "dynamic1" { 97 + virtualisation.vlans = [ 1 ]; 98 + }; 99 + 100 + dynamic2 = { ... } @ args: 101 + makeTincNode args "dynamic2" { 102 + virtualisation.vlans = [ 2 ]; 103 + }; 104 + 105 + }; 106 + 107 + testScript = '' 108 + start_all() 109 + 110 + static.wait_for_unit("tinc.myNetwork.service") 111 + dynamic1.wait_for_unit("tinc.myNetwork.service") 112 + dynamic2.wait_for_unit("tinc.myNetwork.service") 113 + 114 + # Static is accessible by the other hosts 115 + dynamic1.succeed("ping -c5 192.168.1.11") 116 + dynamic2.succeed("ping -c5 192.168.2.11") 117 + 118 + # The other hosts are in separate vlans 119 + dynamic1.fail("ping -c5 192.168.2.11") 120 + dynamic2.fail("ping -c5 192.168.1.11") 121 + 122 + # Each host can ping themselves through Tinc 123 + static.succeed("ping -c5 10.0.0.11") 124 + dynamic1.succeed("ping -c5 10.0.0.21") 125 + dynamic2.succeed("ping -c5 10.0.0.22") 126 + 127 + # Static is accessible by the other hosts through Tinc 128 + dynamic1.succeed("ping -c5 10.0.0.11") 129 + dynamic2.succeed("ping -c5 10.0.0.11") 130 + 131 + # Static can access the other hosts through Tinc 132 + static.succeed("ping -c5 10.0.0.21") 133 + static.succeed("ping -c5 10.0.0.22") 134 + 135 + # The other hosts in separate vlans can access each other through Tinc 136 + dynamic1.succeed("ping -c5 10.0.0.22") 137 + dynamic2.succeed("ping -c5 10.0.0.21") 138 + ''; 139 + })
+157
nixos/tests/tinc/snakeoil-keys.nix
···
··· 1 + { 2 + static = { 3 + ed25519Private = '' 4 + -----BEGIN ED25519 PRIVATE KEY----- 5 + IPR+ur5LfVdm6VlR1+FGIkbkL8Enkb9sejBa/JP6tXkg/vHoraIp70srb6jAUFm5 6 + 3YbCJiBjLW3dy16qM5PovBoWtr5hoqYYA9dFLOys8FBUFFsIGfKhnbk7g25iwxbO 7 + -----END ED25519 PRIVATE KEY----- 8 + ''; 9 + 10 + ed25519Public = "AqV7aeIqKGGQfXxijMLfRAVRBLixnS45G5OoduIc8mD"; 11 + 12 + rsaPrivate = '' 13 + -----BEGIN RSA PRIVATE KEY----- 14 + MIIEpAIBAAKCAQEAxDHl0TIhhT2yH5rT+Q7MLnj+Ir8bbs3uaPqnzcxWzN1EfVP8 15 + TWt5fSTrF2Dc78Kyu5ZNALrp7tUj0GZAegp1YeYJ28p3qTwCveywtCwbB4dI987S 16 + yJwq95kE9aoyLa+cT99VwSTdb2YowQv2tWj/idxE3oJ+qZjy9tE5mysXm7jmTQDx 17 + +U0XmNe6MHjKXc01Ener41u0ykJLeUfdgJ1zEyM2rQGtaHpIXfMT6kmxCaMcAMLg 18 + YFpI38/1pQGQtROKdGOaUomx2m058bkMsJhTiBjESiLRDElRGxmMJ732crGJP0GR 19 + ChJkaX/CnxHq7R0daZfwoTVHRu6N7WDbFQL5twIDAQABAoIBAQCM/fLTIHyYXRr5 20 + vXFhxXGUYBz56W6UdWdEiAU5TwR92vFSQ53IIVlARtyvg0ui/b8mMcAKq0hb+03u 21 + gN0LFyL+BKvHCLxvoRGzXTorcJrIET+t3jL6OchjANNgnDvNOytQ9wWQdKaxXLAi 22 + 8y8LdXZWozXW1d6ikKjiGL+WNCSWIcq83ktSJZcohihptU9Un16FYQzdolSC8RtI 23 + XyT7i1ye6hW/wJTJxqZ4taX3EPat85kXS234VGSqg9bb2A1yE+U8Rq37bf8AKldJ 24 + NUQB3JyxnkYGJcqvzDmz139+744VWxDRvXDA5vU29LC6f8bGBvwEttD98QW+pgmB 25 + 1NBU1Uo5AoGBAOzUk6k74h1RarwXaftjh/9Pures0CfNNnrkJApzFCh4bAoHNxq6 26 + SSXqLcc/vvX2+YaZ72nn5YTo+JLQP6evM9oUaqRMAxa3nzoNCtF8U2r48UWmoUQE 27 + aZCYbD3m7IVWFacCKRVaVTMZMTTicypSnXcbCSIEH8PRs9+L4jkHgql9AoGBANQT 28 + TZECVhIaQnyRiKWlUE8G1QKzXIxjmfyirBe+ftlIG2XMXasAtQ4VRxpnorgqUnIH 29 + BVrIbvRx21zlqwZbrZvyb1jHWRoyi1cqBPijpYBUm5LbV2jgHPhnfhRVqdD4CDKj 30 + NQzIQrNymFaMWAoOQv/DE3g+Txr0fm9Ztu8ZRXZDAoGAHh3SQT0aPfwyhIS9t3gq 31 + vS7YYa8aMVWJTgthAessbxERPB06xq1Vy/qBo8rZb9HeXV2J8n/I0iQGKDVPQvWm 32 + tF7QSOBZrDPhjbJG4+jZesr5c5ADBfFBs1+OtDh/b11JF5nQu6RnHT5g4YbCemlT 33 + GOhZOvgnSfGK3CyfsfzggskCgYEAmpKDK5kPUNxw70hH16v5L9Bj+zbt0qlZ+Ag8 34 + 9IV1ATuMNJNTBitay6v4iidVM3QtaUzyuytxq5s87qW7FMRHcm2ueH+70ttaMiq/ 35 + OtZT74g7aDuUpy0KEIemHn4dauENYJMSPIHOE+sHW7WpCZNBhBcUHsUTdSsU6GX0 36 + bqr1tO8CgYBpZdR2OoX/rn8nwjmtBOH38aPnCpaAfdI2Eq2Lg6DjksP6TBt53a+R 37 + m1lk6Kt37BPPZQ85SBr7ywvDgUzfoD7uSmHujF2JUHPsdrg9nx7pNIGlW6DlS9OU 38 + oNXGAJ/6/y6F8uDbToUfrwFq5tKMypEEa32kFtxb9f0XQ5fSgHrBEw== 39 + -----END RSA PRIVATE KEY----- 40 + ''; 41 + 42 + rsaPublic = '' 43 + -----BEGIN RSA PUBLIC KEY----- 44 + MIIBCgKCAQEAxDHl0TIhhT2yH5rT+Q7MLnj+Ir8bbs3uaPqnzcxWzN1EfVP8TWt5 45 + fSTrF2Dc78Kyu5ZNALrp7tUj0GZAegp1YeYJ28p3qTwCveywtCwbB4dI987SyJwq 46 + 95kE9aoyLa+cT99VwSTdb2YowQv2tWj/idxE3oJ+qZjy9tE5mysXm7jmTQDx+U0X 47 + mNe6MHjKXc01Ener41u0ykJLeUfdgJ1zEyM2rQGtaHpIXfMT6kmxCaMcAMLgYFpI 48 + 38/1pQGQtROKdGOaUomx2m058bkMsJhTiBjESiLRDElRGxmMJ732crGJP0GRChJk 49 + aX/CnxHq7R0daZfwoTVHRu6N7WDbFQL5twIDAQAB 50 + -----END RSA PUBLIC KEY----- 51 + ''; 52 + }; 53 + 54 + dynamic1 = { 55 + ed25519Private = '' 56 + -----BEGIN ED25519 PRIVATE KEY----- 57 + wHNC2IMXfYtL4ehdsCX154HBvlIZYEiTOnXtckWMUtEAiX9fu7peyBkp9q+yOy9c 58 + xsNyssLL78lt0GoweCxlu3Sza2oBQAcwb+6tuv7P/bqzcG005uCwquyCz8LVymXA 59 + -----END ED25519 PRIVATE KEY----- 60 + ''; 61 + 62 + ed25519Public = "t0smNaAEAH8mver77+z/m6MnBNdurAsqrswM/Sls5FA"; 63 + 64 + rsaPrivate = '' 65 + -----BEGIN RSA PRIVATE KEY----- 66 + MIIEpAIBAAKCAQEApukYNGFNWvVlmx75LyOE7MEcd/ViV+yEyk+4cIBXYJ3Ouw+/ 67 + oEuh8ghQfsiUtbUPR6hPYhX2ZV8XGhuU2nAXVQV0sfZ8pdkbHQ6wHUqFcUIQAVvS 68 + Wpm2DvZM8jkbCPP64/x5nukPwQ8VoNnb62rWGzbcj7rOeb7ndMK0TpX5Wwv8F297 69 + nKTNCEDbK3DLTj3VD+QGnw6AoEt5i44vViAWZBXuHLHWTDC0Nq8GG+9TKODkEwt5 70 + 4dgN2X9f+WTVAYhZT3SayHLqIFIMQunN89RpWwhHSW+JIRfAfuT1TbP+wA5ptDeI 71 + ktCkJwWyv4hK6l800BJ9GW1nbId5LPa58ipaVwIDAQABAoIBAHcw3WgKVAMwWm57 72 + n9ZZtwKapInFYYUIEYungj5UaBFGn+pVRLJjUDJWXaUr94YK1e6F8qpIpLufPBAY 73 + wiN7CC5exwaOzlRgxUvqwTkpjkFiu6s8tuqb+baVjD0tKnEqSW+lS/R+2hEzhG5p 74 + JPLoSB0HAFpjPC8UdJSctcWos3if3mvOGkGCKyTkrwaJgECDfD+lZ+NBIAiYLSps 75 + jWLE+XlY1+nfPdLUQ+TRSv3IikJ/CWbvJLl9EE1tKhkY564KytwZrkIdJlc7NyRO 76 + HpzhyMzHu1GLsr+OsBZByNNUxEPU+bzkDQluRXUSIUs9zZoBiCQr3o04qGPTEX9n 77 + pNU60gECgYEA3Uf+c80eqzjDxv+O0YzC+9x6A+yMrV56siGkKRPMlrSqjX7iE2Yg 78 + tUjD25kEvtaFuB3f/7zp3h4O/VLZgXreRtXHvdrfoyyJGHvHIyCGm8sw8CEWsKo4 79 + 1LgZUzdPJRkXJq1zOgS0r1xsA1UDC4s02Ww2HwNeVWtmLUyCpA+B/ccCgYEAwRk9 80 + tbe82eq1a85zZiPVXP2qvDH5+Vz9YiMky8xsBnoxmz2siR+NdvWBLcE2VDIY8MK1 81 + 9a1dz2a7cAHQBrtWtACFVY4zvr69DumApjbQRClDYpJ42tp2VbzlMcUDIoKudRQV 82 + CObhrE4w4yfVizXFyH9+4Tsg5NzVYuGg9fUJ/vECgYEAoRz7KouNqfMhsLF/5hkM 83 + Gt9zw4mm/9ALm8kcwn/U9WHD0FQy/Rbd98BsQmaOavi80cqGvqhoyz2tgkqhbUHt 84 + tzuOPDCxphgWFcqBupTDDYoLLruYzraRvGfyoIFj0coL7jBZ9kNY31l2l5J9LhmE 85 + OE4utbP5Kk6RTagocpWL+x8CgYB48CwcIcWf3kZeDOFtuUeqhB1o3Qwox7rSuhwT 86 + oCaQL/vdtNTY1PAu7zhGxdoXBYFlWS3JfxlgCoGedyQo8zAscJ8RpIx4DNIwAsLW 87 + V0I9TnKry/zxZR30OOh7MV7zQFGvdjJubtwspJQt0QcHt1f2aRO4UOYbMMxcr9+1 88 + 7BCkoQKBgQDBEtg1hx9zYGg1WN2TBSvh6NShi9S23r6IZ3Up8vz6Z2rcwB3UuhKi 89 + xluI2ZFwM9s+7UOpaGC+hnc1aMHDEguYOPXoIzvebbYAdN4AkrsJ5d0r1GoEe64E 90 + UXxrfuv5LeJ/vkUgWof+U3/jGOVvrjzi5y1xOC0r3kiSpMa85s1dhQ== 91 + -----END RSA PRIVATE KEY----- 92 + ''; 93 + 94 + rsaPublic = '' 95 + -----BEGIN RSA PUBLIC KEY----- 96 + MIIBCgKCAQEApukYNGFNWvVlmx75LyOE7MEcd/ViV+yEyk+4cIBXYJ3Ouw+/oEuh 97 + 8ghQfsiUtbUPR6hPYhX2ZV8XGhuU2nAXVQV0sfZ8pdkbHQ6wHUqFcUIQAVvSWpm2 98 + DvZM8jkbCPP64/x5nukPwQ8VoNnb62rWGzbcj7rOeb7ndMK0TpX5Wwv8F297nKTN 99 + CEDbK3DLTj3VD+QGnw6AoEt5i44vViAWZBXuHLHWTDC0Nq8GG+9TKODkEwt54dgN 100 + 2X9f+WTVAYhZT3SayHLqIFIMQunN89RpWwhHSW+JIRfAfuT1TbP+wA5ptDeIktCk 101 + JwWyv4hK6l800BJ9GW1nbId5LPa58ipaVwIDAQAB 102 + -----END RSA PUBLIC KEY----- 103 + ''; 104 + }; 105 + 106 + dynamic2 = { 107 + ed25519Private = '' 108 + -----BEGIN ED25519 PRIVATE KEY----- 109 + oUx9JdIstZLMj3ZPD8mP3ITsUscCTIXhNF3VKFUVi/ma5uk50/1vrEohfDraiMxj 110 + gAWthpkhnFzUbp+YlOHE7/Z3h1a/br2/tk8DoZ5PV6ufoV1MaBlGdu+TZgeZou0t 111 + -----END ED25519 PRIVATE KEY----- 112 + ''; 113 + 114 + ed25519Public = "f2dYt2/2q9fLJ/AaW+Tlu7HaVNjWQpRnr/UGoXGqLdL"; 115 + 116 + rsaPrivate = '' 117 + -----BEGIN RSA PRIVATE KEY----- 118 + MIIEpAIBAAKCAQEAtQfijPX3BwOAs2Y0EuNjcBmsI90uYqNAonrFgTtcVwERIVE6 119 + p6alSEakazhByujBg3jI8oPKC8eO0IJ7x/BWcgxqaw8hsPfJZFnRlwEcU5kK4c+j 120 + UNS+hJOXp0x97T1edLpSFHDK9bZ2necblHKG5MsI4UsxEa+CZ0yoIybwWCDmYuya 121 + PvE7CeNNa+CIOUbtPVoN4p/aBj0vZeerNBBuodNkglKRxj4l9wD9uOx4S9sdK5lu 122 + q/rkxlViBoXRAshT+G2d/u/7/WPoiKB3QJcF33z8UfrlsTRnDDqOMSGisTPSv2LK 123 + 4QLN4hWOGXAYQqZcxTkvvjl62mCDuoy0TM+CKQIDAQABAoIBAFKpMAxXf52nPswr 124 + /dkmFVCpmE2kADsv+iJ21tpkpYxgw1aoRZUp5cyz3P3MaVZio4IJ1A/Ql6B7Vb3l 125 + 5ulr170p6CnMdgDdlAsLbEV8T1foyOxFKHiPPBNDZXsR1WpPnGLGdRY6TqKV12HQ 126 + lmpZRTkRcJOXBufhcTUD7r5mWFaUoZ7so6VxR4L4Tzcgv1Rl4S6jgnHOQdO6lj47 127 + BaPjpBb+hplJ4wsRm91dQ7JApYq25XZwyxnBwQ2zAwb46wsuFxDPHlSc4wU7qTt6 128 + x2omm33Xy2cm8L1XQhrassZzldSnAyaLBh9DC3+vFPLODDxdz5M2kpHujYYctRhv 129 + CICMYJUCgYEA7mWVYuw0S8FNjaLx6n9Q1hr9d9vAFDd3NEaegH586xvhYNxf6n+C 130 + 2zZloVLEsX0UnBU/6ZtLAUfxUIqlvDS2r1VjSYG5SNxM6/vyGl17Niu1jC8nzf7M 131 + V1WtDCHhT4ikZCuNkAldtgI7CXVdCVO/fTqVhjk4hDblJo7VsCZSZysCgYEAwmXp 132 + TwlDHapDqA8UxClZuxS8k+2hthny3ihRPCuT34yqAz074zYG97ZBKwIa4Lm1vnkc 133 + mwU7yR2aK7IYeU4ScfWm1mLjkW5iaNV/sG7iTz/RP4mBAs3KSGmuhhz8sFWcXByU 134 + IZyvMJvC+FpgJQJn/Xc8ZmdImvXlZd6k8v4/kfsCgYEA6VzFPB2OH63slb4w42SX 135 + o86t2dtiDigxZxnN5GhtLdSP7borpigF10JLf/y+kCOpvhRLCQk8Bdf/z+C41iAf 136 + yEhktbrnvfvwzHxHhSmHCAMHZ19trodCTiePCrZLkQhoK6o6nAmfEyDh26NoXE3/ 137 + v71OSyLOQRZfgDwHz7PjrBsCgYAe0zojpjxWP+FqjLmmQUhROgCNFGlIDuVMBOic 138 + uexAznVG/ja42KBSNzwuLa9FYy1Gfr3idvn78g24UA1BbvfNyj4iUJv1O6OvK+uL 139 + dom8N0pe4NbsMuWYhel+qqoG7AxXLtDuY4IEGy7XYr1MIQ2MS5PwSQBiUguGE7/k 140 + KBy8cQKBgQCyC9R8VWJxQLqJxZGa9Ful01bSuntB5OLRfEjFCCuGiY/3Vj+mCiQL 141 + GOfMOi2jrcnSNgUm0uevmiFCq9m7QiPiAcSYKXPWhsz/55jJIGcZy8bwyhZ2s2Mg 142 + BGeZgj4RFORidqkt5g/KJz0+Wp6Ks4sLoCvOzkpeXvLzFVyzGkihrw== 143 + -----END RSA PRIVATE KEY----- 144 + ''; 145 + 146 + rsaPublic = '' 147 + -----BEGIN RSA PUBLIC KEY----- 148 + MIIBCgKCAQEAtQfijPX3BwOAs2Y0EuNjcBmsI90uYqNAonrFgTtcVwERIVE6p6al 149 + SEakazhByujBg3jI8oPKC8eO0IJ7x/BWcgxqaw8hsPfJZFnRlwEcU5kK4c+jUNS+ 150 + hJOXp0x97T1edLpSFHDK9bZ2necblHKG5MsI4UsxEa+CZ0yoIybwWCDmYuyaPvE7 151 + CeNNa+CIOUbtPVoN4p/aBj0vZeerNBBuodNkglKRxj4l9wD9uOx4S9sdK5luq/rk 152 + xlViBoXRAshT+G2d/u/7/WPoiKB3QJcF33z8UfrlsTRnDDqOMSGisTPSv2LK4QLN 153 + 4hWOGXAYQqZcxTkvvjl62mCDuoy0TM+CKQIDAQAB 154 + -----END RSA PUBLIC KEY----- 155 + ''; 156 + }; 157 + }