2016-08-29 16:18:25 +03:00
|
|
|
|
2019-11-28 19:48:58 +03:00
|
|
|
import ./make-test-python.nix ({ pkgs, ...} : {
|
2016-08-29 16:18:25 +03:00
|
|
|
name = "ferm";
|
|
|
|
meta = with pkgs.stdenv.lib.maintainers; {
|
|
|
|
maintainers = [ mic92 ];
|
|
|
|
};
|
|
|
|
|
|
|
|
nodes =
|
|
|
|
{ client =
|
2018-07-20 23:56:59 +03:00
|
|
|
{ pkgs, ... }:
|
2016-08-29 16:18:25 +03:00
|
|
|
with pkgs.lib;
|
|
|
|
{
|
|
|
|
networking = {
|
2018-09-21 02:17:41 +03:00
|
|
|
dhcpcd.enable = false;
|
2017-12-03 07:14:54 +03:00
|
|
|
interfaces.eth1.ipv6.addresses = mkOverride 0 [ { address = "fd00::2"; prefixLength = 64; } ];
|
|
|
|
interfaces.eth1.ipv4.addresses = mkOverride 0 [ { address = "192.168.1.2"; prefixLength = 24; } ];
|
2016-08-29 16:18:25 +03:00
|
|
|
};
|
|
|
|
};
|
|
|
|
server =
|
2018-07-20 23:56:59 +03:00
|
|
|
{ pkgs, ... }:
|
2016-08-29 16:18:25 +03:00
|
|
|
with pkgs.lib;
|
|
|
|
{
|
|
|
|
networking = {
|
2018-09-21 02:17:41 +03:00
|
|
|
dhcpcd.enable = false;
|
2019-09-29 16:11:00 +03:00
|
|
|
useNetworkd = true;
|
2019-10-08 18:09:05 +03:00
|
|
|
useDHCP = false;
|
2017-12-03 07:14:54 +03:00
|
|
|
interfaces.eth1.ipv6.addresses = mkOverride 0 [ { address = "fd00::1"; prefixLength = 64; } ];
|
|
|
|
interfaces.eth1.ipv4.addresses = mkOverride 0 [ { address = "192.168.1.1"; prefixLength = 24; } ];
|
2016-08-29 16:18:25 +03:00
|
|
|
};
|
|
|
|
|
|
|
|
services = {
|
|
|
|
ferm.enable = true;
|
|
|
|
ferm.config = ''
|
|
|
|
domain (ip ip6) table filter chain INPUT {
|
|
|
|
interface lo ACCEPT;
|
|
|
|
proto tcp dport 8080 REJECT reject-with tcp-reset;
|
|
|
|
}
|
|
|
|
'';
|
|
|
|
nginx.enable = true;
|
|
|
|
nginx.httpConfig = ''
|
|
|
|
server {
|
|
|
|
listen 80;
|
|
|
|
listen [::]:80;
|
|
|
|
listen 8080;
|
|
|
|
listen [::]:8080;
|
|
|
|
|
|
|
|
location /status { stub_status on; }
|
|
|
|
}
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
testScript =
|
|
|
|
''
|
2019-11-28 19:48:58 +03:00
|
|
|
start_all()
|
2016-08-29 16:18:25 +03:00
|
|
|
|
2019-11-28 19:48:58 +03:00
|
|
|
client.wait_for_unit("network-online.target")
|
2020-10-21 17:47:28 +03:00
|
|
|
server.wait_for_unit("network-online.target")
|
2019-11-28 19:48:58 +03:00
|
|
|
server.wait_for_unit("ferm.service")
|
|
|
|
server.wait_for_unit("nginx.service")
|
|
|
|
server.wait_until_succeeds("ss -ntl | grep -q 80")
|
2016-08-29 16:18:25 +03:00
|
|
|
|
2019-11-28 19:48:58 +03:00
|
|
|
with subtest("port 80 is allowed"):
|
|
|
|
client.succeed("curl --fail -g http://192.168.1.1:80/status")
|
|
|
|
client.succeed("curl --fail -g http://[fd00::1]:80/status")
|
2016-08-29 16:18:25 +03:00
|
|
|
|
2019-11-28 19:48:58 +03:00
|
|
|
with subtest("port 8080 is not allowed"):
|
|
|
|
server.succeed("curl --fail -g http://192.168.1.1:8080/status")
|
|
|
|
server.succeed("curl --fail -g http://[fd00::1]:8080/status")
|
2016-08-29 16:18:25 +03:00
|
|
|
|
2019-11-28 19:48:58 +03:00
|
|
|
client.fail("curl --fail -g http://192.168.1.1:8080/status")
|
|
|
|
client.fail("curl --fail -g http://[fd00::1]:8080/status")
|
2016-08-29 16:18:25 +03:00
|
|
|
'';
|
|
|
|
})
|