mirror of
https://github.com/NixOS/nixpkgs.git
synced 2025-06-09 19:13:26 +03:00
Martin Weinelt
parent
6919956d08
commit
5a80e9ed00
2 changed files with 196 additions and 194 deletions
|
|
@ -575,7 +575,7 @@ in {
|
|||
kavita = handleTest ./kavita.nix {};
|
||||
kbd-setfont-decompress = handleTest ./kbd-setfont-decompress.nix {};
|
||||
kbd-update-search-paths-patch = handleTest ./kbd-update-search-paths-patch.nix {};
|
||||
kea = handleTest ./kea.nix {};
|
||||
kea = runTest ./kea.nix;
|
||||
keepalived = handleTest ./keepalived.nix {};
|
||||
keepassxc = handleTest ./keepassxc.nix {};
|
||||
kerberos = handleTest ./kerberos/default.nix {};
|
||||
|
|
|
|||
|
|
@ -5,231 +5,233 @@
|
|||
# that the nameserver can resolve the clients fqdn to the correct IP
|
||||
# address.
|
||||
|
||||
import ./make-test-python.nix (
|
||||
{ pkgs, lib, ... }:
|
||||
{
|
||||
meta.maintainers = with lib.maintainers; [ hexa ];
|
||||
{
|
||||
pkgs,
|
||||
lib,
|
||||
...
|
||||
}:
|
||||
{
|
||||
meta.maintainers = with lib.maintainers; [ hexa ];
|
||||
|
||||
name = "kea";
|
||||
name = "kea";
|
||||
|
||||
nodes = {
|
||||
router =
|
||||
{ config, pkgs, ... }:
|
||||
{
|
||||
virtualisation.vlans = [ 1 ];
|
||||
nodes = {
|
||||
router =
|
||||
{ config, pkgs, ... }:
|
||||
{
|
||||
virtualisation.vlans = [ 1 ];
|
||||
|
||||
networking = {
|
||||
useDHCP = false;
|
||||
firewall.allowedUDPPorts = [ 67 ];
|
||||
};
|
||||
networking = {
|
||||
useDHCP = false;
|
||||
firewall.allowedUDPPorts = [ 67 ];
|
||||
};
|
||||
|
||||
systemd.network = {
|
||||
enable = true;
|
||||
networks = {
|
||||
"01-eth1" = {
|
||||
name = "eth1";
|
||||
networkConfig = {
|
||||
Address = "10.0.0.1/29";
|
||||
};
|
||||
systemd.network = {
|
||||
enable = true;
|
||||
networks = {
|
||||
"01-eth1" = {
|
||||
name = "eth1";
|
||||
networkConfig = {
|
||||
Address = "10.0.0.1/29";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
services.kea.dhcp4 = {
|
||||
enable = true;
|
||||
settings = {
|
||||
valid-lifetime = 3600;
|
||||
renew-timer = 900;
|
||||
rebind-timer = 1800;
|
||||
services.kea.dhcp4 = {
|
||||
enable = true;
|
||||
settings = {
|
||||
valid-lifetime = 3600;
|
||||
renew-timer = 900;
|
||||
rebind-timer = 1800;
|
||||
|
||||
lease-database = {
|
||||
type = "memfile";
|
||||
persist = true;
|
||||
name = "/var/lib/kea/dhcp4.leases";
|
||||
};
|
||||
lease-database = {
|
||||
type = "memfile";
|
||||
persist = true;
|
||||
name = "/var/lib/kea/dhcp4.leases";
|
||||
};
|
||||
|
||||
control-socket = {
|
||||
socket-type = "unix";
|
||||
socket-name = "/run/kea/dhcp4.sock";
|
||||
};
|
||||
control-socket = {
|
||||
socket-type = "unix";
|
||||
socket-name = "/run/kea/dhcp4.sock";
|
||||
};
|
||||
|
||||
interfaces-config = {
|
||||
dhcp-socket-type = "raw";
|
||||
interfaces = [
|
||||
"eth1"
|
||||
interfaces-config = {
|
||||
dhcp-socket-type = "raw";
|
||||
interfaces = [
|
||||
"eth1"
|
||||
];
|
||||
};
|
||||
|
||||
subnet4 = [
|
||||
{
|
||||
id = 1;
|
||||
subnet = "10.0.0.0/29";
|
||||
pools = [
|
||||
{
|
||||
pool = "10.0.0.3 - 10.0.0.3";
|
||||
}
|
||||
];
|
||||
};
|
||||
}
|
||||
];
|
||||
|
||||
subnet4 = [
|
||||
# Enable communication between dhcp4 and a local dhcp-ddns
|
||||
# instance.
|
||||
# https://kea.readthedocs.io/en/kea-2.2.0/arm/dhcp4-srv.html#ddns-for-dhcpv4
|
||||
dhcp-ddns = {
|
||||
enable-updates = true;
|
||||
};
|
||||
|
||||
ddns-send-updates = true;
|
||||
ddns-qualifying-suffix = "lan.nixos.test.";
|
||||
};
|
||||
};
|
||||
|
||||
services.kea.dhcp-ddns = {
|
||||
enable = true;
|
||||
settings = {
|
||||
forward-ddns = {
|
||||
# Configure updates of a forward zone named `lan.nixos.test`
|
||||
# hosted at the nameserver at 10.0.0.2
|
||||
# https://kea.readthedocs.io/en/kea-2.2.0/arm/ddns.html#adding-forward-dns-servers
|
||||
ddns-domains = [
|
||||
{
|
||||
id = 1;
|
||||
subnet = "10.0.0.0/29";
|
||||
pools = [
|
||||
name = "lan.nixos.test.";
|
||||
# Use a TSIG key in production!
|
||||
key-name = "";
|
||||
dns-servers = [
|
||||
{
|
||||
pool = "10.0.0.3 - 10.0.0.3";
|
||||
ip-address = "10.0.0.2";
|
||||
port = 53;
|
||||
}
|
||||
];
|
||||
}
|
||||
];
|
||||
|
||||
# Enable communication between dhcp4 and a local dhcp-ddns
|
||||
# instance.
|
||||
# https://kea.readthedocs.io/en/kea-2.2.0/arm/dhcp4-srv.html#ddns-for-dhcpv4
|
||||
dhcp-ddns = {
|
||||
enable-updates = true;
|
||||
};
|
||||
|
||||
ddns-send-updates = true;
|
||||
ddns-qualifying-suffix = "lan.nixos.test.";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
services.kea.dhcp-ddns = {
|
||||
enable = true;
|
||||
settings = {
|
||||
forward-ddns = {
|
||||
# Configure updates of a forward zone named `lan.nixos.test`
|
||||
# hosted at the nameserver at 10.0.0.2
|
||||
# https://kea.readthedocs.io/en/kea-2.2.0/arm/ddns.html#adding-forward-dns-servers
|
||||
ddns-domains = [
|
||||
{
|
||||
name = "lan.nixos.test.";
|
||||
# Use a TSIG key in production!
|
||||
key-name = "";
|
||||
dns-servers = [
|
||||
{
|
||||
ip-address = "10.0.0.2";
|
||||
port = 53;
|
||||
}
|
||||
];
|
||||
}
|
||||
];
|
||||
services.kea.ctrl-agent = {
|
||||
enable = true;
|
||||
settings = {
|
||||
http-host = "127.0.0.1";
|
||||
http-port = 8000;
|
||||
control-sockets.dhcp4 = {
|
||||
socket-type = "unix";
|
||||
socket-name = "/run/kea/dhcp4.sock";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
services.prometheus.exporters.kea = {
|
||||
enable = true;
|
||||
controlSocketPaths = [
|
||||
"http://127.0.0.1:8000"
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
nameserver =
|
||||
{ config, pkgs, ... }:
|
||||
{
|
||||
virtualisation.vlans = [ 1 ];
|
||||
|
||||
networking = {
|
||||
useDHCP = false;
|
||||
firewall.allowedUDPPorts = [ 53 ];
|
||||
};
|
||||
|
||||
systemd.network = {
|
||||
enable = true;
|
||||
networks = {
|
||||
"01-eth1" = {
|
||||
name = "eth1";
|
||||
networkConfig = {
|
||||
Address = "10.0.0.2/29";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
services.kea.ctrl-agent = {
|
||||
enable = true;
|
||||
settings = {
|
||||
http-host = "127.0.0.1";
|
||||
http-port = 8000;
|
||||
control-sockets.dhcp4 = {
|
||||
socket-type = "unix";
|
||||
socket-name = "/run/kea/dhcp4.sock";
|
||||
};
|
||||
services.resolved.enable = false;
|
||||
|
||||
# Set up an authoritative nameserver, serving the `lan.nixos.test`
|
||||
# zone and configure an ACL that allows dynamic updates from
|
||||
# the router's ip address.
|
||||
# This ACL is likely insufficient for production usage. Please
|
||||
# use TSIG keys.
|
||||
services.knot =
|
||||
let
|
||||
zone = pkgs.writeTextDir "lan.nixos.test.zone" ''
|
||||
@ SOA ns.nixos.test nox.nixos.test 0 86400 7200 3600000 172800
|
||||
@ NS nameserver
|
||||
nameserver A 10.0.0.3
|
||||
router A 10.0.0.1
|
||||
'';
|
||||
zonesDir = pkgs.buildEnv {
|
||||
name = "knot-zones";
|
||||
paths = [ zone ];
|
||||
};
|
||||
};
|
||||
|
||||
services.prometheus.exporters.kea = {
|
||||
in
|
||||
{
|
||||
enable = true;
|
||||
controlSocketPaths = [
|
||||
"http://127.0.0.1:8000"
|
||||
extraArgs = [
|
||||
"-v"
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
nameserver =
|
||||
{ config, pkgs, ... }:
|
||||
{
|
||||
virtualisation.vlans = [ 1 ];
|
||||
|
||||
networking = {
|
||||
useDHCP = false;
|
||||
firewall.allowedUDPPorts = [ 53 ];
|
||||
};
|
||||
|
||||
systemd.network = {
|
||||
enable = true;
|
||||
networks = {
|
||||
"01-eth1" = {
|
||||
name = "eth1";
|
||||
networkConfig = {
|
||||
Address = "10.0.0.2/29";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
services.resolved.enable = false;
|
||||
|
||||
# Set up an authoritative nameserver, serving the `lan.nixos.test`
|
||||
# zone and configure an ACL that allows dynamic updates from
|
||||
# the router's ip address.
|
||||
# This ACL is likely insufficient for production usage. Please
|
||||
# use TSIG keys.
|
||||
services.knot =
|
||||
let
|
||||
zone = pkgs.writeTextDir "lan.nixos.test.zone" ''
|
||||
@ SOA ns.nixos.test nox.nixos.test 0 86400 7200 3600000 172800
|
||||
@ NS nameserver
|
||||
nameserver A 10.0.0.3
|
||||
router A 10.0.0.1
|
||||
'';
|
||||
zonesDir = pkgs.buildEnv {
|
||||
name = "knot-zones";
|
||||
paths = [ zone ];
|
||||
};
|
||||
in
|
||||
{
|
||||
enable = true;
|
||||
extraArgs = [
|
||||
"-v"
|
||||
settings = {
|
||||
server.listen = [
|
||||
"0.0.0.0@53"
|
||||
];
|
||||
settings = {
|
||||
server.listen = [
|
||||
"0.0.0.0@53"
|
||||
|
||||
log.syslog.any = "info";
|
||||
|
||||
acl.dhcp_ddns = {
|
||||
address = "10.0.0.1";
|
||||
action = "update";
|
||||
};
|
||||
|
||||
template.default = {
|
||||
storage = zonesDir;
|
||||
zonefile-sync = "-1";
|
||||
zonefile-load = "difference-no-serial";
|
||||
journal-content = "all";
|
||||
};
|
||||
|
||||
zone."lan.nixos.test" = {
|
||||
file = "lan.nixos.test.zone";
|
||||
acl = [
|
||||
"dhcp_ddns"
|
||||
];
|
||||
|
||||
log.syslog.any = "info";
|
||||
|
||||
acl.dhcp_ddns = {
|
||||
address = "10.0.0.1";
|
||||
action = "update";
|
||||
};
|
||||
|
||||
template.default = {
|
||||
storage = zonesDir;
|
||||
zonefile-sync = "-1";
|
||||
zonefile-load = "difference-no-serial";
|
||||
journal-content = "all";
|
||||
};
|
||||
|
||||
zone."lan.nixos.test" = {
|
||||
file = "lan.nixos.test.zone";
|
||||
acl = [
|
||||
"dhcp_ddns"
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
client =
|
||||
{ config, pkgs, ... }:
|
||||
{
|
||||
virtualisation.vlans = [ 1 ];
|
||||
systemd.services.systemd-networkd.environment.SYSTEMD_LOG_LEVEL = "debug";
|
||||
networking = {
|
||||
useNetworkd = true;
|
||||
useDHCP = false;
|
||||
firewall.enable = false;
|
||||
interfaces.eth1.useDHCP = true;
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
client =
|
||||
{ config, pkgs, ... }:
|
||||
{
|
||||
virtualisation.vlans = [ 1 ];
|
||||
systemd.services.systemd-networkd.environment.SYSTEMD_LOG_LEVEL = "debug";
|
||||
networking = {
|
||||
useNetworkd = true;
|
||||
useDHCP = false;
|
||||
firewall.enable = false;
|
||||
interfaces.eth1.useDHCP = true;
|
||||
};
|
||||
};
|
||||
testScript =
|
||||
{ ... }:
|
||||
''
|
||||
start_all()
|
||||
router.wait_for_unit("kea-dhcp4-server.service")
|
||||
client.systemctl("start systemd-networkd-wait-online.service")
|
||||
client.wait_for_unit("systemd-networkd-wait-online.service")
|
||||
client.wait_until_succeeds("ping -c 5 10.0.0.1")
|
||||
router.wait_until_succeeds("ping -c 5 10.0.0.3")
|
||||
nameserver.wait_until_succeeds("kdig +short client.lan.nixos.test @10.0.0.2 | grep -q 10.0.0.3")
|
||||
router.log(router.execute("curl 127.0.0.1:9547")[1])
|
||||
router.succeed("curl --no-buffer 127.0.0.1:9547 | grep -qE '^kea_dhcp4_addresses_assigned_total.*1.0$'")
|
||||
'';
|
||||
}
|
||||
)
|
||||
};
|
||||
};
|
||||
testScript =
|
||||
{ ... }:
|
||||
''
|
||||
start_all()
|
||||
router.wait_for_unit("kea-dhcp4-server.service")
|
||||
client.systemctl("start systemd-networkd-wait-online.service")
|
||||
client.wait_for_unit("systemd-networkd-wait-online.service")
|
||||
client.wait_until_succeeds("ping -c 5 10.0.0.1")
|
||||
router.wait_until_succeeds("ping -c 5 10.0.0.3")
|
||||
nameserver.wait_until_succeeds("kdig +short client.lan.nixos.test @10.0.0.2 | grep -q 10.0.0.3")
|
||||
router.log(router.execute("curl 127.0.0.1:9547")[1])
|
||||
router.succeed("curl --no-buffer 127.0.0.1:9547 | grep -qE '^kea_dhcp4_addresses_assigned_total.*1.0$'")
|
||||
'';
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue