vuls: init at 0.27.0
[NixPkgs.git] / nixos / tests / wstunnel.nix
blob753f78061e7bc6e9a50bfa861edf9594fbde10b7
1 { lib, ... }:
3 let
4   certs = import ./common/acme/server/snakeoil-certs.nix;
5   domain = certs.domain;
6 in
9   name = "wstunnel";
11   meta.platforms = lib.platforms.linux;
13   nodes = {
14     server = {
15       virtualisation.vlans = [ 1 ];
17       security.pki.certificateFiles = [ certs.ca.cert ];
19       networking = {
20         useNetworkd = true;
21         useDHCP = false;
22         firewall.enable = false;
23       };
25       systemd.network.networks."01-eth1" = {
26         name = "eth1";
27         networkConfig.Address = "10.0.0.1/24";
28       };
30       services.wstunnel = {
31         enable = true;
32         servers.my-server = {
33           listen = {
34             host = "10.0.0.1";
35             port = 443;
36           };
37           tlsCertificate = certs.${domain}.cert;
38           tlsKey = certs.${domain}.key;
39         };
40       };
41     };
43     client = {
44       virtualisation.vlans = [ 1 ];
46       security.pki.certificateFiles = [ certs.ca.cert ];
48       networking = {
49         useNetworkd = true;
50         useDHCP = false;
51         firewall.enable = false;
52         extraHosts = ''
53           10.0.0.1 ${domain}
54         '';
55       };
57       systemd.network.networks."01-eth1" = {
58         name = "eth1";
59         networkConfig.Address = "10.0.0.2/24";
60       };
62       services.wstunnel = {
63         enable = true;
64         clients.my-client = {
65           autoStart = false;
66           connectTo = "wss://${domain}:443";
67           localToRemote = [ "tcp://8080:localhost:2080" ];
68           remoteToLocal = [ "tcp://2081:localhost:8081" ];
69         };
70       };
71     };
72   };
74   testScript = # python
75     ''
76       start_all()
77       server.wait_for_unit("wstunnel-server-my-server.service")
78       client.wait_for_open_port(443, "10.0.0.1")
80       client.systemctl("start wstunnel-client-my-client.service")
81       client.wait_for_unit("wstunnel-client-my-client.service")
83       with subtest("connection from client to server"):
84         server.succeed("nc -l 2080 >/tmp/msg &")
85         client.sleep(1)
86         client.succeed('nc -w1 localhost 8080 <<<"Hello from client"')
87         server.succeed('grep "Hello from client" /tmp/msg')
89       with subtest("connection from server to client"):
90         client.succeed("nc -l 8081 >/tmp/msg &")
91         server.sleep(1)
92         server.succeed('nc -w1 localhost 2081 <<<"Hello from server"')
93         client.succeed('grep "Hello from server" /tmp/msg')
95       client.systemctl("stop wstunnel-client-my-client.service")
96     '';