bgpwtf/machines/tests/rsh-dns.nix - hscloud - Gitiles

 # Test unbound & RSH infrastructure.
 #
 # To run this:
 #  nix-build -A bgpwtf.machines.tests.rsh-dns

 { hscloud,  ... }:

 # Use pkgs that edge01 is using. Perhaps we shouldn't use them for
 # _everything_, but this will have to do.
 let
   pkgs = hscloud.ops.machines."edge01.waw.bgp.wtf".pkgs;
   pkgsSrc = pkgs.path;
   lib = pkgs.lib;

 in with lib; let

 test = import "${pkgsSrc}/nixos/tests/make-test-python.nix" ({ pkgs, libs, ... }: {
   name = "test-rsh-dns";

   nodes = {
     provider = { config, pkgs, ... }: {
       networking.interfaces.eth1.ipv4.addresses = [
         { address = "192.168.0.1"; prefixLength = 24; }
       ];
       networking.firewall.allowedTCPPorts = [ 80 ];
       services.nginx = {
         enable = true;
         virtualHosts."fake" = {
           default = true;
           root = pkgs.runCommand "root" {} ''
             mkdir -p $out
             cat ${./rsh-sample-20220612.xml} > $out/fake-register.xml
           '';
         };
       };
     };
     server = { config, pkgs, ... }: {
       imports = [
         ../modules/rsh-unbound.nix
       ];
       networking.interfaces.eth1.ipv4.addresses = [
         { address = "192.168.0.2"; prefixLength = 24; }
       ];
       services.unbound = {
         enable = true;
         settings = {
           server = {
             interface = [
               "127.0.0.1"
             ];
             access-control = [
               "127.0.0.0/8 allow"
             ];
             cache-max-negative-ttl = [ "30" ];
           };
         };
       };
       hscloud.rsh = {
         enable = true;
         register = "http://192.168.0.1/fake-register.xml";
       };
       environment.systemPackages = with pkgs; [
         bind.dnsutils curl
       ];
     };
   };

   testScript = ''
     provider.start()
     provider.wait_for_unit("default.target")

     start_all()
     server.wait_for_unit("unbound.service")
     server.wait_for_unit("rsh.service")

     if "145.237.235.240" not in server.succeed("dig +short xn--drckglck-75ae.de"):
       raise Exception("blocklist not applied")
   '';
 });

 in test { inherit pkgs; inherit (pkgs) libs; }
	# Test unbound & RSH infrastructure.
	#
	# To run this:
	# nix-build -A bgpwtf.machines.tests.rsh-dns

	{ hscloud, ... }:

	# Use pkgs that edge01 is using. Perhaps we shouldn't use them for
	# _everything_, but this will have to do.
	let
	pkgs = hscloud.ops.machines."edge01.waw.bgp.wtf".pkgs;
	pkgsSrc = pkgs.path;
	lib = pkgs.lib;

	in with lib; let

	test = import "${pkgsSrc}/nixos/tests/make-test-python.nix" ({ pkgs, libs, ... }: {
	name = "test-rsh-dns";

	nodes = {
	provider = { config, pkgs, ... }: {
	networking.interfaces.eth1.ipv4.addresses = [
	{ address = "192.168.0.1"; prefixLength = 24; }
	];
	networking.firewall.allowedTCPPorts = [ 80 ];
	services.nginx = {
	enable = true;
	virtualHosts."fake" = {
	default = true;
	root = pkgs.runCommand "root" {} ''
	mkdir -p $out
	cat ${./rsh-sample-20220612.xml} > $out/fake-register.xml
	'';
	};
	};
	};
	server = { config, pkgs, ... }: {
	imports = [
	../modules/rsh-unbound.nix
	];
	networking.interfaces.eth1.ipv4.addresses = [
	{ address = "192.168.0.2"; prefixLength = 24; }
	];
	services.unbound = {
	enable = true;
	settings = {
	server = {
	interface = [
	"127.0.0.1"
	];
	access-control = [
	"127.0.0.0/8 allow"
	];
	cache-max-negative-ttl = [ "30" ];
	};
	};
	};
	hscloud.rsh = {
	enable = true;
	register = "http://192.168.0.1/fake-register.xml";
	};
	environment.systemPackages = with pkgs; [
	bind.dnsutils curl
	];
	};
	};

	testScript = ''
	provider.start()
	provider.wait_for_unit("default.target")

	start_all()
	server.wait_for_unit("unbound.service")
	server.wait_for_unit("rsh.service")

	if "145.237.235.240" not in server.succeed("dig +short xn--drckglck-75ae.de"):
	raise Exception("blocklist not applied")
	'';
	});

	in test { inherit pkgs; inherit (pkgs) libs; }