nixos/yggdrasil.nix: test 300::/7 addresses

2024-11-26 00:43:20 +00:00 · 2020-06-09 22:05:23 +05:30 · 2020-06-09 22:05:23 +05:30 · 39deb82e4b
commit 39deb82e4b
parent a8780387ba
1 changed files with 41 additions and 1 deletions
--- a/nixos/tests/yggdrasil.nix
+++ b/nixos/tests/yggdrasil.nix
@ -7,6 +7,7 @@ let
    SigningPrivateKey = "fe3add8da35316c05f6d90d3ca79bd2801e6ccab6d37e5339fef4152589398abe2c43349083bc1e998e4ec4535b4c6a8f44ca9a5a8e07336561267253b2be5f4";
  };
  bobIp6 = "201:ebbd:bde9:f138:c302:4afa:1fb6:a19a";
+  bobPrefix = "301:ebbd:bde9:f138";
  bobConfig = {
    InterfacePeers = {
      eth1 = [ "tcp://192.168.1.200:12345" ];
@ -18,6 +19,7 @@ let
    SigningPublicKey = "de111da0ec781e45bf6c63ecb45a78c24d7d4655abfaeea83b26c36eb5c0fd5b";
    SigningPrivateKey = "2a6c21550f3fca0331df50668ffab66b6dce8237bcd5728e571e8033b363e247de111da0ec781e45bf6c63ecb45a78c24d7d4655abfaeea83b26c36eb5c0fd5b";
  };
+  danIp6 = bobPrefix + "::2";

 in import ./make-test-python.nix ({ pkgs, ...} : {
  name = "yggdrasil";
@ -69,6 +71,41 @@ in import ./make-test-python.nix ({ pkgs, ...} : {
                         text = builtins.toJSON bobConfig;
                       });
        };
+
+        boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = 1;
+
+        networking = {
+          bridges.br0.interfaces = [ ];
+          interfaces.br0 = {
+            ipv6.addresses = [{
+              address = bobPrefix + "::1";
+              prefixLength = 64;
+            }];
+          };
+        };
+
+        # dan is a node inside a container running on bob's host.
+        containers.dan = {
+          autoStart = true;
+          privateNetwork = true;
+          hostBridge = "br0";
+          config = { config, pkgs, ... }: {
+            networking.interfaces.eth0.ipv6 = {
+              addresses = [{
+                address = bobPrefix + "::2";
+                prefixLength = 64;
+              }];
+              routes = [{
+                address = "200::";
+                prefixLength = 7;
+                via = bobPrefix + "::1";
+              }];
+            };
+            services.httpd.enable = true;
+            services.httpd.adminAddr = "foo@example.org";
+            networking.firewall.allowedTCPPorts = [ 80 ];
+          };
+        };
      };

    # Carol only does local peering.  Carol's yggdrasil config is all Nix.
@ -100,7 +137,7 @@ in import ./make-test-python.nix ({ pkgs, ...} : {

      bob.start()
      carol.start()
-      bob.wait_for_unit("yggdrasil.service")
+      bob.wait_for_unit("default.target")
      carol.wait_for_unit("yggdrasil.service")

      ip_addr_show = "ip -o -6 addr show dev ygg0 scope global"
@ -117,10 +154,13 @@ in import ./make-test-python.nix ({ pkgs, ...} : {

      carol.succeed("ping -c 1 ${aliceIp6}")
      carol.succeed("ping -c 1 ${bobIp6}")
+      carol.succeed("ping -c 1 ${bobPrefix}::1")
+      carol.succeed("ping -c 8 ${danIp6}")

      carol.fail("journalctl -u dhcpcd | grep ygg0")

      alice.wait_for_unit("httpd.service")
      carol.succeed("curl --fail -g http://[${aliceIp6}]")
+      carol.succeed("curl --fail -g http://[${danIp6}]")
    '';
 })