Serge Bazanski | e1aa63c | 2022-06-12 12:27:56 +0200 | [diff] [blame] | 1 | # Test unbound & RSH infrastructure. |
| 2 | # |
| 3 | # To run this: |
| 4 | # nix-build -A bgpwtf.machines.tests.rsh-dns |
| 5 | |
| 6 | { hscloud, ... }: |
| 7 | |
| 8 | # Use pkgs that edge01 is using. Perhaps we shouldn't use them for |
| 9 | # _everything_, but this will have to do. |
| 10 | let |
| 11 | pkgs = hscloud.ops.machines."edge01.waw.bgp.wtf".pkgs; |
| 12 | pkgsSrc = pkgs.path; |
| 13 | lib = pkgs.lib; |
| 14 | |
| 15 | in with lib; let |
| 16 | |
| 17 | test = import "${pkgsSrc}/nixos/tests/make-test-python.nix" ({ pkgs, libs, ... }: { |
| 18 | name = "test-rsh-dns"; |
| 19 | |
| 20 | nodes = { |
| 21 | provider = { config, pkgs, ... }: { |
| 22 | networking.interfaces.eth1.ipv4.addresses = [ |
| 23 | { address = "192.168.0.1"; prefixLength = 24; } |
| 24 | ]; |
| 25 | networking.firewall.allowedTCPPorts = [ 80 ]; |
| 26 | services.nginx = { |
| 27 | enable = true; |
| 28 | virtualHosts."fake" = { |
| 29 | default = true; |
| 30 | root = pkgs.runCommand "root" {} '' |
| 31 | mkdir -p $out |
| 32 | cat ${./rsh-sample-20220612.xml} > $out/fake-register.xml |
| 33 | ''; |
| 34 | }; |
| 35 | }; |
| 36 | }; |
| 37 | server = { config, pkgs, ... }: { |
| 38 | imports = [ |
| 39 | ../modules/rsh-unbound.nix |
| 40 | ]; |
| 41 | networking.interfaces.eth1.ipv4.addresses = [ |
| 42 | { address = "192.168.0.2"; prefixLength = 24; } |
| 43 | ]; |
| 44 | services.unbound = { |
| 45 | enable = true; |
| 46 | settings = { |
| 47 | server = { |
| 48 | interface = [ |
| 49 | "127.0.0.1" |
| 50 | ]; |
| 51 | access-control = [ |
| 52 | "127.0.0.0/8 allow" |
| 53 | ]; |
| 54 | cache-max-negative-ttl = [ "30" ]; |
| 55 | }; |
| 56 | }; |
| 57 | }; |
| 58 | hscloud.rsh = { |
| 59 | enable = true; |
| 60 | register = "http://192.168.0.1/fake-register.xml"; |
| 61 | }; |
| 62 | environment.systemPackages = with pkgs; [ |
| 63 | bind.dnsutils curl |
| 64 | ]; |
| 65 | }; |
| 66 | }; |
| 67 | |
| 68 | testScript = '' |
| 69 | provider.start() |
| 70 | provider.wait_for_unit("default.target") |
| 71 | |
| 72 | start_all() |
| 73 | server.wait_for_unit("unbound.service") |
| 74 | server.wait_for_unit("rsh.service") |
| 75 | |
| 76 | if "145.237.235.240" not in server.succeed("dig +short xn--drckglck-75ae.de"): |
| 77 | raise Exception("blocklist not applied") |
| 78 | ''; |
| 79 | }); |
| 80 | |
| 81 | in test { inherit pkgs; inherit (pkgs) libs; } |