bgpwtf: add rsh tests, fix startup sequencing
Change-Id: Idba53905d3965db6f805221da3e48548d7a01811
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1340
Reviewed-by: implr <implr@hackerspace.pl>
diff --git a/bgpwtf/machines/tests/rsh-dns.nix b/bgpwtf/machines/tests/rsh-dns.nix
new file mode 100644
index 0000000..8c3a2c3
--- /dev/null
+++ b/bgpwtf/machines/tests/rsh-dns.nix
@@ -0,0 +1,81 @@
+# Test unbound & RSH infrastructure.
+#
+# To run this:
+# nix-build -A bgpwtf.machines.tests.rsh-dns
+
+{ hscloud, ... }:
+
+# Use pkgs that edge01 is using. Perhaps we shouldn't use them for
+# _everything_, but this will have to do.
+let
+ pkgs = hscloud.ops.machines."edge01.waw.bgp.wtf".pkgs;
+ pkgsSrc = pkgs.path;
+ lib = pkgs.lib;
+
+in with lib; let
+
+test = import "${pkgsSrc}/nixos/tests/make-test-python.nix" ({ pkgs, libs, ... }: {
+ name = "test-rsh-dns";
+
+ nodes = {
+ provider = { config, pkgs, ... }: {
+ networking.interfaces.eth1.ipv4.addresses = [
+ { address = "192.168.0.1"; prefixLength = 24; }
+ ];
+ networking.firewall.allowedTCPPorts = [ 80 ];
+ services.nginx = {
+ enable = true;
+ virtualHosts."fake" = {
+ default = true;
+ root = pkgs.runCommand "root" {} ''
+ mkdir -p $out
+ cat ${./rsh-sample-20220612.xml} > $out/fake-register.xml
+ '';
+ };
+ };
+ };
+ server = { config, pkgs, ... }: {
+ imports = [
+ ../modules/rsh-unbound.nix
+ ];
+ networking.interfaces.eth1.ipv4.addresses = [
+ { address = "192.168.0.2"; prefixLength = 24; }
+ ];
+ services.unbound = {
+ enable = true;
+ settings = {
+ server = {
+ interface = [
+ "127.0.0.1"
+ ];
+ access-control = [
+ "127.0.0.0/8 allow"
+ ];
+ cache-max-negative-ttl = [ "30" ];
+ };
+ };
+ };
+ hscloud.rsh = {
+ enable = true;
+ register = "http://192.168.0.1/fake-register.xml";
+ };
+ environment.systemPackages = with pkgs; [
+ bind.dnsutils curl
+ ];
+ };
+ };
+
+ testScript = ''
+ provider.start()
+ provider.wait_for_unit("default.target")
+
+ start_all()
+ server.wait_for_unit("unbound.service")
+ server.wait_for_unit("rsh.service")
+
+ if "145.237.235.240" not in server.succeed("dig +short xn--drckglck-75ae.de"):
+ raise Exception("blocklist not applied")
+ '';
+});
+
+in test { inherit pkgs; inherit (pkgs) libs; }