nixos/iodine: add test

2020-02-02 12:00:00 +00:00 · 2020-02-02 12:00:00 +00:00 · b7f27cb61a
commit b7f27cb61a
parent 00a91d919d
3 changed files with 69 additions and 1 deletions
--- a/nixos/tests/all-tests.nix
+++ b/nixos/tests/all-tests.nix
@ -130,6 +130,7 @@ in
  initrd-network-ssh = handleTest ./initrd-network-ssh {};
  initrdNetwork = handleTest ./initrd-network.nix {};
  installer = handleTest ./installer.nix {};
+  iodine = handleTest ./iodine.nix {};
  ipv6 = handleTest ./ipv6.nix {};
  jackett = handleTest ./jackett.nix {};
  jellyfin = handleTest ./jellyfin.nix {};
--- a/nixos/tests/iodine.nix
+++ b/nixos/tests/iodine.nix
@ -0,0 +1,63 @@
+import ./make-test-python.nix (
+  { pkgs, ... }: let
+    domain = "whatever.example.com";
+  in
+    {
+      name = "iodine";
+      nodes = {
+        server =
+          { ... }:
+
+            {
+              networking.firewall = {
+                allowedUDPPorts = [ 53 ];
+                trustedInterfaces = [ "dns0" ];
+              };
+              boot.kernel.sysctl = {
+                "net.ipv4.ip_forward" = 1;
+                "net.ipv6.ip_forward" = 1;
+              };
+
+              services.iodine.server = {
+                enable = true;
+                ip = "10.53.53.1/24";
+                passwordFile = "${builtins.toFile "password" "foo"}";
+                inherit domain;
+              };
+
+              # test resource: accessible only via tunnel
+              services.openssh = {
+                enable = true;
+                openFirewall = false;
+              };
+            };
+
+        client =
+          { ... }: {
+            services.iodine.clients.testClient = {
+              # test that ProtectHome is "read-only"
+              passwordFile = "/root/pw";
+              relay = "server";
+              server = domain;
+            };
+            systemd.tmpfiles.rules = [
+              "f /root/pw 0666 root root - foo"
+            ];
+            environment.systemPackages = [
+              pkgs.nagiosPluginsOfficial
+            ];
+          };
+
+      };
+
+      testScript = ''
+        start_all()
+
+        server.wait_for_unit("sshd")
+        server.wait_for_unit("iodined")
+        client.wait_for_unit("iodine-testClient")
+
+        client.succeed("check_ssh -H 10.53.53.1")
+      '';
+    }
+)
--- a/pkgs/tools/networking/iodine/default.nix
+++ b/pkgs/tools/networking/iodine/default.nix
@ -1,4 +1,4 @@
-{ stdenv, fetchFromGitHub, zlib, nettools }:
+{ stdenv, fetchFromGitHub, zlib, nettools, nixosTests }:

 stdenv.mkDerivation rec {
  pname = "iodine";
@ -19,6 +19,10 @@ stdenv.mkDerivation rec {

  installFlags = [ "prefix=\${out}" ];

+  passthru.tests = {
+    inherit (nixosTests) iodine;
+  };
+
  meta = {
    homepage = http://code.kryo.se/iodine/;
    description = "Tool to tunnel IPv4 data through a DNS server";