commit 78b4b632aed4f9830b4c93aaa03104dcde41d2e3

pyrox.dev / nixpkgs

lol

fork atom

Merge pull request #18085 from Mic92/ferm

ferm: add integration test

authored by

Joachim F and committed by

GitHub 9 years ago 78b4b632 4206f460

+72

2 changed files

expand all

unified split

nixos

release.nix

tests

ferm.nix

nixos/release.nix

··· 234 234 tests.etcd = hydraJob (import tests/etcd.nix { system = "x86_64-linux"; }); 235 235 tests.ec2-nixops = hydraJob (import tests/ec2.nix { system = "x86_64-linux"; }).boot-ec2-nixops; 236 236 tests.ec2-config = hydraJob (import tests/ec2.nix { system = "x86_64-linux"; }).boot-ec2-config; 237 + tests.ferm = callTest tests/ferm.nix {}; 237 238 tests.firefox = callTest tests/firefox.nix {}; 238 239 tests.firewall = callTest tests/firewall.nix {}; 239 240 tests.fleet = hydraJob (import tests/fleet.nix { system = "x86_64-linux"; });

+71

nixos/tests/ferm.nix

··· 1 + 2 + import ./make-test.nix ({ pkgs, ...} : { 3 + name = "ferm"; 4 + meta = with pkgs.stdenv.lib.maintainers; { 5 + maintainers = [ mic92 ]; 6 + }; 7 + 8 + nodes = 9 + { client = 10 + { config, pkgs, ... }: 11 + with pkgs.lib; 12 + { 13 + networking = { 14 + interfaces.eth1.ip6 = mkOverride 0 [ { address = "fd00::2"; prefixLength = 64; } ]; 15 + interfaces.eth1.ip4 = mkOverride 0 [ { address = "192.168.1.2"; prefixLength = 24; } ]; 16 + }; 17 + }; 18 + server = 19 + { config, pkgs, ... }: 20 + with pkgs.lib; 21 + { 22 + networking = { 23 + interfaces.eth1.ip6 = mkOverride 0 [ { address = "fd00::1"; prefixLength = 64; } ]; 24 + interfaces.eth1.ip4 = mkOverride 0 [ { address = "192.168.1.1"; prefixLength = 24; } ]; 25 + }; 26 + 27 + services = { 28 + ferm.enable = true; 29 + ferm.config = '' 30 + domain (ip ip6) table filter chain INPUT { 31 + interface lo ACCEPT; 32 + proto tcp dport 8080 REJECT reject-with tcp-reset; 33 + } 34 + ''; 35 + nginx.enable = true; 36 + nginx.httpConfig = '' 37 + server { 38 + listen 80; 39 + listen [::]:80; 40 + listen 8080; 41 + listen [::]:8080; 42 + 43 + location /status { stub_status on; } 44 + } 45 + ''; 46 + }; 47 + }; 48 + }; 49 + 50 + testScript = 51 + '' 52 + startAll; 53 + 54 + $client->waitForUnit("network.target"); 55 + $server->waitForUnit("ferm.service"); 56 + $server->waitForUnit("nginx.service"); 57 + 58 + subtest "port 80 is allowed", sub { 59 + $client->succeed("curl --fail -g http://192.168.1.1:80/status"); 60 + $client->succeed("curl --fail -g http://[fd00::1]:80/status"); 61 + }; 62 + 63 + subtest "port 8080 is not allowed", sub { 64 + $server->succeed("curl --fail -g http://192.168.1.1:8080/status"); 65 + $server->succeed("curl --fail -g http://[fd00::1]:8080/status"); 66 + 67 + $client->fail("curl --fail -g http://192.168.1.1:8080/status"); 68 + $client->fail("curl --fail -g http://[fd00::1]:8080/status"); 69 + }; 70 + ''; 71 + })