parent
499e366d7b
commit
6cd975094d
@ -0,0 +1,139 @@ |
||||
import ../make-test-python.nix ({ lib, ... }: |
||||
let |
||||
snakeoil-keys = import ./snakeoil-keys.nix; |
||||
|
||||
hosts = lib.attrNames snakeoil-keys; |
||||
|
||||
subnetOf = name: config: |
||||
let |
||||
subnets = config.services.tinc.networks.myNetwork.hostSettings.${name}.subnets; |
||||
in |
||||
(builtins.head subnets).address; |
||||
|
||||
makeTincHost = name: { subnet, extraConfig ? { } }: lib.mkMerge [ |
||||
{ |
||||
subnets = [{ address = subnet; }]; |
||||
settings = { |
||||
Ed25519PublicKey = snakeoil-keys.${name}.ed25519Public; |
||||
}; |
||||
rsaPublicKey = snakeoil-keys.${name}.rsaPublic; |
||||
} |
||||
extraConfig |
||||
]; |
||||
|
||||
makeTincNode = { config, ... }: name: extraConfig: lib.mkMerge [ |
||||
{ |
||||
services.tinc.networks.myNetwork = { |
||||
inherit name; |
||||
rsaPrivateKeyFile = |
||||
builtins.toFile "rsa.priv" snakeoil-keys.${name}.rsaPrivate; |
||||
ed25519PrivateKeyFile = |
||||
builtins.toFile "ed25519.priv" snakeoil-keys.${name}.ed25519Private; |
||||
|
||||
hostSettings = lib.mapAttrs makeTincHost { |
||||
static = { |
||||
subnet = "10.0.0.11"; |
||||
# Only specify the addresses in the node's vlans, Tinc does not |
||||
# seem to try each one, unlike the documentation suggests... |
||||
extraConfig.addresses = map |
||||
(vlan: { address = "192.168.${toString vlan}.11"; port = 655; }) |
||||
config.virtualisation.vlans; |
||||
}; |
||||
dynamic1 = { subnet = "10.0.0.21"; }; |
||||
dynamic2 = { subnet = "10.0.0.22"; }; |
||||
}; |
||||
}; |
||||
|
||||
networking.useDHCP = false; |
||||
|
||||
networking.interfaces."tinc.myNetwork" = { |
||||
virtual = true; |
||||
virtualType = "tun"; |
||||
ipv4.addresses = [{ |
||||
address = subnetOf name config; |
||||
prefixLength = 24; |
||||
}]; |
||||
}; |
||||
|
||||
# Prevents race condition between NixOS service and tinc creating the |
||||
# interface. |
||||
# See: https://github.com/NixOS/nixpkgs/issues/27070 |
||||
systemd.services."tinc.myNetwork" = { |
||||
after = [ "network-addresses-tinc.myNetwork.service" ]; |
||||
requires = [ "network-addresses-tinc.myNetwork.service" ]; |
||||
}; |
||||
|
||||
networking.firewall.allowedTCPPorts = [ 655 ]; |
||||
networking.firewall.allowedUDPPorts = [ 655 ]; |
||||
} |
||||
extraConfig |
||||
]; |
||||
|
||||
in |
||||
{ |
||||
name = "tinc"; |
||||
meta.maintainers = with lib.maintainers; [ minijackson ]; |
||||
|
||||
nodes = { |
||||
|
||||
static = { ... } @ args: |
||||
makeTincNode args "static" { |
||||
virtualisation.vlans = [ 1 2 ]; |
||||
|
||||
networking.interfaces.eth1.ipv4.addresses = [{ |
||||
address = "192.168.1.11"; |
||||
prefixLength = 24; |
||||
}]; |
||||
|
||||
networking.interfaces.eth2.ipv4.addresses = [{ |
||||
address = "192.168.2.11"; |
||||
prefixLength = 24; |
||||
}]; |
||||
}; |
||||
|
||||
|
||||
dynamic1 = { ... } @ args: |
||||
makeTincNode args "dynamic1" { |
||||
virtualisation.vlans = [ 1 ]; |
||||
}; |
||||
|
||||
dynamic2 = { ... } @ args: |
||||
makeTincNode args "dynamic2" { |
||||
virtualisation.vlans = [ 2 ]; |
||||
}; |
||||
|
||||
}; |
||||
|
||||
testScript = '' |
||||
start_all() |
||||
|
||||
static.wait_for_unit("tinc.myNetwork.service") |
||||
dynamic1.wait_for_unit("tinc.myNetwork.service") |
||||
dynamic2.wait_for_unit("tinc.myNetwork.service") |
||||
|
||||
# Static is accessible by the other hosts |
||||
dynamic1.succeed("ping -c5 192.168.1.11") |
||||
dynamic2.succeed("ping -c5 192.168.2.11") |
||||
|
||||
# The other hosts are in separate vlans |
||||
dynamic1.fail("ping -c5 192.168.2.11") |
||||
dynamic2.fail("ping -c5 192.168.1.11") |
||||
|
||||
# Each host can ping themselves through Tinc |
||||
static.succeed("ping -c5 10.0.0.11") |
||||
dynamic1.succeed("ping -c5 10.0.0.21") |
||||
dynamic2.succeed("ping -c5 10.0.0.22") |
||||
|
||||
# Static is accessible by the other hosts through Tinc |
||||
dynamic1.succeed("ping -c5 10.0.0.11") |
||||
dynamic2.succeed("ping -c5 10.0.0.11") |
||||
|
||||
# Static can access the other hosts through Tinc |
||||
static.succeed("ping -c5 10.0.0.21") |
||||
static.succeed("ping -c5 10.0.0.22") |
||||
|
||||
# The other hosts in separate vlans can access each other through Tinc |
||||
dynamic1.succeed("ping -c5 10.0.0.22") |
||||
dynamic2.succeed("ping -c5 10.0.0.21") |
||||
''; |
||||
}) |
@ -0,0 +1,157 @@ |
||||
{ |
||||
static = { |
||||
ed25519Private = '' |
||||
-----BEGIN ED25519 PRIVATE KEY----- |
||||
IPR+ur5LfVdm6VlR1+FGIkbkL8Enkb9sejBa/JP6tXkg/vHoraIp70srb6jAUFm5 |
||||
3YbCJiBjLW3dy16qM5PovBoWtr5hoqYYA9dFLOys8FBUFFsIGfKhnbk7g25iwxbO |
||||
-----END ED25519 PRIVATE KEY----- |
||||
''; |
||||
|
||||
ed25519Public = "AqV7aeIqKGGQfXxijMLfRAVRBLixnS45G5OoduIc8mD"; |
||||
|
||||
rsaPrivate = '' |
||||
-----BEGIN RSA PRIVATE KEY----- |
||||
MIIEpAIBAAKCAQEAxDHl0TIhhT2yH5rT+Q7MLnj+Ir8bbs3uaPqnzcxWzN1EfVP8 |
||||
TWt5fSTrF2Dc78Kyu5ZNALrp7tUj0GZAegp1YeYJ28p3qTwCveywtCwbB4dI987S |
||||
yJwq95kE9aoyLa+cT99VwSTdb2YowQv2tWj/idxE3oJ+qZjy9tE5mysXm7jmTQDx |
||||
+U0XmNe6MHjKXc01Ener41u0ykJLeUfdgJ1zEyM2rQGtaHpIXfMT6kmxCaMcAMLg |
||||
YFpI38/1pQGQtROKdGOaUomx2m058bkMsJhTiBjESiLRDElRGxmMJ732crGJP0GR |
||||
ChJkaX/CnxHq7R0daZfwoTVHRu6N7WDbFQL5twIDAQABAoIBAQCM/fLTIHyYXRr5 |
||||
vXFhxXGUYBz56W6UdWdEiAU5TwR92vFSQ53IIVlARtyvg0ui/b8mMcAKq0hb+03u |
||||
gN0LFyL+BKvHCLxvoRGzXTorcJrIET+t3jL6OchjANNgnDvNOytQ9wWQdKaxXLAi |
||||
8y8LdXZWozXW1d6ikKjiGL+WNCSWIcq83ktSJZcohihptU9Un16FYQzdolSC8RtI |
||||
XyT7i1ye6hW/wJTJxqZ4taX3EPat85kXS234VGSqg9bb2A1yE+U8Rq37bf8AKldJ |
||||
NUQB3JyxnkYGJcqvzDmz139+744VWxDRvXDA5vU29LC6f8bGBvwEttD98QW+pgmB |
||||
1NBU1Uo5AoGBAOzUk6k74h1RarwXaftjh/9Pures0CfNNnrkJApzFCh4bAoHNxq6 |
||||
SSXqLcc/vvX2+YaZ72nn5YTo+JLQP6evM9oUaqRMAxa3nzoNCtF8U2r48UWmoUQE |
||||
aZCYbD3m7IVWFacCKRVaVTMZMTTicypSnXcbCSIEH8PRs9+L4jkHgql9AoGBANQT |
||||
TZECVhIaQnyRiKWlUE8G1QKzXIxjmfyirBe+ftlIG2XMXasAtQ4VRxpnorgqUnIH |
||||
BVrIbvRx21zlqwZbrZvyb1jHWRoyi1cqBPijpYBUm5LbV2jgHPhnfhRVqdD4CDKj |
||||
NQzIQrNymFaMWAoOQv/DE3g+Txr0fm9Ztu8ZRXZDAoGAHh3SQT0aPfwyhIS9t3gq |
||||
vS7YYa8aMVWJTgthAessbxERPB06xq1Vy/qBo8rZb9HeXV2J8n/I0iQGKDVPQvWm |
||||
tF7QSOBZrDPhjbJG4+jZesr5c5ADBfFBs1+OtDh/b11JF5nQu6RnHT5g4YbCemlT |
||||
GOhZOvgnSfGK3CyfsfzggskCgYEAmpKDK5kPUNxw70hH16v5L9Bj+zbt0qlZ+Ag8 |
||||
9IV1ATuMNJNTBitay6v4iidVM3QtaUzyuytxq5s87qW7FMRHcm2ueH+70ttaMiq/ |
||||
OtZT74g7aDuUpy0KEIemHn4dauENYJMSPIHOE+sHW7WpCZNBhBcUHsUTdSsU6GX0 |
||||
bqr1tO8CgYBpZdR2OoX/rn8nwjmtBOH38aPnCpaAfdI2Eq2Lg6DjksP6TBt53a+R |
||||
m1lk6Kt37BPPZQ85SBr7ywvDgUzfoD7uSmHujF2JUHPsdrg9nx7pNIGlW6DlS9OU |
||||
oNXGAJ/6/y6F8uDbToUfrwFq5tKMypEEa32kFtxb9f0XQ5fSgHrBEw== |
||||
-----END RSA PRIVATE KEY----- |
||||
''; |
||||
|
||||
rsaPublic = '' |
||||
-----BEGIN RSA PUBLIC KEY----- |
||||
MIIBCgKCAQEAxDHl0TIhhT2yH5rT+Q7MLnj+Ir8bbs3uaPqnzcxWzN1EfVP8TWt5 |
||||
fSTrF2Dc78Kyu5ZNALrp7tUj0GZAegp1YeYJ28p3qTwCveywtCwbB4dI987SyJwq |
||||
95kE9aoyLa+cT99VwSTdb2YowQv2tWj/idxE3oJ+qZjy9tE5mysXm7jmTQDx+U0X |
||||
mNe6MHjKXc01Ener41u0ykJLeUfdgJ1zEyM2rQGtaHpIXfMT6kmxCaMcAMLgYFpI |
||||
38/1pQGQtROKdGOaUomx2m058bkMsJhTiBjESiLRDElRGxmMJ732crGJP0GRChJk |
||||
aX/CnxHq7R0daZfwoTVHRu6N7WDbFQL5twIDAQAB |
||||
-----END RSA PUBLIC KEY----- |
||||
''; |
||||
}; |
||||
|
||||
dynamic1 = { |
||||
ed25519Private = '' |
||||
-----BEGIN ED25519 PRIVATE KEY----- |
||||
wHNC2IMXfYtL4ehdsCX154HBvlIZYEiTOnXtckWMUtEAiX9fu7peyBkp9q+yOy9c |
||||
xsNyssLL78lt0GoweCxlu3Sza2oBQAcwb+6tuv7P/bqzcG005uCwquyCz8LVymXA |
||||
-----END ED25519 PRIVATE KEY----- |
||||
''; |
||||
|
||||
ed25519Public = "t0smNaAEAH8mver77+z/m6MnBNdurAsqrswM/Sls5FA"; |
||||
|
||||
rsaPrivate = '' |
||||
-----BEGIN RSA PRIVATE KEY----- |
||||
MIIEpAIBAAKCAQEApukYNGFNWvVlmx75LyOE7MEcd/ViV+yEyk+4cIBXYJ3Ouw+/ |
||||
oEuh8ghQfsiUtbUPR6hPYhX2ZV8XGhuU2nAXVQV0sfZ8pdkbHQ6wHUqFcUIQAVvS |
||||
Wpm2DvZM8jkbCPP64/x5nukPwQ8VoNnb62rWGzbcj7rOeb7ndMK0TpX5Wwv8F297 |
||||
nKTNCEDbK3DLTj3VD+QGnw6AoEt5i44vViAWZBXuHLHWTDC0Nq8GG+9TKODkEwt5 |
||||
4dgN2X9f+WTVAYhZT3SayHLqIFIMQunN89RpWwhHSW+JIRfAfuT1TbP+wA5ptDeI |
||||
ktCkJwWyv4hK6l800BJ9GW1nbId5LPa58ipaVwIDAQABAoIBAHcw3WgKVAMwWm57 |
||||
n9ZZtwKapInFYYUIEYungj5UaBFGn+pVRLJjUDJWXaUr94YK1e6F8qpIpLufPBAY |
||||
wiN7CC5exwaOzlRgxUvqwTkpjkFiu6s8tuqb+baVjD0tKnEqSW+lS/R+2hEzhG5p |
||||
JPLoSB0HAFpjPC8UdJSctcWos3if3mvOGkGCKyTkrwaJgECDfD+lZ+NBIAiYLSps |
||||
jWLE+XlY1+nfPdLUQ+TRSv3IikJ/CWbvJLl9EE1tKhkY564KytwZrkIdJlc7NyRO |
||||
HpzhyMzHu1GLsr+OsBZByNNUxEPU+bzkDQluRXUSIUs9zZoBiCQr3o04qGPTEX9n |
||||
pNU60gECgYEA3Uf+c80eqzjDxv+O0YzC+9x6A+yMrV56siGkKRPMlrSqjX7iE2Yg |
||||
tUjD25kEvtaFuB3f/7zp3h4O/VLZgXreRtXHvdrfoyyJGHvHIyCGm8sw8CEWsKo4 |
||||
1LgZUzdPJRkXJq1zOgS0r1xsA1UDC4s02Ww2HwNeVWtmLUyCpA+B/ccCgYEAwRk9 |
||||
tbe82eq1a85zZiPVXP2qvDH5+Vz9YiMky8xsBnoxmz2siR+NdvWBLcE2VDIY8MK1 |
||||
9a1dz2a7cAHQBrtWtACFVY4zvr69DumApjbQRClDYpJ42tp2VbzlMcUDIoKudRQV |
||||
CObhrE4w4yfVizXFyH9+4Tsg5NzVYuGg9fUJ/vECgYEAoRz7KouNqfMhsLF/5hkM |
||||
Gt9zw4mm/9ALm8kcwn/U9WHD0FQy/Rbd98BsQmaOavi80cqGvqhoyz2tgkqhbUHt |
||||
tzuOPDCxphgWFcqBupTDDYoLLruYzraRvGfyoIFj0coL7jBZ9kNY31l2l5J9LhmE |
||||
OE4utbP5Kk6RTagocpWL+x8CgYB48CwcIcWf3kZeDOFtuUeqhB1o3Qwox7rSuhwT |
||||
oCaQL/vdtNTY1PAu7zhGxdoXBYFlWS3JfxlgCoGedyQo8zAscJ8RpIx4DNIwAsLW |
||||
V0I9TnKry/zxZR30OOh7MV7zQFGvdjJubtwspJQt0QcHt1f2aRO4UOYbMMxcr9+1 |
||||
7BCkoQKBgQDBEtg1hx9zYGg1WN2TBSvh6NShi9S23r6IZ3Up8vz6Z2rcwB3UuhKi |
||||
xluI2ZFwM9s+7UOpaGC+hnc1aMHDEguYOPXoIzvebbYAdN4AkrsJ5d0r1GoEe64E |
||||
UXxrfuv5LeJ/vkUgWof+U3/jGOVvrjzi5y1xOC0r3kiSpMa85s1dhQ== |
||||
-----END RSA PRIVATE KEY----- |
||||
''; |
||||
|
||||
rsaPublic = '' |
||||
-----BEGIN RSA PUBLIC KEY----- |
||||
MIIBCgKCAQEApukYNGFNWvVlmx75LyOE7MEcd/ViV+yEyk+4cIBXYJ3Ouw+/oEuh |
||||
8ghQfsiUtbUPR6hPYhX2ZV8XGhuU2nAXVQV0sfZ8pdkbHQ6wHUqFcUIQAVvSWpm2 |
||||
DvZM8jkbCPP64/x5nukPwQ8VoNnb62rWGzbcj7rOeb7ndMK0TpX5Wwv8F297nKTN |
||||
CEDbK3DLTj3VD+QGnw6AoEt5i44vViAWZBXuHLHWTDC0Nq8GG+9TKODkEwt54dgN |
||||
2X9f+WTVAYhZT3SayHLqIFIMQunN89RpWwhHSW+JIRfAfuT1TbP+wA5ptDeIktCk |
||||
JwWyv4hK6l800BJ9GW1nbId5LPa58ipaVwIDAQAB |
||||
-----END RSA PUBLIC KEY----- |
||||
''; |
||||
}; |
||||
|
||||
dynamic2 = { |
||||
ed25519Private = '' |
||||
-----BEGIN ED25519 PRIVATE KEY----- |
||||
oUx9JdIstZLMj3ZPD8mP3ITsUscCTIXhNF3VKFUVi/ma5uk50/1vrEohfDraiMxj |
||||
gAWthpkhnFzUbp+YlOHE7/Z3h1a/br2/tk8DoZ5PV6ufoV1MaBlGdu+TZgeZou0t |
||||
-----END ED25519 PRIVATE KEY----- |
||||
''; |
||||
|
||||
ed25519Public = "f2dYt2/2q9fLJ/AaW+Tlu7HaVNjWQpRnr/UGoXGqLdL"; |
||||
|
||||
rsaPrivate = '' |
||||
-----BEGIN RSA PRIVATE KEY----- |
||||
MIIEpAIBAAKCAQEAtQfijPX3BwOAs2Y0EuNjcBmsI90uYqNAonrFgTtcVwERIVE6 |
||||
p6alSEakazhByujBg3jI8oPKC8eO0IJ7x/BWcgxqaw8hsPfJZFnRlwEcU5kK4c+j |
||||
UNS+hJOXp0x97T1edLpSFHDK9bZ2necblHKG5MsI4UsxEa+CZ0yoIybwWCDmYuya |
||||
PvE7CeNNa+CIOUbtPVoN4p/aBj0vZeerNBBuodNkglKRxj4l9wD9uOx4S9sdK5lu |
||||
q/rkxlViBoXRAshT+G2d/u/7/WPoiKB3QJcF33z8UfrlsTRnDDqOMSGisTPSv2LK |
||||
4QLN4hWOGXAYQqZcxTkvvjl62mCDuoy0TM+CKQIDAQABAoIBAFKpMAxXf52nPswr |
||||
/dkmFVCpmE2kADsv+iJ21tpkpYxgw1aoRZUp5cyz3P3MaVZio4IJ1A/Ql6B7Vb3l |
||||
5ulr170p6CnMdgDdlAsLbEV8T1foyOxFKHiPPBNDZXsR1WpPnGLGdRY6TqKV12HQ |
||||
lmpZRTkRcJOXBufhcTUD7r5mWFaUoZ7so6VxR4L4Tzcgv1Rl4S6jgnHOQdO6lj47 |
||||
BaPjpBb+hplJ4wsRm91dQ7JApYq25XZwyxnBwQ2zAwb46wsuFxDPHlSc4wU7qTt6 |
||||
x2omm33Xy2cm8L1XQhrassZzldSnAyaLBh9DC3+vFPLODDxdz5M2kpHujYYctRhv |
||||
CICMYJUCgYEA7mWVYuw0S8FNjaLx6n9Q1hr9d9vAFDd3NEaegH586xvhYNxf6n+C |
||||
2zZloVLEsX0UnBU/6ZtLAUfxUIqlvDS2r1VjSYG5SNxM6/vyGl17Niu1jC8nzf7M |
||||
V1WtDCHhT4ikZCuNkAldtgI7CXVdCVO/fTqVhjk4hDblJo7VsCZSZysCgYEAwmXp |
||||
TwlDHapDqA8UxClZuxS8k+2hthny3ihRPCuT34yqAz074zYG97ZBKwIa4Lm1vnkc |
||||
mwU7yR2aK7IYeU4ScfWm1mLjkW5iaNV/sG7iTz/RP4mBAs3KSGmuhhz8sFWcXByU |
||||
IZyvMJvC+FpgJQJn/Xc8ZmdImvXlZd6k8v4/kfsCgYEA6VzFPB2OH63slb4w42SX |
||||
o86t2dtiDigxZxnN5GhtLdSP7borpigF10JLf/y+kCOpvhRLCQk8Bdf/z+C41iAf |
||||
yEhktbrnvfvwzHxHhSmHCAMHZ19trodCTiePCrZLkQhoK6o6nAmfEyDh26NoXE3/ |
||||
v71OSyLOQRZfgDwHz7PjrBsCgYAe0zojpjxWP+FqjLmmQUhROgCNFGlIDuVMBOic |
||||
uexAznVG/ja42KBSNzwuLa9FYy1Gfr3idvn78g24UA1BbvfNyj4iUJv1O6OvK+uL |
||||
dom8N0pe4NbsMuWYhel+qqoG7AxXLtDuY4IEGy7XYr1MIQ2MS5PwSQBiUguGE7/k |
||||
KBy8cQKBgQCyC9R8VWJxQLqJxZGa9Ful01bSuntB5OLRfEjFCCuGiY/3Vj+mCiQL |
||||
GOfMOi2jrcnSNgUm0uevmiFCq9m7QiPiAcSYKXPWhsz/55jJIGcZy8bwyhZ2s2Mg |
||||
BGeZgj4RFORidqkt5g/KJz0+Wp6Ks4sLoCvOzkpeXvLzFVyzGkihrw== |
||||
-----END RSA PRIVATE KEY----- |
||||
''; |
||||
|
||||
rsaPublic = '' |
||||
-----BEGIN RSA PUBLIC KEY----- |
||||
MIIBCgKCAQEAtQfijPX3BwOAs2Y0EuNjcBmsI90uYqNAonrFgTtcVwERIVE6p6al |
||||
SEakazhByujBg3jI8oPKC8eO0IJ7x/BWcgxqaw8hsPfJZFnRlwEcU5kK4c+jUNS+ |
||||
hJOXp0x97T1edLpSFHDK9bZ2necblHKG5MsI4UsxEa+CZ0yoIybwWCDmYuyaPvE7 |
||||
CeNNa+CIOUbtPVoN4p/aBj0vZeerNBBuodNkglKRxj4l9wD9uOx4S9sdK5luq/rk |
||||
xlViBoXRAshT+G2d/u/7/WPoiKB3QJcF33z8UfrlsTRnDDqOMSGisTPSv2LK4QLN |
||||
4hWOGXAYQqZcxTkvvjl62mCDuoy0TM+CKQIDAQAB |
||||
-----END RSA PUBLIC KEY----- |
||||
''; |
||||
}; |
||||
} |
Loading…
Reference in new issue