vuls: init at 0.27.0
[NixPkgs.git] / nixos / tests / 3proxy.nix
blobb80b4e166d4810067ecc4fa8d9c30a3b642e0591
1 { lib, pkgs, ... }: {
2   name = "3proxy";
3   meta.maintainers = with lib.maintainers; [ misuzu ];
5   nodes = {
6     peer0 = { lib, ... }: {
7       networking.useDHCP = false;
8       networking.interfaces.eth1 = {
9         ipv4.addresses = [
10           {
11             address = "192.168.0.1";
12             prefixLength = 24;
13           }
14           {
15             address = "216.58.211.111";
16             prefixLength = 24;
17           }
18         ];
19       };
20     };
22     peer1 = { lib, ... }: {
23       networking.useDHCP = false;
24       networking.interfaces.eth1 = {
25         ipv4.addresses = [
26           {
27             address = "192.168.0.2";
28             prefixLength = 24;
29           }
30           {
31             address = "216.58.211.112";
32             prefixLength = 24;
33           }
34         ];
35       };
36       # test that binding to [::] is working when ipv6 is disabled
37       networking.enableIPv6 = false;
38       services._3proxy = {
39         enable = true;
40         services = [
41           {
42             type = "admin";
43             bindPort = 9999;
44             auth = [ "none" ];
45           }
46           {
47             type = "proxy";
48             bindPort = 3128;
49             auth = [ "none" ];
50           }
51         ];
52       };
53       networking.firewall.allowedTCPPorts = [ 3128 9999 ];
54     };
56     peer2 = { lib, ... }: {
57       networking.useDHCP = false;
58       networking.interfaces.eth1 = {
59         ipv4.addresses = [
60           {
61             address = "192.168.0.3";
62             prefixLength = 24;
63           }
64           {
65             address = "216.58.211.113";
66             prefixLength = 24;
67           }
68         ];
69       };
70       services._3proxy = {
71         enable = true;
72         services = [
73           {
74             type = "admin";
75             bindPort = 9999;
76             auth = [ "none" ];
77           }
78           {
79             type = "proxy";
80             bindPort = 3128;
81             auth = [ "iponly" ];
82             acl = [
83               {
84                 rule = "allow";
85               }
86             ];
87           }
88         ];
89       };
90       networking.firewall.allowedTCPPorts = [ 3128 9999 ];
91     };
93     peer3 = { lib, pkgs, ... }: {
94       networking.useDHCP = false;
95       networking.interfaces.eth1 = {
96         ipv4.addresses = [
97           {
98             address = "192.168.0.4";
99             prefixLength = 24;
100           }
101           {
102             address = "216.58.211.114";
103             prefixLength = 24;
104           }
105         ];
106       };
107       services._3proxy = {
108         enable = true;
109         usersFile = pkgs.writeText "3proxy.passwd" ''
110           admin:CR:$1$.GUV4Wvk$WnEVQtaqutD9.beO5ar1W/
111         '';
112         services = [
113           {
114             type = "admin";
115             bindPort = 9999;
116             auth = [ "none" ];
117           }
118           {
119             type = "proxy";
120             bindPort = 3128;
121             auth = [ "strong" ];
122             acl = [
123               {
124                 rule = "allow";
125               }
126             ];
127           }
128         ];
129       };
130       networking.firewall.allowedTCPPorts = [ 3128 9999 ];
131     };
132   };
134   testScript = ''
135     start_all()
137     peer0.systemctl("start network-online.target")
138     peer0.wait_for_unit("network-online.target")
140     peer1.wait_for_unit("3proxy.service")
141     peer1.wait_for_open_port(9999)
143     # test none auth
144     peer0.succeed(
145         "${pkgs.wget}/bin/wget -e use_proxy=yes -e http_proxy=http://192.168.0.2:3128 -S -O /dev/null http://216.58.211.112:9999"
146     )
147     peer0.succeed(
148         "${pkgs.wget}/bin/wget -e use_proxy=yes -e http_proxy=http://192.168.0.2:3128 -S -O /dev/null http://192.168.0.2:9999"
149     )
150     peer0.succeed(
151         "${pkgs.wget}/bin/wget -e use_proxy=yes -e http_proxy=http://192.168.0.2:3128 -S -O /dev/null http://127.0.0.1:9999"
152     )
154     peer2.wait_for_unit("3proxy.service")
155     peer2.wait_for_open_port(9999)
157     # test iponly auth
158     peer0.succeed(
159         "${pkgs.wget}/bin/wget -e use_proxy=yes -e http_proxy=http://192.168.0.3:3128 -S -O /dev/null http://216.58.211.113:9999"
160     )
161     peer0.fail(
162         "${pkgs.wget}/bin/wget -e use_proxy=yes -e http_proxy=http://192.168.0.3:3128 -S -O /dev/null http://192.168.0.3:9999"
163     )
164     peer0.fail(
165         "${pkgs.wget}/bin/wget -e use_proxy=yes -e http_proxy=http://192.168.0.3:3128 -S -O /dev/null http://127.0.0.1:9999"
166     )
168     peer3.wait_for_unit("3proxy.service")
169     peer3.wait_for_open_port(9999)
171     # test strong auth
172     peer0.succeed(
173         "${pkgs.wget}/bin/wget -e use_proxy=yes -e http_proxy=http://admin:bigsecret\@192.168.0.4:3128 -S -O /dev/null http://216.58.211.114:9999"
174     )
175     peer0.fail(
176         "${pkgs.wget}/bin/wget -e use_proxy=yes -e http_proxy=http://admin:bigsecret\@192.168.0.4:3128 -S -O /dev/null http://192.168.0.4:9999"
177     )
178     peer0.fail(
179         "${pkgs.wget}/bin/wget -e use_proxy=yes -e http_proxy=http://192.168.0.4:3128 -S -O /dev/null http://216.58.211.114:9999"
180     )
181     peer0.fail(
182         "${pkgs.wget}/bin/wget -e use_proxy=yes -e http_proxy=http://192.168.0.4:3128 -S -O /dev/null http://192.168.0.4:9999"
183     )
184     peer0.fail(
185         "${pkgs.wget}/bin/wget -e use_proxy=yes -e http_proxy=http://192.168.0.4:3128 -S -O /dev/null http://127.0.0.1:9999"
186     )
187   '';