vuls: init at 0.27.0
[NixPkgs.git] / nixos / tests / iodine.nix
blob41fb2e7778d42bdca910a609acf313a7f1cb1a4a
1 import ./make-test-python.nix (
2   { pkgs, ... }: let
3     domain = "whatever.example.com";
4     password = "false;foo;exit;withspecialcharacters";
5   in
6     {
7       name = "iodine";
8       nodes = {
9         server =
10           { ... }:
12             {
13               networking.firewall = {
14                 allowedUDPPorts = [ 53 ];
15                 trustedInterfaces = [ "dns0" ];
16               };
17               boot.kernel.sysctl = {
18                 "net.ipv4.ip_forward" = 1;
19                 "net.ipv6.ip_forward" = 1;
20               };
22               services.iodine.server = {
23                 enable = true;
24                 ip = "10.53.53.1/24";
25                 passwordFile = "${builtins.toFile "password" password}";
26                 inherit domain;
27               };
29               # test resource: accessible only via tunnel
30               services.openssh = {
31                 enable = true;
32                 openFirewall = false;
33               };
34             };
36         client =
37           { ... }: {
38             services.iodine.clients.testClient = {
39               # test that ProtectHome is "read-only"
40               passwordFile = "/root/pw";
41               relay = "server";
42               server = domain;
43             };
44             systemd.tmpfiles.rules = [
45               "f /root/pw 0666 root root - ${password}"
46             ];
47             environment.systemPackages = [
48               pkgs.nagiosPluginsOfficial
49             ];
50           };
52       };
54       testScript = ''
55         start_all()
57         server.wait_for_unit("sshd")
58         server.wait_for_unit("iodined")
59         client.wait_for_unit("iodine-testClient")
61         client.succeed("check_ssh -H 10.53.53.1")
62       '';
63     }