commit e1aa63c7dd50b6e907142e92369903b098a65a34
author Serge Bazanski <q3k@hackerspace.pl> Sun Jun 12 12:27:56 2022 +0200
committer q3k <q3k@hackerspace.pl> Thu Jul 07 23:51:57 2022 +0000
tree 156325b41268eed47a9e085b5d005acfc0b93662
parent 957d91180a348406e204010d012f83502a75dd70

bgpwtf: add rsh tests, fix startup sequencing

Change-Id: Idba53905d3965db6f805221da3e48548d7a01811
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1340
Reviewed-by: implr <implr@hackerspace.pl>

bgpwtf/machines/tests/rsh-dns.nix

diff --git a/bgpwtf/machines/tests/rsh-dns.nix b/bgpwtf/machines/tests/rsh-dns.nix
new file mode 100644
index 0000000..8c3a2c3
--- /dev/null
+++ b/bgpwtf/machines/tests/rsh-dns.nix
@@ -0,0 +1,81 @@
+# Test unbound & RSH infrastructure.
+#
+# To run this:
+#  nix-build -A bgpwtf.machines.tests.rsh-dns
+
+{ hscloud,  ... }:
+
+# Use pkgs that edge01 is using. Perhaps we shouldn't use them for
+# _everything_, but this will have to do.
+let
+  pkgs = hscloud.ops.machines."edge01.waw.bgp.wtf".pkgs;
+  pkgsSrc = pkgs.path;
+  lib = pkgs.lib;
+
+in with lib; let
+
+test = import "${pkgsSrc}/nixos/tests/make-test-python.nix" ({ pkgs, libs, ... }: {
+  name = "test-rsh-dns";
+
+  nodes = {
+    provider = { config, pkgs, ... }: {
+      networking.interfaces.eth1.ipv4.addresses = [
+        { address = "192.168.0.1"; prefixLength = 24; }
+      ];
+      networking.firewall.allowedTCPPorts = [ 80 ];
+      services.nginx = {
+        enable = true;
+        virtualHosts."fake" = {
+          default = true;
+          root = pkgs.runCommand "root" {} ''
+            mkdir -p $out
+            cat ${./rsh-sample-20220612.xml} > $out/fake-register.xml
+          '';
+        };
+      };
+    };
+    server = { config, pkgs, ... }: {
+      imports = [
+        ../modules/rsh-unbound.nix
+      ];
+      networking.interfaces.eth1.ipv4.addresses = [
+        { address = "192.168.0.2"; prefixLength = 24; }
+      ];
+      services.unbound = {
+        enable = true;
+        settings = {
+          server = {
+            interface = [
+              "127.0.0.1"
+            ];
+            access-control = [
+              "127.0.0.0/8 allow"
+            ];
+            cache-max-negative-ttl = [ "30" ];
+          };
+        };
+      };
+      hscloud.rsh = {
+        enable = true;
+        register = "http://192.168.0.1/fake-register.xml";
+      };
+      environment.systemPackages = with pkgs; [
+        bind.dnsutils curl
+      ];
+    };
+  };
+
+  testScript = ''
+    provider.start()
+    provider.wait_for_unit("default.target")
+
+    start_all()
+    server.wait_for_unit("unbound.service")
+    server.wait_for_unit("rsh.service")
+
+    if "145.237.235.240" not in server.succeed("dig +short xn--drckglck-75ae.de"):
+      raise Exception("blocklist not applied")
+  '';
+});
+
+in test { inherit pkgs; inherit (pkgs) libs; }