2022-12-20 21:33:10 +00:00
|
|
|
import ./make-test-python.nix ({ pkgs, ... }: {
|
2021-07-03 07:32:03 +00:00
|
|
|
name = "coturn";
|
|
|
|
nodes = {
|
|
|
|
default = {
|
|
|
|
services.coturn.enable = true;
|
|
|
|
};
|
|
|
|
secretsfile = {
|
|
|
|
boot.postBootCommands = ''
|
|
|
|
echo "some-very-secret-string" > /run/coturn-secret
|
|
|
|
'';
|
|
|
|
services.coturn = {
|
|
|
|
enable = true;
|
|
|
|
static-auth-secret-file = "/run/coturn-secret";
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
testScript =
|
|
|
|
''
|
|
|
|
start_all()
|
|
|
|
|
|
|
|
with subtest("by default works without configuration"):
|
|
|
|
default.wait_for_unit("coturn.service")
|
|
|
|
|
|
|
|
with subtest("works with static-auth-secret-file"):
|
|
|
|
secretsfile.wait_for_unit("coturn.service")
|
2023-06-13 20:48:29 +00:00
|
|
|
secretsfile.wait_for_open_port(3478)
|
2021-07-03 07:32:03 +00:00
|
|
|
secretsfile.succeed("grep 'some-very-secret-string' /run/coturn/turnserver.cfg")
|
2022-12-20 21:33:10 +00:00
|
|
|
# Forbidden IP, fails:
|
|
|
|
secretsfile.fail("${pkgs.coturn}/bin/turnutils_uclient -W some-very-secret-string 127.0.0.1 -DgX -e 127.0.0.1 -n 1 -c -y")
|
|
|
|
# allowed-peer-ip, should succeed:
|
|
|
|
secretsfile.succeed("${pkgs.coturn}/bin/turnutils_uclient -W some-very-secret-string 192.168.1.2 -DgX -e 192.168.1.2 -n 1 -c -y")
|
2024-10-14 01:31:09 +00:00
|
|
|
|
|
|
|
default.log(default.execute("systemd-analyze security coturn.service | grep -v '✓'")[1])
|
2021-07-03 07:32:03 +00:00
|
|
|
'';
|
|
|
|
})
|