pyrox.dev / nixpkgs
lol
fork atom

Merge pull request #298737 from MatthewCroughan/mc/scion-modules

nixos/scion: init

authored by

lassulus and committed by
GitHub e91a1ad1 6b303293

+742
+5
nixos/modules/module-list.nix
··· 1107 1107 ./services/networking/rpcbind.nix 1108 1108 ./services/networking/rxe.nix 1109 1109 ./services/networking/sabnzbd.nix 1110 + ./services/networking/scion/scion.nix 1111 + ./services/networking/scion/scion-control.nix 1112 + ./services/networking/scion/scion-daemon.nix 1113 + ./services/networking/scion/scion-dispatcher.nix 1114 + ./services/networking/scion/scion-router.nix 1110 1115 ./services/networking/seafile.nix 1111 1116 ./services/networking/searx.nix 1112 1117 ./services/networking/shadowsocks.nix
+69
nixos/modules/services/networking/scion/scion-control.nix
··· 1 + { config, lib, pkgs, ... }: 2 + 3 + with lib; 4 + 5 + let 6 + cfg = config.services.scion.scion-control; 7 + toml = pkgs.formats.toml { }; 8 + defaultConfig = { 9 + general = { 10 + id = "cs"; 11 + config_dir = "/etc/scion"; 12 + reconnect_to_dispatcher = true; 13 + }; 14 + beacon_db = { 15 + connection = "/var/lib/scion-control/control.beacon.db"; 16 + }; 17 + path_db = { 18 + connection = "/var/lib/scion-control/control.path.db"; 19 + }; 20 + trust_db = { 21 + connection = "/var/lib/scion-control/control.trust.db"; 22 + }; 23 + log.console = { 24 + level = "info"; 25 + }; 26 + }; 27 + configFile = toml.generate "scion-control.toml" (defaultConfig // cfg.settings); 28 + in 29 + { 30 + options.services.scion.scion-control = { 31 + enable = mkEnableOption (lib.mdDoc "the scion-control service"); 32 + settings = mkOption { 33 + default = { }; 34 + type = toml.type; 35 + example = literalExpression '' 36 + { 37 + path_db = { 38 + connection = "/var/lib/scion-control/control.path.db"; 39 + }; 40 + log.console = { 41 + level = "info"; 42 + }; 43 + } 44 + ''; 45 + description = lib.mdDoc '' 46 + scion-control configuration. Refer to 47 + <https://docs.scion.org/en/latest/manuals/common.html> 48 + for details on supported values. 49 + ''; 50 + }; 51 + }; 52 + config = mkIf cfg.enable { 53 + systemd.services.scion-control = { 54 + description = "SCION Control Service"; 55 + after = [ "network-online.target" "scion-dispatcher.service" ]; 56 + wants = [ "network-online.target" "scion-dispatcher.service" ]; 57 + wantedBy = [ "multi-user.target" ]; 58 + serviceConfig = { 59 + Type = "simple"; 60 + Group = if (config.services.scion.scion-dispatcher.enable == true) then "scion" else null; 61 + ExecStart = "${pkgs.scion}/bin/scion-control --config ${configFile}"; 62 + DynamicUser = true; 63 + Restart = "on-failure"; 64 + BindPaths = [ "/dev/shm:/run/shm" ]; 65 + StateDirectory = "scion-control"; 66 + }; 67 + }; 68 + }; 69 + }
+64
nixos/modules/services/networking/scion/scion-daemon.nix
··· 1 + { config, lib, pkgs, ... }: 2 + 3 + with lib; 4 + 5 + let 6 + cfg = config.services.scion.scion-daemon; 7 + toml = pkgs.formats.toml { }; 8 + defaultConfig = { 9 + general = { 10 + id = "sd"; 11 + config_dir = "/etc/scion"; 12 + reconnect_to_dispatcher = true; 13 + }; 14 + path_db = { 15 + connection = "/var/lib/scion-daemon/sd.path.db"; 16 + }; 17 + trust_db = { 18 + connection = "/var/lib/scion-daemon/sd.trust.db"; 19 + }; 20 + log.console = { 21 + level = "info"; 22 + }; 23 + }; 24 + configFile = toml.generate "scion-daemon.toml" (defaultConfig // cfg.settings); 25 + in 26 + { 27 + options.services.scion.scion-daemon = { 28 + enable = mkEnableOption (lib.mdDoc "the scion-daemon service"); 29 + settings = mkOption { 30 + default = { }; 31 + type = toml.type; 32 + example = literalExpression '' 33 + { 34 + path_db = { 35 + connection = "/var/lib/scion-daemon/sd.path.db"; 36 + }; 37 + log.console = { 38 + level = "info"; 39 + }; 40 + } 41 + ''; 42 + description = lib.mdDoc '' 43 + scion-daemon configuration. Refer to 44 + <https://docs.scion.org/en/latest/manuals/common.html> 45 + for details on supported values. 46 + ''; 47 + }; 48 + }; 49 + config = mkIf cfg.enable { 50 + systemd.services.scion-daemon = { 51 + description = "SCION Daemon"; 52 + after = [ "network-online.target" "scion-dispatcher.service" ]; 53 + wants = [ "network-online.target" "scion-dispatcher.service" ]; 54 + wantedBy = [ "multi-user.target" ]; 55 + serviceConfig = { 56 + Type = "simple"; 57 + ExecStart = "${pkgs.scion}/bin/scion-daemon --config ${configFile}"; 58 + Restart = "on-failure"; 59 + DynamicUser = true; 60 + StateDirectory = "scion-daemon"; 61 + }; 62 + }; 63 + }; 64 + }
+74
nixos/modules/services/networking/scion/scion-dispatcher.nix
··· 1 + { config, lib, pkgs, ... }: 2 + 3 + with lib; 4 + 5 + let 6 + cfg = config.services.scion.scion-dispatcher; 7 + toml = pkgs.formats.toml { }; 8 + defaultConfig = { 9 + dispatcher = { 10 + id = "dispatcher"; 11 + socket_file_mode = "0770"; 12 + application_socket = "/dev/shm/dispatcher/default.sock"; 13 + }; 14 + log.console = { 15 + level = "info"; 16 + }; 17 + }; 18 + configFile = toml.generate "scion-dispatcher.toml" (defaultConfig // cfg.settings); 19 + in 20 + { 21 + options.services.scion.scion-dispatcher = { 22 + enable = mkEnableOption (lib.mdDoc "the scion-dispatcher service"); 23 + settings = mkOption { 24 + default = { }; 25 + type = toml.type; 26 + example = literalExpression '' 27 + { 28 + dispatcher = { 29 + id = "dispatcher"; 30 + socket_file_mode = "0770"; 31 + application_socket = "/dev/shm/dispatcher/default.sock"; 32 + }; 33 + log.console = { 34 + level = "info"; 35 + }; 36 + } 37 + ''; 38 + description = lib.mdDoc '' 39 + scion-dispatcher configuration. Refer to 40 + <https://docs.scion.org/en/latest/manuals/common.html> 41 + for details on supported values. 42 + ''; 43 + }; 44 + }; 45 + config = mkIf cfg.enable { 46 + # Needed for group ownership of the dispatcher socket 47 + users.groups.scion = {}; 48 + 49 + # scion programs hardcode path to dispatcher in /run/shm, and is not 50 + # configurable at runtime upstream plans to obsolete the dispatcher in 51 + # favor of an SCMP daemon, at which point this can be removed. 52 + system.activationScripts.scion-dispatcher = '' 53 + ln -sf /dev/shm /run/shm 54 + ''; 55 + 56 + systemd.services.scion-dispatcher = { 57 + description = "SCION Dispatcher"; 58 + after = [ "network-online.target" ]; 59 + wants = [ "network-online.target" ]; 60 + wantedBy = [ "multi-user.target" ]; 61 + serviceConfig = { 62 + Type = "simple"; 63 + Group = "scion"; 64 + DynamicUser = true; 65 + BindPaths = [ "/dev/shm:/run/shm" ]; 66 + ExecStartPre = "${pkgs.coreutils}/bin/rm -rf /run/shm/dispatcher"; 67 + ExecStart = "${pkgs.scion}/bin/scion-dispatcher --config ${configFile}"; 68 + Restart = "on-failure"; 69 + StateDirectory = "scion-dispatcher"; 70 + }; 71 + }; 72 + }; 73 + } 74 +
+49
nixos/modules/services/networking/scion/scion-router.nix
··· 1 + { config, lib, pkgs, ... }: 2 + 3 + with lib; 4 + 5 + let 6 + cfg = config.services.scion.scion-router; 7 + toml = pkgs.formats.toml { }; 8 + defaultConfig = { 9 + general = { 10 + id = "br"; 11 + config_dir = "/etc/scion"; 12 + }; 13 + }; 14 + configFile = toml.generate "scion-router.toml" (defaultConfig // cfg.settings); 15 + in 16 + { 17 + options.services.scion.scion-router = { 18 + enable = mkEnableOption (lib.mdDoc "the scion-router service"); 19 + settings = mkOption { 20 + default = { }; 21 + type = toml.type; 22 + example = literalExpression '' 23 + { 24 + general.id = "br"; 25 + } 26 + ''; 27 + description = lib.mdDoc '' 28 + scion-router configuration. Refer to 29 + <https://docs.scion.org/en/latest/manuals/common.html> 30 + for details on supported values. 31 + ''; 32 + }; 33 + }; 34 + config = mkIf cfg.enable { 35 + systemd.services.scion-router = { 36 + description = "SCION Router"; 37 + after = [ "network-online.target" ]; 38 + wants = [ "network-online.target" ]; 39 + wantedBy = [ "multi-user.target" ]; 40 + serviceConfig = { 41 + Type = "simple"; 42 + ExecStart = "${pkgs.scion}/bin/scion-router --config ${configFile}"; 43 + Restart = "on-failure"; 44 + DynamicUser = true; 45 + StateDirectory = "scion-router"; 46 + }; 47 + }; 48 + }; 49 + }
+39
nixos/modules/services/networking/scion/scion.nix
··· 1 + { config, lib, ... }: 2 + 3 + with lib; 4 + 5 + let 6 + cfg = config.services.scion; 7 + in 8 + { 9 + options.services.scion = { 10 + enable = mkEnableOption (lib.mdDoc "all of the scion components and services"); 11 + bypassBootstrapWarning = mkOption { 12 + type = types.bool; 13 + default = false; 14 + description = lib.mdDoc '' 15 + bypass Nix warning about SCION PKI bootstrapping 16 + ''; 17 + }; 18 + }; 19 + config = mkIf cfg.enable { 20 + services.scion = { 21 + scion-dispatcher.enable = true; 22 + scion-daemon.enable = true; 23 + scion-router.enable = true; 24 + scion-control.enable = true; 25 + }; 26 + assertions = [ 27 + { assertion = cfg.bypassBootstrapWarning == true; 28 + message = '' 29 + SCION is a routing protocol and requires bootstrapping with a manual, imperative key signing ceremony. You may want to join an existing Isolation Domain (ISD) such as scionlab.org, or bootstrap your own. If you have completed and configured the public key infrastructure for SCION and are sure this process is complete, then add the following to your configuration: 30 + 31 + services.scion.bypassBootstrapWarning = true; 32 + 33 + refer to docs.scion.org for more information 34 + ''; 35 + } 36 + ]; 37 + }; 38 + } 39 +
+1
nixos/tests/all-tests.nix
··· 791 791 sanoid = handleTest ./sanoid.nix {}; 792 792 scaphandre = handleTest ./scaphandre.nix {}; 793 793 schleuder = handleTest ./schleuder.nix {}; 794 + scion-freestanding-deployment = handleTest ./scion/freestanding-deployment {}; 794 795 scrutiny = handleTest ./scrutiny.nix {}; 795 796 sddm = handleTest ./sddm.nix {}; 796 797 seafile = handleTest ./seafile.nix {};
+12
nixos/tests/scion/freestanding-deployment/README.rst
··· 1 + This NixOS VM test implements the network topology outlined in https://github.com/scionproto/scion/blob/27983125bccac6b84d1f96f406853aab0e460405/doc/tutorials/deploy.rst#sample-scion-demo-topology, below is an excerpt from that document 2 + 3 + Sample SCION Demo Topology 4 + .......................... 5 + 6 + The topology of the ISD includes the inter-AS connections to neighboring ASes, and defines the underlay IP/UDP addresses of services and routers running in this AS. This is specified in topology files - this guide later explains how to configure these files. A following graphic depicts the topology on a high level. 7 + 8 + .. figure:: https://github.com/scionproto/scion/raw/27983125bccac6b84d1f96f406853aab0e460405/doc/tutorials/deploy/SCION-deployment-guide.drawio.png 9 + :width: 95 % 10 + :figwidth: 100 % 11 + 12 + *Figure 1 - Topology of the sample SCION demo environment. It consists of 1 ISD, 3 core ASes and 2 non-core ASes.*
+172
nixos/tests/scion/freestanding-deployment/default.nix
··· 1 + # implements https://github.com/scionproto/scion/blob/27983125bccac6b84d1f96f406853aab0e460405/doc/tutorials/deploy.rst 2 + import ../../make-test-python.nix ({ pkgs, ... }: 3 + let 4 + trust-root-configuration-keys = pkgs.runCommand "generate-trc-keys.sh" { 5 + buildInputs = [ 6 + pkgs.scion 7 + ]; 8 + } '' 9 + set -euo pipefail 10 + 11 + mkdir /tmp/tutorial-scion-certs && cd /tmp/tutorial-scion-certs 12 + mkdir AS{1..5} 13 + 14 + # Create voting and root keys and (self-signed) certificates for core ASes 15 + pushd AS1 16 + scion-pki certificate create --not-after=3650d --profile=sensitive-voting <(echo '{"isd_as": "42-ffaa:1:1", "common_name": "42-ffaa:1:1 sensitive voting cert"}') sensitive-voting.pem sensitive-voting.key 17 + scion-pki certificate create --not-after=3650d --profile=regular-voting <(echo '{"isd_as": "42-ffaa:1:1", "common_name": "42-ffaa:1:1 regular voting cert"}') regular-voting.pem regular-voting.key 18 + scion-pki certificate create --not-after=3650d --profile=cp-root <(echo '{"isd_as": "42-ffaa:1:1", "common_name": "42-ffaa:1:1 cp root cert"}') cp-root.pem cp-root.key 19 + popd 20 + 21 + pushd AS2 22 + scion-pki certificate create --not-after=3650d --profile=cp-root <(echo '{"isd_as": "42-ffaa:1:2", "common_name": "42-ffaa:1:2 cp root cert"}') cp-root.pem cp-root.key 23 + popd 24 + 25 + pushd AS3 26 + scion-pki certificate create --not-after=3650d --profile=sensitive-voting <(echo '{"isd_as": "42-ffaa:1:3", "common_name": "42-ffaa:1:3 sensitive voting cert"}') sensitive-voting.pem sensitive-voting.key 27 + scion-pki certificate create --not-after=3650d --profile=regular-voting <(echo '{"isd_as": "42-ffaa:1:3", "common_name": "42-ffaa:1:3 regular voting cert"}') regular-voting.pem regular-voting.key 28 + popd 29 + 30 + # Create the TRC (Trust Root Configuration) 31 + mkdir tmp 32 + echo ' 33 + isd = 42 34 + description = "Demo ISD 42" 35 + serial_version = 1 36 + base_version = 1 37 + voting_quorum = 2 38 + 39 + core_ases = ["ffaa:1:1", "ffaa:1:2", "ffaa:1:3"] 40 + authoritative_ases = ["ffaa:1:1", "ffaa:1:2", "ffaa:1:3"] 41 + cert_files = ["AS1/sensitive-voting.pem", "AS1/regular-voting.pem", "AS1/cp-root.pem", "AS2/cp-root.pem", "AS3/sensitive-voting.pem", "AS3/regular-voting.pem"] 42 + 43 + [validity] 44 + not_before = '$(date +%s)' 45 + validity = "365d"' \ 46 + > trc-B1-S1-pld.tmpl 47 + 48 + scion-pki trc payload --out=tmp/ISD42-B1-S1.pld.der --template trc-B1-S1-pld.tmpl 49 + rm trc-B1-S1-pld.tmpl 50 + 51 + # Sign and bundle the TRC 52 + scion-pki trc sign tmp/ISD42-B1-S1.pld.der AS1/sensitive-voting.{pem,key} --out tmp/ISD42-B1-S1.AS1-sensitive.trc 53 + scion-pki trc sign tmp/ISD42-B1-S1.pld.der AS1/regular-voting.{pem,key} --out tmp/ISD42-B1-S1.AS1-regular.trc 54 + scion-pki trc sign tmp/ISD42-B1-S1.pld.der AS3/sensitive-voting.{pem,key} --out tmp/ISD42-B1-S1.AS3-sensitive.trc 55 + scion-pki trc sign tmp/ISD42-B1-S1.pld.der AS3/regular-voting.{pem,key} --out tmp/ISD42-B1-S1.AS3-regular.trc 56 + 57 + scion-pki trc combine tmp/ISD42-B1-S1.AS{1,3}-{sensitive,regular}.trc --payload tmp/ISD42-B1-S1.pld.der --out ISD42-B1-S1.trc 58 + rm tmp -r 59 + 60 + # Create CA key and certificate for issuing ASes 61 + pushd AS1 62 + scion-pki certificate create --profile=cp-ca <(echo '{"isd_as": "42-ffaa:1:1", "common_name": "42-ffaa:1:1 CA cert"}') cp-ca.pem cp-ca.key --ca cp-root.pem --ca-key cp-root.key 63 + popd 64 + pushd AS2 65 + scion-pki certificate create --profile=cp-ca <(echo '{"isd_as": "42-ffaa:1:2", "common_name": "42-ffaa:1:2 CA cert"}') cp-ca.pem cp-ca.key --ca cp-root.pem --ca-key cp-root.key 66 + popd 67 + 68 + # Create AS key and certificate chains 69 + scion-pki certificate create --profile=cp-as <(echo '{"isd_as": "42-ffaa:1:1", "common_name": "42-ffaa:1:1 AS cert"}') AS1/cp-as.pem AS1/cp-as.key --ca AS1/cp-ca.pem --ca-key AS1/cp-ca.key --bundle 70 + scion-pki certificate create --profile=cp-as <(echo '{"isd_as": "42-ffaa:1:2", "common_name": "42-ffaa:1:2 AS cert"}') AS2/cp-as.pem AS2/cp-as.key --ca AS2/cp-ca.pem --ca-key AS2/cp-ca.key --bundle 71 + scion-pki certificate create --profile=cp-as <(echo '{"isd_as": "42-ffaa:1:3", "common_name": "42-ffaa:1:3 AS cert"}') AS3/cp-as.pem AS3/cp-as.key --ca AS1/cp-ca.pem --ca-key AS1/cp-ca.key --bundle 72 + scion-pki certificate create --profile=cp-as <(echo '{"isd_as": "42-ffaa:1:4", "common_name": "42-ffaa:1:4 AS cert"}') AS4/cp-as.pem AS4/cp-as.key --ca AS1/cp-ca.pem --ca-key AS1/cp-ca.key --bundle 73 + scion-pki certificate create --profile=cp-as <(echo '{"isd_as": "42-ffaa:1:5", "common_name": "42-ffaa:1:5 AS cert"}') AS5/cp-as.pem AS5/cp-as.key --ca AS2/cp-ca.pem --ca-key AS2/cp-ca.key --bundle 74 + 75 + for i in {1..5} 76 + do 77 + mkdir -p $out/AS$i 78 + cp AS$i/cp-as.{key,pem} $out/AS$i 79 + done 80 + 81 + mv *.trc $out 82 + ''; 83 + imports = hostId: [ 84 + ({ 85 + services.scion = { 86 + enable = true; 87 + bypassBootstrapWarning = true; 88 + }; 89 + networking = { 90 + useNetworkd = true; 91 + useDHCP = false; 92 + }; 93 + systemd.network.networks."01-eth1" = { 94 + name = "eth1"; 95 + networkConfig.Address = "192.168.1.${toString hostId}/24"; 96 + }; 97 + environment.etc = { 98 + "scion/topology.json".source = ./topology${toString hostId}.json; 99 + "scion/crypto/as".source = trust-root-configuration-keys + "/AS${toString hostId}"; 100 + "scion/certs/ISD42-B1-S1.trc".source = trust-root-configuration-keys + "/ISD42-B1-S1.trc"; 101 + "scion/keys/master0.key".text = "U${toString hostId}v4k23ZXjGDwDofg/Eevw=="; 102 + "scion/keys/master1.key".text = "dBMko${toString hostId}qMS8DfrN/zP2OUdA=="; 103 + }; 104 + environment.systemPackages = [ 105 + pkgs.scion 106 + ]; 107 + }) 108 + ]; 109 + in 110 + { 111 + name = "scion-test"; 112 + nodes = { 113 + scion01 = { ... }: { 114 + imports = (imports 1); 115 + }; 116 + scion02 = { ... }: { 117 + imports = (imports 2); 118 + }; 119 + scion03 = { ... }: { 120 + imports = (imports 3); 121 + }; 122 + scion04 = { ... }: { 123 + imports = (imports 4); 124 + }; 125 + scion05 = { ... }: { 126 + imports = (imports 5); 127 + }; 128 + }; 129 + testScript = let 130 + pingAll = pkgs.writeShellScript "ping-all-scion.sh" '' 131 + addresses="42-ffaa:1:1 42-ffaa:1:2 42-ffaa:1:3 42-ffaa:1:4 42-ffaa:1:5" 132 + timeout=100 133 + wait_for_all() { 134 + for as in "$@" 135 + do 136 + scion showpaths $as --no-probe > /dev/null 137 + return 1 138 + done 139 + return 0 140 + } 141 + ping_all() { 142 + for as in "$@" 143 + do 144 + scion ping "$as,127.0.0.1" -c 3 145 + done 146 + return 0 147 + } 148 + for i in $(seq 0 $timeout); do 149 + wait_for_all $addresses && exit 0 150 + ping_all $addresses && exit 0 151 + sleep 1 152 + done 153 + ''; 154 + in 155 + '' 156 + # List of AS instances 157 + machines = [scion01, scion02, scion03, scion04, scion05] 158 + 159 + # Wait for scion-control.service on all instances 160 + for i in machines: 161 + i.wait_for_unit("scion-control.service") 162 + 163 + # Execute pingAll command on all instances 164 + for i in machines: 165 + i.succeed("${pingAll} >&2") 166 + 167 + # Restart scion-dispatcher and ping again to test robustness 168 + for i in machines: 169 + i.succeed("systemctl restart scion-dispatcher >&2") 170 + i.succeed("${pingAll} >&2") 171 + ''; 172 + })
+51
nixos/tests/scion/freestanding-deployment/topology1.json
··· 1 + { 2 + "attributes": [ 3 + "core" 4 + ], 5 + "isd_as": "42-ffaa:1:1", 6 + "mtu": 1472, 7 + "control_service": { 8 + "cs": { 9 + "addr": "127.0.0.1:31000" 10 + } 11 + }, 12 + "discovery_service": { 13 + "cs": { 14 + "addr": "127.0.0.1:31000" 15 + } 16 + }, 17 + "border_routers": { 18 + "br": { 19 + "internal_addr": "127.0.0.1:31002", 20 + "interfaces": { 21 + "1": { 22 + "underlay": { 23 + "public": "192.168.1.1:50014", 24 + "remote": "192.168.1.4:50014" 25 + }, 26 + "isd_as": "42-ffaa:1:4", 27 + "link_to": "child", 28 + "mtu": 1472 29 + }, 30 + "2": { 31 + "underlay": { 32 + "public": "192.168.1.1:50012", 33 + "remote": "192.168.1.2:50012" 34 + }, 35 + "isd_as": "42-ffaa:1:2", 36 + "link_to": "core", 37 + "mtu": 1472 38 + }, 39 + "3": { 40 + "underlay": { 41 + "public": "192.168.1.1:50013", 42 + "remote": "192.168.1.3:50013" 43 + }, 44 + "isd_as": "42-ffaa:1:3", 45 + "link_to": "core", 46 + "mtu": 1472 47 + } 48 + } 49 + } 50 + } 51 + }
+51
nixos/tests/scion/freestanding-deployment/topology2.json
··· 1 + { 2 + "attributes": [ 3 + "core" 4 + ], 5 + "isd_as": "42-ffaa:1:2", 6 + "mtu": 1472, 7 + "control_service": { 8 + "cs": { 9 + "addr": "127.0.0.1:31000" 10 + } 11 + }, 12 + "discovery_service": { 13 + "cs": { 14 + "addr": "127.0.0.1:31000" 15 + } 16 + }, 17 + "border_routers": { 18 + "br": { 19 + "internal_addr": "127.0.0.1:31002", 20 + "interfaces": { 21 + "1": { 22 + "underlay": { 23 + "public": "192.168.1.2:50012", 24 + "remote": "192.168.1.1:50012" 25 + }, 26 + "isd_as": "42-ffaa:1:1", 27 + "link_to": "core", 28 + "mtu": 1472 29 + }, 30 + "2": { 31 + "underlay": { 32 + "public": "192.168.1.2:50023", 33 + "remote": "192.168.1.3:50023" 34 + }, 35 + "isd_as": "42-ffaa:1:3", 36 + "link_to": "core", 37 + "mtu": 1472 38 + }, 39 + "3": { 40 + "underlay": { 41 + "public": "192.168.1.2:50025", 42 + "remote": "192.168.1.5:50025" 43 + }, 44 + "isd_as": "42-ffaa:1:5", 45 + "link_to": "child", 46 + "mtu": 1472 47 + } 48 + } 49 + } 50 + } 51 + }
+60
nixos/tests/scion/freestanding-deployment/topology3.json
··· 1 + { 2 + "attributes": [ 3 + "core" 4 + ], 5 + "isd_as": "42-ffaa:1:3", 6 + "mtu": 1472, 7 + "control_service": { 8 + "cs": { 9 + "addr": "127.0.0.1:31000" 10 + } 11 + }, 12 + "discovery_service": { 13 + "cs": { 14 + "addr": "127.0.0.1:31000" 15 + } 16 + }, 17 + "border_routers": { 18 + "br": { 19 + "internal_addr": "127.0.0.1:31002", 20 + "interfaces": { 21 + "1": { 22 + "underlay": { 23 + "public": "192.168.1.3:50013", 24 + "remote": "192.168.1.1:50013" 25 + }, 26 + "isd_as": "42-ffaa:1:1", 27 + "link_to": "core", 28 + "mtu": 1472 29 + }, 30 + "2": { 31 + "underlay": { 32 + "public": "192.168.1.3:50023", 33 + "remote": "192.168.1.2:50023" 34 + }, 35 + "isd_as": "42-ffaa:1:2", 36 + "link_to": "core", 37 + "mtu": 1472 38 + }, 39 + "3": { 40 + "underlay": { 41 + "public": "192.168.1.3:50034", 42 + "remote": "192.168.1.4:50034" 43 + }, 44 + "isd_as": "42-ffaa:1:4", 45 + "link_to": "child", 46 + "mtu": 1472 47 + }, 48 + "4": { 49 + "underlay": { 50 + "public": "192.168.1.3:50035", 51 + "remote": "192.168.1.5:50035" 52 + }, 53 + "isd_as": "42-ffaa:1:5", 54 + "link_to": "child", 55 + "mtu": 1472 56 + } 57 + } 58 + } 59 + } 60 + }
+40
nixos/tests/scion/freestanding-deployment/topology4.json
··· 1 + { 2 + "attributes": [], 3 + "isd_as": "42-ffaa:1:4", 4 + "mtu": 1472, 5 + "control_service": { 6 + "cs": { 7 + "addr": "127.0.0.1:31000" 8 + } 9 + }, 10 + "discovery_service": { 11 + "cs": { 12 + "addr": "127.0.0.1:31000" 13 + } 14 + }, 15 + "border_routers": { 16 + "br": { 17 + "internal_addr": "127.0.0.1:31002", 18 + "interfaces": { 19 + "1": { 20 + "underlay": { 21 + "public": "192.168.1.4:50014", 22 + "remote": "192.168.1.1:50014" 23 + }, 24 + "isd_as": "42-ffaa:1:1", 25 + "link_to": "parent", 26 + "mtu": 1472 27 + }, 28 + "2": { 29 + "underlay": { 30 + "public": "192.168.1.4:50034", 31 + "remote": "192.168.1.3:50034" 32 + }, 33 + "isd_as": "42-ffaa:1:3", 34 + "link_to": "parent", 35 + "mtu": 1472 36 + } 37 + } 38 + } 39 + } 40 + }
+40
nixos/tests/scion/freestanding-deployment/topology5.json
··· 1 + { 2 + "attributes": [], 3 + "isd_as": "42-ffaa:1:5", 4 + "mtu": 1472, 5 + "control_service": { 6 + "cs": { 7 + "addr": "127.0.0.1:31000" 8 + } 9 + }, 10 + "discovery_service": { 11 + "cs": { 12 + "addr": "127.0.0.1:31000" 13 + } 14 + }, 15 + "border_routers": { 16 + "br": { 17 + "internal_addr": "127.0.0.1:31002", 18 + "interfaces": { 19 + "1": { 20 + "underlay": { 21 + "public": "192.168.1.5:50025", 22 + "remote": "192.168.1.2:50025" 23 + }, 24 + "isd_as": "42-ffaa:1:2", 25 + "link_to": "parent", 26 + "mtu": 1472 27 + }, 28 + "2": { 29 + "underlay": { 30 + "public": "192.168.1.5:50035", 31 + "remote": "192.168.1.3:50035" 32 + }, 33 + "isd_as": "42-ffaa:1:3", 34 + "link_to": "parent", 35 + "mtu": 1472 36 + } 37 + } 38 + } 39 + } 40 + }
+15
pkgs/by-name/sc/scion/package.nix
··· 2 2 , buildGoModule 3 3 , fetchFromGitHub 4 4 , fetchpatch2 5 + , nixosTests 5 6 }: 6 7 let 7 8 version = "0.10.0"; ··· 42 43 ${skipTest 1 "TestOpensslCompatible" "scion-pki/trcs/sign_test.go"} 43 44 ''; 44 45 46 + postInstall = '' 47 + set +e 48 + mv $out/bin/gateway $out/bin/scion-ip-gateway 49 + mv $out/bin/dispatcher $out/bin/scion-dispatcher 50 + mv $out/bin/router $out/bin/scion-router 51 + mv $out/bin/control $out/bin/scion-control 52 + mv $out/bin/daemon $out/bin/scion-daemon 53 + set -e 54 + ''; 55 + 45 56 doCheck = true; 46 57 47 58 patches = [ ··· 50 61 hash = "sha256-mMGJMPB6T7KeDXjEXffdrhzyKwaFmhuisK6PjHOJIdU="; 51 62 }) 52 63 ]; 64 + 65 + passthru.tests = { 66 + inherit (nixosTests) scion-freestanding-deployment; 67 + }; 53 68 54 69 meta = with lib; { 55 70 description = "A future Internet architecture utilizing path-aware networking";