forked from hswaw/hscloud
82 lines
2 KiB
Nix
82 lines
2 KiB
Nix
|
# Test unbound & RSH infrastructure.
|
||
|
#
|
||
|
# To run this:
|
||
|
# nix-build -A bgpwtf.machines.tests.rsh-dns
|
||
|
|
||
|
{ hscloud, ... }:
|
||
|
|
||
|
# Use pkgs that edge01 is using. Perhaps we shouldn't use them for
|
||
|
# _everything_, but this will have to do.
|
||
|
let
|
||
|
pkgs = hscloud.ops.machines."edge01.waw.bgp.wtf".pkgs;
|
||
|
pkgsSrc = pkgs.path;
|
||
|
lib = pkgs.lib;
|
||
|
|
||
|
in with lib; let
|
||
|
|
||
|
test = import "${pkgsSrc}/nixos/tests/make-test-python.nix" ({ pkgs, libs, ... }: {
|
||
|
name = "test-rsh-dns";
|
||
|
|
||
|
nodes = {
|
||
|
provider = { config, pkgs, ... }: {
|
||
|
networking.interfaces.eth1.ipv4.addresses = [
|
||
|
{ address = "192.168.0.1"; prefixLength = 24; }
|
||
|
];
|
||
|
networking.firewall.allowedTCPPorts = [ 80 ];
|
||
|
services.nginx = {
|
||
|
enable = true;
|
||
|
virtualHosts."fake" = {
|
||
|
default = true;
|
||
|
root = pkgs.runCommand "root" {} ''
|
||
|
mkdir -p $out
|
||
|
cat ${./rsh-sample-20220612.xml} > $out/fake-register.xml
|
||
|
'';
|
||
|
};
|
||
|
};
|
||
|
};
|
||
|
server = { config, pkgs, ... }: {
|
||
|
imports = [
|
||
|
../modules/rsh-unbound.nix
|
||
|
];
|
||
|
networking.interfaces.eth1.ipv4.addresses = [
|
||
|
{ address = "192.168.0.2"; prefixLength = 24; }
|
||
|
];
|
||
|
services.unbound = {
|
||
|
enable = true;
|
||
|
settings = {
|
||
|
server = {
|
||
|
interface = [
|
||
|
"127.0.0.1"
|
||
|
];
|
||
|
access-control = [
|
||
|
"127.0.0.0/8 allow"
|
||
|
];
|
||
|
cache-max-negative-ttl = [ "30" ];
|
||
|
};
|
||
|
};
|
||
|
};
|
||
|
hscloud.rsh = {
|
||
|
enable = true;
|
||
|
register = "http://192.168.0.1/fake-register.xml";
|
||
|
};
|
||
|
environment.systemPackages = with pkgs; [
|
||
|
bind.dnsutils curl
|
||
|
];
|
||
|
};
|
||
|
};
|
||
|
|
||
|
testScript = ''
|
||
|
provider.start()
|
||
|
provider.wait_for_unit("default.target")
|
||
|
|
||
|
start_all()
|
||
|
server.wait_for_unit("unbound.service")
|
||
|
server.wait_for_unit("rsh.service")
|
||
|
|
||
|
if "145.237.235.240" not in server.succeed("dig +short xn--drckglck-75ae.de"):
|
||
|
raise Exception("blocklist not applied")
|
||
|
'';
|
||
|
});
|
||
|
|
||
|
in test { inherit pkgs; inherit (pkgs) libs; }
|