fix(module): test both IPv4 and IPv6
This ensures both work
This commit is contained in:
parent
70162c83f6
commit
542336867a
GPG key ID:
F016B9E770737A0B
1 changed files with 102 additions and 85 deletions
|
|
@ -54,100 +54,117 @@
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
webnsupdate-machine = {
|
webnsupdate-ipv4-machine =
|
||||||
imports = [
|
{ lib, ... }:
|
||||||
bindDynamicZone
|
{
|
||||||
self.nixosModules.webnsupdate
|
imports = [
|
||||||
];
|
bindDynamicZone
|
||||||
|
self.nixosModules.webnsupdate
|
||||||
config = {
|
|
||||||
environment.systemPackages = [
|
|
||||||
pkgs.dig
|
|
||||||
pkgs.curl
|
|
||||||
];
|
];
|
||||||
|
|
||||||
services = {
|
config = {
|
||||||
bind.enable = true;
|
environment.systemPackages = [
|
||||||
|
pkgs.dig
|
||||||
|
pkgs.curl
|
||||||
|
];
|
||||||
|
|
||||||
webnsupdate = {
|
services = {
|
||||||
enable = true;
|
bind.enable = true;
|
||||||
bindIp = "127.0.0.1";
|
|
||||||
keyFile = "/etc/bind/rndc.key";
|
webnsupdate = {
|
||||||
# test:test (user:password)
|
enable = true;
|
||||||
passwordFile = pkgs.writeText "webnsupdate.pass" "FQoNmuU1BKfg8qsU96F6bK5ykp2b0SLe3ZpB3nbtfZA";
|
bindIp = lib.mkDefault "127.0.0.1";
|
||||||
package = self'.packages.webnsupdate;
|
keyFile = "/etc/bind/rndc.key";
|
||||||
extraArgs = [
|
# test:test (user:password)
|
||||||
"-vvv" # debug messages
|
passwordFile = pkgs.writeText "webnsupdate.pass" "FQoNmuU1BKfg8qsU96F6bK5ykp2b0SLe3ZpB3nbtfZA";
|
||||||
"--ip-source=ConnectInfo"
|
package = self'.packages.webnsupdate;
|
||||||
];
|
extraArgs = [
|
||||||
records = ''
|
"-vvv" # debug messages
|
||||||
test1.${testDomain}.
|
"--ip-source=ConnectInfo"
|
||||||
test2.${testDomain}.
|
];
|
||||||
test3.${testDomain}.
|
records = ''
|
||||||
'';
|
test1.${testDomain}.
|
||||||
|
test2.${testDomain}.
|
||||||
|
test3.${testDomain}.
|
||||||
|
'';
|
||||||
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
webnsupdate-ipv6-machine = {
|
||||||
|
imports = [
|
||||||
|
webnsupdate-ipv4-machine
|
||||||
|
];
|
||||||
|
|
||||||
|
config.services.webnsupdate.bindIp = "::1";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
testScript = ''
|
||||||
|
machine.start(allow_reboot=True)
|
||||||
|
machine.wait_for_unit("bind.service")
|
||||||
|
machine.wait_for_unit("webnsupdate.service")
|
||||||
|
|
||||||
|
# ensure base DNS records area available
|
||||||
|
with subtest("query base DNS records"):
|
||||||
|
machine.succeed("dig @127.0.0.1 ${testDomain} | grep ^${testDomain}")
|
||||||
|
machine.succeed("dig @127.0.0.1 ns1.${testDomain} | grep ^ns1.${testDomain}")
|
||||||
|
machine.succeed("dig @127.0.0.1 nsupdate.${testDomain} | grep ^nsupdate.${testDomain}")
|
||||||
|
|
||||||
|
# ensure webnsupdate managed records are missing
|
||||||
|
with subtest("query webnsupdate DNS records (fail)"):
|
||||||
|
machine.fail("dig @127.0.0.1 test1.${testDomain} A test1.${testDomain} AAAA | grep ^test1.${testDomain}")
|
||||||
|
machine.fail("dig @127.0.0.1 test2.${testDomain} A test2.${testDomain} AAAA | grep ^test2.${testDomain}")
|
||||||
|
machine.fail("dig @127.0.0.1 test3.${testDomain} A test3.${testDomain} AAAA | grep ^test3.${testDomain}")
|
||||||
|
|
||||||
|
with subtest("update webnsupdate DNS records (invalid auth)"):
|
||||||
|
machine.fail("curl --fail --silent -u test1:test1 -X GET http://localhost:5353/update")
|
||||||
|
machine.fail("cat /var/lib/webnsupdate/last-ip") # no last-ip set yet
|
||||||
|
|
||||||
|
# ensure webnsupdate managed records are missing
|
||||||
|
with subtest("query webnsupdate DNS records (fail)"):
|
||||||
|
machine.fail("dig @127.0.0.1 test1.${testDomain} A test1.${testDomain} AAAA | grep ^test1.${testDomain}")
|
||||||
|
machine.fail("dig @127.0.0.1 test2.${testDomain} A test2.${testDomain} AAAA | grep ^test2.${testDomain}")
|
||||||
|
machine.fail("dig @127.0.0.1 test3.${testDomain} A test3.${testDomain} AAAA | grep ^test3.${testDomain}")
|
||||||
|
|
||||||
|
with subtest("update webnsupdate DNS records (valid auth)"):
|
||||||
|
machine.succeed("curl --fail --silent -u test:test -X GET http://localhost:5353/update")
|
||||||
|
machine.succeed("cat /var/lib/webnsupdate/last-ip")
|
||||||
|
|
||||||
|
# ensure webnsupdate managed records are available
|
||||||
|
with subtest("query webnsupdate DNS records (succeed)"):
|
||||||
|
machine.succeed("dig @127.0.0.1 test1.${testDomain} A test1.${testDomain} AAAA | grep ^test1.${testDomain}")
|
||||||
|
machine.succeed("dig @127.0.0.1 test2.${testDomain} A test2.${testDomain} AAAA | grep ^test2.${testDomain}")
|
||||||
|
machine.succeed("dig @127.0.0.1 test3.${testDomain} A test3.${testDomain} AAAA | grep ^test3.${testDomain}")
|
||||||
|
|
||||||
|
machine.reboot()
|
||||||
|
machine.succeed("cat /var/lib/webnsupdate/last-ip")
|
||||||
|
machine.wait_for_unit("webnsupdate.service")
|
||||||
|
machine.succeed("cat /var/lib/webnsupdate/last-ip")
|
||||||
|
|
||||||
|
# ensure base DNS records area available after a reboot
|
||||||
|
with subtest("query base DNS records"):
|
||||||
|
machine.succeed("dig @127.0.0.1 ${testDomain} | grep ^${testDomain}")
|
||||||
|
machine.succeed("dig @127.0.0.1 ns1.${testDomain} | grep ^ns1.${testDomain}")
|
||||||
|
machine.succeed("dig @127.0.0.1 nsupdate.${testDomain} | grep ^nsupdate.${testDomain}")
|
||||||
|
|
||||||
|
# ensure webnsupdate managed records are available after a reboot
|
||||||
|
with subtest("query webnsupdate DNS records (succeed)"):
|
||||||
|
machine.succeed("dig @127.0.0.1 test1.${testDomain} A test1.${testDomain} AAAA | grep ^test1.${testDomain}")
|
||||||
|
machine.succeed("dig @127.0.0.1 test2.${testDomain} A test2.${testDomain} AAAA | grep ^test2.${testDomain}")
|
||||||
|
machine.succeed("dig @127.0.0.1 test3.${testDomain} A test3.${testDomain} AAAA | grep ^test3.${testDomain}")
|
||||||
|
'';
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
module-test = pkgs.testers.runNixOSTest {
|
module-ipv4-test = pkgs.testers.runNixOSTest {
|
||||||
name = "webnsupdate-module";
|
name = "webnsupdate-ipv4-module";
|
||||||
nodes.machine = webnsupdate-machine;
|
nodes.machine = webnsupdate-ipv4-machine;
|
||||||
testScript = ''
|
inherit testScript;
|
||||||
machine.start(allow_reboot=True)
|
};
|
||||||
machine.wait_for_unit("bind.service")
|
module-ipv6-test = pkgs.testers.runNixOSTest {
|
||||||
machine.wait_for_unit("webnsupdate.service")
|
name = "webnsupdate-ipv6-module";
|
||||||
|
nodes.machine = webnsupdate-ipv6-machine;
|
||||||
# ensure base DNS records area available
|
inherit testScript;
|
||||||
with subtest("query base DNS records"):
|
|
||||||
machine.succeed("dig @127.0.0.1 ${testDomain} | grep ^${testDomain}")
|
|
||||||
machine.succeed("dig @127.0.0.1 ns1.${testDomain} | grep ^ns1.${testDomain}")
|
|
||||||
machine.succeed("dig @127.0.0.1 nsupdate.${testDomain} | grep ^nsupdate.${testDomain}")
|
|
||||||
|
|
||||||
# ensure webnsupdate managed records are missing
|
|
||||||
with subtest("query webnsupdate DNS records (fail)"):
|
|
||||||
machine.fail("dig @127.0.0.1 test1.${testDomain} | grep ^test1.${testDomain}")
|
|
||||||
machine.fail("dig @127.0.0.1 test2.${testDomain} | grep ^test2.${testDomain}")
|
|
||||||
machine.fail("dig @127.0.0.1 test3.${testDomain} | grep ^test3.${testDomain}")
|
|
||||||
|
|
||||||
with subtest("update webnsupdate DNS records (invalid auth)"):
|
|
||||||
machine.fail("curl --fail --silent -u test1:test1 -X GET http://localhost:5353/update")
|
|
||||||
machine.fail("cat /var/lib/webnsupdate/last-ip") # no last-ip set yet
|
|
||||||
|
|
||||||
# ensure webnsupdate managed records are missing
|
|
||||||
with subtest("query webnsupdate DNS records (fail)"):
|
|
||||||
machine.fail("dig @127.0.0.1 test1.${testDomain} | grep ^test1.${testDomain}")
|
|
||||||
machine.fail("dig @127.0.0.1 test2.${testDomain} | grep ^test2.${testDomain}")
|
|
||||||
machine.fail("dig @127.0.0.1 test3.${testDomain} | grep ^test3.${testDomain}")
|
|
||||||
|
|
||||||
with subtest("update webnsupdate DNS records (valid auth)"):
|
|
||||||
machine.succeed("curl --fail --silent -u test:test -X GET http://localhost:5353/update")
|
|
||||||
machine.succeed("cat /var/lib/webnsupdate/last-ip")
|
|
||||||
|
|
||||||
# ensure webnsupdate managed records are available
|
|
||||||
with subtest("query webnsupdate DNS records (succeed)"):
|
|
||||||
machine.succeed("dig @127.0.0.1 test1.${testDomain} | grep ^test1.${testDomain}")
|
|
||||||
machine.succeed("dig @127.0.0.1 test2.${testDomain} | grep ^test2.${testDomain}")
|
|
||||||
machine.succeed("dig @127.0.0.1 test3.${testDomain} | grep ^test3.${testDomain}")
|
|
||||||
|
|
||||||
machine.reboot()
|
|
||||||
machine.succeed("cat /var/lib/webnsupdate/last-ip")
|
|
||||||
machine.wait_for_unit("webnsupdate.service")
|
|
||||||
machine.succeed("cat /var/lib/webnsupdate/last-ip")
|
|
||||||
|
|
||||||
# ensure base DNS records area available after a reboot
|
|
||||||
with subtest("query base DNS records"):
|
|
||||||
machine.succeed("dig @127.0.0.1 ${testDomain} | grep ^${testDomain}")
|
|
||||||
machine.succeed("dig @127.0.0.1 ns1.${testDomain} | grep ^ns1.${testDomain}")
|
|
||||||
machine.succeed("dig @127.0.0.1 nsupdate.${testDomain} | grep ^nsupdate.${testDomain}")
|
|
||||||
|
|
||||||
# ensure webnsupdate managed records are available after a reboot
|
|
||||||
with subtest("query webnsupdate DNS records (succeed)"):
|
|
||||||
machine.succeed("dig @127.0.0.1 test1.${testDomain} | grep ^test1.${testDomain}")
|
|
||||||
machine.succeed("dig @127.0.0.1 test2.${testDomain} | grep ^test2.${testDomain}")
|
|
||||||
machine.succeed("dig @127.0.0.1 test3.${testDomain} | grep ^test3.${testDomain}")
|
|
||||||
'';
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue