| # Test unbound & RSH infrastructure. |
| # |
| # To run this: |
| # nix-build -A bgpwtf.machines.tests.rsh-dns |
| |
| { hscloud, ... }: |
| |
| # Use pkgs that edge01 is using. Perhaps we shouldn't use them for |
| # _everything_, but this will have to do. |
| let |
| pkgs = hscloud.ops.machines."edge01.waw.bgp.wtf".pkgs; |
| pkgsSrc = pkgs.path; |
| lib = pkgs.lib; |
| |
| in with lib; let |
| |
| test = import "${pkgsSrc}/nixos/tests/make-test-python.nix" ({ pkgs, libs, ... }: { |
| name = "test-rsh-dns"; |
| |
| nodes = { |
| provider = { config, pkgs, ... }: { |
| networking.interfaces.eth1.ipv4.addresses = [ |
| { address = "192.168.0.1"; prefixLength = 24; } |
| ]; |
| networking.firewall.allowedTCPPorts = [ 80 ]; |
| services.nginx = { |
| enable = true; |
| virtualHosts."fake" = { |
| default = true; |
| root = pkgs.runCommand "root" {} '' |
| mkdir -p $out |
| cat ${./rsh-sample-20220612.xml} > $out/fake-register.xml |
| ''; |
| }; |
| }; |
| }; |
| server = { config, pkgs, ... }: { |
| imports = [ |
| ../modules/rsh-unbound.nix |
| ]; |
| networking.interfaces.eth1.ipv4.addresses = [ |
| { address = "192.168.0.2"; prefixLength = 24; } |
| ]; |
| services.unbound = { |
| enable = true; |
| settings = { |
| server = { |
| interface = [ |
| "127.0.0.1" |
| ]; |
| access-control = [ |
| "127.0.0.0/8 allow" |
| ]; |
| cache-max-negative-ttl = [ "30" ]; |
| }; |
| }; |
| }; |
| hscloud.rsh = { |
| enable = true; |
| register = "http://192.168.0.1/fake-register.xml"; |
| }; |
| environment.systemPackages = with pkgs; [ |
| bind.dnsutils curl |
| ]; |
| }; |
| }; |
| |
| testScript = '' |
| provider.start() |
| provider.wait_for_unit("default.target") |
| |
| start_all() |
| server.wait_for_unit("unbound.service") |
| server.wait_for_unit("rsh.service") |
| |
| if "145.237.235.240" not in server.succeed("dig +short xn--drckglck-75ae.de"): |
| raise Exception("blocklist not applied") |
| ''; |
| }); |
| |
| in test { inherit pkgs; inherit (pkgs) libs; } |