Gitiles
Code Review Sign In
gerrit.hackerspace.pl / hscloud / f21ca388baf762c2f9bcc26da8fe84a259a095c9 / . / bgpwtf / machines / tests / rsh-dns.nix
blob: 8c3a2c33d4ce98ee83a78fd93a7cf57772ccd2a7 [file] [log] [blame]
Serge Bazanskie1aa63c2022-06-12 12:27:56 +0200[diff] [blame]1# Test unbound & RSH infrastructure.
2#
3# To run this:
4# nix-build -A bgpwtf.machines.tests.rsh-dns
5
6{ hscloud, ... }:
7
8# Use pkgs that edge01 is using. Perhaps we shouldn't use them for
9# _everything_, but this will have to do.
10let
11 pkgs = hscloud.ops.machines."edge01.waw.bgp.wtf".pkgs;
12 pkgsSrc = pkgs.path;
13 lib = pkgs.lib;
14
15in with lib; let
16
17test = import "${pkgsSrc}/nixos/tests/make-test-python.nix" ({ pkgs, libs, ... }: {
18 name = "test-rsh-dns";
19
20 nodes = {
21 provider = { config, pkgs, ... }: {
22 networking.interfaces.eth1.ipv4.addresses = [
23 { address = "192.168.0.1"; prefixLength = 24; }
24 ];
25 networking.firewall.allowedTCPPorts = [ 80 ];
26 services.nginx = {
27 enable = true;
28 virtualHosts."fake" = {
29 default = true;
30 root = pkgs.runCommand "root" {} ''
31 mkdir -p $out
32 cat ${./rsh-sample-20220612.xml} > $out/fake-register.xml
33 '';
34 };
35 };
36 };
37 server = { config, pkgs, ... }: {
38 imports = [
39 ../modules/rsh-unbound.nix
40 ];
41 networking.interfaces.eth1.ipv4.addresses = [
42 { address = "192.168.0.2"; prefixLength = 24; }
43 ];
44 services.unbound = {
45 enable = true;
46 settings = {
47 server = {
48 interface = [
49 "127.0.0.1"
50 ];
51 access-control = [
52 "127.0.0.0/8 allow"
53 ];
54 cache-max-negative-ttl = [ "30" ];
55 };
56 };
57 };
58 hscloud.rsh = {
59 enable = true;
60 register = "http://192.168.0.1/fake-register.xml";
61 };
62 environment.systemPackages = with pkgs; [
63 bind.dnsutils curl
64 ];
65 };
66 };
67
68 testScript = ''
69 provider.start()
70 provider.wait_for_unit("default.target")
71
72 start_all()
73 server.wait_for_unit("unbound.service")
74 server.wait_for_unit("rsh.service")
75
76 if "145.237.235.240" not in server.succeed("dig +short xn--drckglck-75ae.de"):
77 raise Exception("blocklist not applied")
78 '';
79});
80
81in test { inherit pkgs; inherit (pkgs) libs; }