| blob | 653e280ec8b7ea522effe99c8bfb47721c3f28ca |
1 # This test verifies DHCPv4 interaction between a client and a router.
2 # For successful DHCP allocations a dynamic update request is sent
3 # towards a nameserver to allocate a name in the lan.nixos.test zone.
4 # We then verify whether client and router can ping each other, and
5 # that the nameserver can resolve the clients fqdn to the correct IP
6 # address.
8 import ./make-test-python.nix ({ pkgs, lib, ...}: {
9 meta.maintainers = with lib.maintainers; [ hexa ];
11 name = "kea";
13 nodes = {
14 router = { config, pkgs, ... }: {
15 virtualisation.vlans = [ 1 ];
17 networking = {
18 useDHCP = false;
19 firewall.allowedUDPPorts = [ 67 ];
20 };
22 systemd.network = {
23 enable = true;
24 networks = {
25 "01-eth1" = {
26 name = "eth1";
27 networkConfig = {
28 Address = "10.0.0.1/29";
29 };
30 };
31 };
32 };
34 services.kea.dhcp4 = {
35 enable = true;
36 settings = {
37 valid-lifetime = 3600;
38 renew-timer = 900;
39 rebind-timer = 1800;
41 lease-database = {
42 type = "memfile";
43 persist = true;
44 name = "/var/lib/kea/dhcp4.leases";
45 };
47 control-socket = {
48 socket-type = "unix";
49 socket-name = "/run/kea/dhcp4.sock";
50 };
52 interfaces-config = {
53 dhcp-socket-type = "raw";
54 interfaces = [
55 "eth1"
56 ];
57 };
59 subnet4 = [ {
60 id = 1;
61 subnet = "10.0.0.0/29";
62 pools = [ {
63 pool = "10.0.0.3 - 10.0.0.3";
64 } ];
65 } ];
67 # Enable communication between dhcp4 and a local dhcp-ddns
68 # instance.
69 # https://kea.readthedocs.io/en/kea-2.2.0/arm/dhcp4-srv.html#ddns-for-dhcpv4
70 dhcp-ddns = {
71 enable-updates = true;
72 };
74 ddns-send-updates = true;
75 ddns-qualifying-suffix = "lan.nixos.test.";
76 };
77 };
79 services.kea.dhcp-ddns = {
80 enable = true;
81 settings = {
82 forward-ddns = {
83 # Configure updates of a forward zone named `lan.nixos.test`
84 # hosted at the nameserver at 10.0.0.2
85 # https://kea.readthedocs.io/en/kea-2.2.0/arm/ddns.html#adding-forward-dns-servers
86 ddns-domains = [ {
87 name = "lan.nixos.test.";
88 # Use a TSIG key in production!
89 key-name = "";
90 dns-servers = [ {
91 ip-address = "10.0.0.2";
92 port = 53;
93 } ];
94 } ];
95 };
96 };
97 };
99 services.kea.ctrl-agent = {
100 enable = true;
101 settings = {
102 http-host = "127.0.0.1";
103 http-port = 8000;
104 control-sockets.dhcp4 = {
105 socket-type = "unix";
106 socket-name = "/run/kea/dhcp4.sock";
107 };
108 };
109 };
111 services.prometheus.exporters.kea = {
112 enable = true;
113 controlSocketPaths = [
114 "http://127.0.0.1:8000"
115 ];
116 };
117 };
119 nameserver = { config, pkgs, ... }: {
120 virtualisation.vlans = [ 1 ];
122 networking = {
123 useDHCP = false;
124 firewall.allowedUDPPorts = [ 53 ];
125 };
127 systemd.network = {
128 enable = true;
129 networks = {
130 "01-eth1" = {
131 name = "eth1";
132 networkConfig = {
133 Address = "10.0.0.2/29";
134 };
135 };
136 };
137 };
139 services.resolved.enable = false;
141 # Set up an authoritative nameserver, serving the `lan.nixos.test`
142 # zone and configure an ACL that allows dynamic updates from
143 # the router's ip address.
144 # This ACL is likely insufficient for production usage. Please
145 # use TSIG keys.
146 services.knot = let
147 zone = pkgs.writeTextDir "lan.nixos.test.zone" ''
148 @ SOA ns.nixos.test nox.nixos.test 0 86400 7200 3600000 172800
149 @ NS nameserver
150 nameserver A 10.0.0.3
151 router A 10.0.0.1
152 '';
153 zonesDir = pkgs.buildEnv {
154 name = "knot-zones";
155 paths = [ zone ];
156 };
157 in {
158 enable = true;
159 extraArgs = [
160 "-v"
161 ];
162 settings = {
163 server.listen = [
164 "0.0.0.0@53"
165 ];
167 log.syslog.any = "info";
169 acl.dhcp_ddns = {
170 address = "10.0.0.1";
171 action = "update";
172 };
174 template.default = {
175 storage = zonesDir;
176 zonefile-sync = "-1";
177 zonefile-load = "difference-no-serial";
178 journal-content = "all";
179 };
181 zone."lan.nixos.test" = {
182 file = "lan.nixos.test.zone";
183 acl = [
184 "dhcp_ddns"
185 ];
186 };
187 };
188 };
190 };
192 client = { config, pkgs, ... }: {
193 virtualisation.vlans = [ 1 ];
194 systemd.services.systemd-networkd.environment.SYSTEMD_LOG_LEVEL = "debug";
195 networking = {
196 useNetworkd = true;
197 useDHCP = false;
198 firewall.enable = false;
199 interfaces.eth1.useDHCP = true;
200 };
201 };
202 };
203 testScript = { ... }: ''
204 start_all()
205 router.wait_for_unit("kea-dhcp4-server.service")
206 client.wait_for_unit("systemd-networkd-wait-online.service")
207 client.wait_until_succeeds("ping -c 5 10.0.0.1")
208 router.wait_until_succeeds("ping -c 5 10.0.0.3")
209 nameserver.wait_until_succeeds("kdig +short client.lan.nixos.test @10.0.0.2 | grep -q 10.0.0.3")
210 router.log(router.execute("curl 127.0.0.1:9547")[1])
211 router.succeed("curl --no-buffer 127.0.0.1:9547 | grep -qE '^kea_dhcp4_addresses_assigned_total.*1.0$'")
212 '';
213 })