search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
llm-ls: cleanup (#372936)
[NixPkgs.git] / nixos / tests / headscale.nix
blobcb5ce26b7944e39a793e15732503181a8b59c46f
1 import ./make-test-python.nix (
2   { pkgs, lib, ... }:
3   let
4     tls-cert = pkgs.runCommand "selfSignedCerts" { buildInputs = [ pkgs.openssl ]; } ''
5       openssl req \
6         -x509 -newkey rsa:4096 -sha256 -days 365 \
7         -nodes -out cert.pem -keyout key.pem \
8         -subj '/CN=headscale' -addext "subjectAltName=DNS:headscale"
9
10       mkdir -p $out
11       cp key.pem cert.pem $out
12     '';
13   in
14   {
15     name = "headscale";
16     meta.maintainers = with lib.maintainers; [ misterio77 ];
17
18     nodes =
19       let
20         headscalePort = 8080;
21         stunPort = 3478;
22         peer = {
23           services.tailscale.enable = true;
24           security.pki.certificateFiles = [ "${tls-cert}/cert.pem" ];
25         };
26       in
27       {
28         peer1 = peer;
29         peer2 = peer;
30
31         headscale = {
32           services = {
33             headscale = {
34               enable = true;
35               port = headscalePort;
36               settings = {
37                 server_url = "https://headscale";
38                 ip_prefixes = [ "100.64.0.0/10" ];
39                 derp.server = {
40                   enabled = true;
41                   region_id = 999;
42                   stun_listen_addr = "0.0.0.0:${toString stunPort}";
43                 };
44                 dns.base_domain = "tailnet";
45               };
46             };
47             nginx = {
48               enable = true;
49               virtualHosts.headscale = {
50                 addSSL = true;
51                 sslCertificate = "${tls-cert}/cert.pem";
52                 sslCertificateKey = "${tls-cert}/key.pem";
53                 locations."/" = {
54                   proxyPass = "http://127.0.0.1:${toString headscalePort}";
55                   proxyWebsockets = true;
56                 };
57               };
58             };
59           };
60           networking.firewall = {
61             allowedTCPPorts = [
62               80
63               443
64             ];
65             allowedUDPPorts = [ stunPort ];
66           };
67           environment.systemPackages = [ pkgs.headscale ];
68         };
69       };
70
71     testScript = ''
72       start_all()
73       headscale.wait_for_unit("headscale")
74       headscale.wait_for_open_port(443)
75
76       # Create headscale user and preauth-key
77       headscale.succeed("headscale users create test")
78       authkey = headscale.succeed("headscale preauthkeys -u test create --reusable")
79
80       # Connect peers
81       up_cmd = f"tailscale up --login-server 'https://headscale' --auth-key {authkey}"
82       peer1.execute(up_cmd)
83       peer2.execute(up_cmd)
84
85       # Check that they are reachable from the tailnet
86       peer1.wait_until_succeeds("tailscale ping peer2")
87       peer2.wait_until_succeeds("tailscale ping peer1.tailnet")
88     '';
89   }
90 )
Nix packages repository - mirror of https://github.com/NixOS/nixpkgs