Matt Layher
4 years ago
committed by
Jon
parent
046730ebdb
commit
5089214a3d
@ -0,0 +1,46 @@ |
||||
{ config, lib, pkgs, ... }: |
||||
|
||||
with lib; |
||||
|
||||
let |
||||
cfg = config.services.corerad; |
||||
in { |
||||
meta = { |
||||
maintainers = with maintainers; [ mdlayher ]; |
||||
}; |
||||
|
||||
options.services.corerad = { |
||||
enable = mkEnableOption "CoreRAD IPv6 NDP RA daemon"; |
||||
|
||||
configFile = mkOption { |
||||
type = types.path; |
||||
example = literalExample "\"\${pkgs.corerad}/etc/corerad/corerad.toml\""; |
||||
description = "Path to CoreRAD TOML configuration file."; |
||||
}; |
||||
|
||||
package = mkOption { |
||||
default = pkgs.corerad; |
||||
defaultText = literalExample "pkgs.corerad"; |
||||
type = types.package; |
||||
description = "CoreRAD package to use."; |
||||
}; |
||||
}; |
||||
|
||||
config = mkIf cfg.enable { |
||||
systemd.services.corerad = { |
||||
description = "CoreRAD IPv6 NDP RA daemon"; |
||||
after = [ "network.target" ]; |
||||
wantedBy = [ "multi-user.target" ]; |
||||
serviceConfig = { |
||||
LimitNPROC = 512; |
||||
LimitNOFILE = 1048576; |
||||
CapabilityBoundingSet = "CAP_NET_ADMIN CAP_NET_RAW"; |
||||
AmbientCapabilities = "CAP_NET_ADMIN CAP_NET_RAW"; |
||||
NoNewPrivileges = true; |
||||
DynamicUser = true; |
||||
ExecStart = "${getBin cfg.package}/bin/corerad -c=${cfg.configFile}"; |
||||
Restart = "on-failure"; |
||||
}; |
||||
}; |
||||
}; |
||||
} |
||||
@ -0,0 +1,71 @@ |
||||
import ./make-test-python.nix ( |
||||
{ |
||||
nodes = { |
||||
router = {config, pkgs, ...}: { |
||||
config = { |
||||
# This machines simulates a router with IPv6 forwarding and a static IPv6 address. |
||||
boot.kernel.sysctl = { |
||||
"net.ipv6.conf.all.forwarding" = true; |
||||
}; |
||||
networking.interfaces.eth1 = { |
||||
ipv6.addresses = [ { address = "fd00:dead:beef:dead::1"; prefixLength = 64; } ]; |
||||
}; |
||||
services.corerad = { |
||||
enable = true; |
||||
# Serve router advertisements to the client machine with prefix information matching |
||||
# any IPv6 /64 prefixes configured on this interface. |
||||
configFile = pkgs.writeText "corerad.toml" '' |
||||
[[interfaces]] |
||||
name = "eth1" |
||||
send_advertisements = true |
||||
[[interfaces.plugins]] |
||||
name = "prefix" |
||||
prefix = "::/64" |
||||
''; |
||||
}; |
||||
}; |
||||
}; |
||||
client = {config, pkgs, ...}: { |
||||
# Use IPv6 SLAAC from router advertisements, and install rdisc6 so we can |
||||
# trigger one immediately. |
||||
config = { |
||||
boot.kernel.sysctl = { |
||||
"net.ipv6.conf.all.autoconf" = true; |
||||
}; |
||||
environment.systemPackages = with pkgs; [ |
||||
ndisc6 |
||||
]; |
||||
}; |
||||
}; |
||||
}; |
||||
|
||||
testScript = '' |
||||
start_all() |
||||
|
||||
with subtest("Wait for CoreRAD and network ready"): |
||||
# Ensure networking is online and CoreRAD is ready. |
||||
router.wait_for_unit("network-online.target") |
||||
client.wait_for_unit("network-online.target") |
||||
router.wait_for_unit("corerad.service") |
||||
|
||||
# Ensure the client can reach the router. |
||||
client.wait_until_succeeds("ping -c 1 fd00:dead:beef:dead::1") |
||||
|
||||
with subtest("Verify SLAAC on client"): |
||||
# Trigger a router solicitation and verify a SLAAC address is assigned from |
||||
# the prefix configured on the router. |
||||
client.wait_until_succeeds("rdisc6 -1 -r 10 eth1") |
||||
client.wait_until_succeeds( |
||||
"ip -6 addr show dev eth1 | grep -q 'fd00:dead:beef:dead:'" |
||||
) |
||||
|
||||
addrs = client.succeed("ip -6 addr show dev eth1") |
||||
|
||||
assert ( |
||||
"fd00:dead:beef:dead:" in addrs |
||||
), "SLAAC prefix was not found in client addresses after router advertisement" |
||||
assert ( |
||||
"/64 scope global temporary" in addrs |
||||
), "SLAAC temporary address was not configured on client after router advertisement" |
||||
''; |
||||
}) |
||||
Loading…
Reference in new issue