nixos/testing: Add ipv6 configuration
This contribution enables a working IPv6 setup by default. This works analog to the current automatic IPv4 setup.
This commit is contained in:
parent
f322e8f25c
commit
c6f6c28218
@ -224,6 +224,8 @@
|
|||||||
|
|
||||||
- [`lib.options.mkPackageOptionMD`](https://nixos.org/manual/nixpkgs/unstable#function-library-lib.options.mkPackageOptionMD) is now obsolete; use the identical [`lib.options.mkPackageOption`](https://nixos.org/manual/nixpkgs/unstable#function-library-lib.options.mkPackageOption) instead.
|
- [`lib.options.mkPackageOptionMD`](https://nixos.org/manual/nixpkgs/unstable#function-library-lib.options.mkPackageOptionMD) is now obsolete; use the identical [`lib.options.mkPackageOption`](https://nixos.org/manual/nixpkgs/unstable#function-library-lib.options.mkPackageOption) instead.
|
||||||
|
|
||||||
|
- `nixosTests` now provide a working IPv6 setup for VLAN 1 by default.
|
||||||
|
|
||||||
- To facilitate dependency injection, the `imgui` package now builds a static archive using vcpkg' CMake rules.
|
- To facilitate dependency injection, the `imgui` package now builds a static archive using vcpkg' CMake rules.
|
||||||
The derivation now installs "impl" headers selectively instead of by a wildcard.
|
The derivation now installs "impl" headers selectively instead of by a wildcard.
|
||||||
Use `imgui.src` if you just want to access the unpacked sources.
|
Use `imgui.src` if you just want to access the unpacked sources.
|
||||||
|
@ -32,10 +32,19 @@ let
|
|||||||
# Automatically assign IP addresses to requested interfaces.
|
# Automatically assign IP addresses to requested interfaces.
|
||||||
assignIPs = lib.filter (i: i.assignIP) interfaces;
|
assignIPs = lib.filter (i: i.assignIP) interfaces;
|
||||||
ipInterfaces = forEach assignIPs (i:
|
ipInterfaces = forEach assignIPs (i:
|
||||||
nameValuePair i.name { ipv4.addresses =
|
nameValuePair i.name {
|
||||||
[ { address = "192.168.${toString i.vlan}.${toString config.virtualisation.test.nodeNumber}";
|
ipv4.addresses = [
|
||||||
|
{
|
||||||
|
address = "192.168.${toString i.vlan}.${toString config.virtualisation.test.nodeNumber}";
|
||||||
prefixLength = 24;
|
prefixLength = 24;
|
||||||
}];
|
}
|
||||||
|
];
|
||||||
|
ipv6.addresses = [
|
||||||
|
{
|
||||||
|
address = "2001:db8:${toString i.vlan}::${toString config.virtualisation.test.nodeNumber}";
|
||||||
|
prefixLength = 64;
|
||||||
|
}
|
||||||
|
];
|
||||||
});
|
});
|
||||||
|
|
||||||
qemuOptions = lib.flatten (forEach interfacesNumbered ({ fst, snd }:
|
qemuOptions = lib.flatten (forEach interfacesNumbered ({ fst, snd }:
|
||||||
@ -53,6 +62,9 @@ let
|
|||||||
networking.primaryIPAddress =
|
networking.primaryIPAddress =
|
||||||
optionalString (ipInterfaces != [ ]) (head (head ipInterfaces).value.ipv4.addresses).address;
|
optionalString (ipInterfaces != [ ]) (head (head ipInterfaces).value.ipv4.addresses).address;
|
||||||
|
|
||||||
|
networking.primaryIPv6Address =
|
||||||
|
optionalString (ipInterfaces != [ ]) (head (head ipInterfaces).value.ipv6.addresses).address;
|
||||||
|
|
||||||
# Put the IP addresses of all VMs in this machine's
|
# Put the IP addresses of all VMs in this machine's
|
||||||
# /etc/hosts file. If a machine has multiple
|
# /etc/hosts file. If a machine has multiple
|
||||||
# interfaces, use the IP address corresponding to
|
# interfaces, use the IP address corresponding to
|
||||||
@ -60,12 +72,16 @@ let
|
|||||||
# virtualisation.vlans option).
|
# virtualisation.vlans option).
|
||||||
networking.extraHosts = flip concatMapStrings (attrNames nodes)
|
networking.extraHosts = flip concatMapStrings (attrNames nodes)
|
||||||
(m':
|
(m':
|
||||||
let config = nodes.${m'}; in
|
let
|
||||||
|
config = nodes.${m'};
|
||||||
|
hostnames =
|
||||||
|
optionalString (config.networking.domain != null) "${config.networking.hostName}.${config.networking.domain} " +
|
||||||
|
"${config.networking.hostName}\n";
|
||||||
|
in
|
||||||
optionalString (config.networking.primaryIPAddress != "")
|
optionalString (config.networking.primaryIPAddress != "")
|
||||||
("${config.networking.primaryIPAddress} " +
|
"${config.networking.primaryIPAddress} ${hostnames}" +
|
||||||
optionalString (config.networking.domain != null)
|
optionalString (config.networking.primaryIPv6Address != "")
|
||||||
"${config.networking.hostName}.${config.networking.domain} " +
|
("${config.networking.primaryIPv6Address} ${hostnames}"));
|
||||||
"${config.networking.hostName}\n"));
|
|
||||||
|
|
||||||
virtualisation.qemu.options = qemuOptions;
|
virtualisation.qemu.options = qemuOptions;
|
||||||
boot.initrd.services.udev.rules = concatMapStrings (x: x + "\n") udevRules;
|
boot.initrd.services.udev.rules = concatMapStrings (x: x + "\n") udevRules;
|
||||||
|
@ -665,6 +665,14 @@ in
|
|||||||
description = "Primary IP address used in /etc/hosts.";
|
description = "Primary IP address used in /etc/hosts.";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
networking.primaryIPv6Address =
|
||||||
|
mkOption {
|
||||||
|
type = types.str;
|
||||||
|
default = "";
|
||||||
|
internal = true;
|
||||||
|
description = "Primary IPv6 address used in /etc/hosts.";
|
||||||
|
};
|
||||||
|
|
||||||
virtualisation.host.pkgs = mkOption {
|
virtualisation.host.pkgs = mkOption {
|
||||||
type = options.nixpkgs.pkgs.type;
|
type = options.nixpkgs.pkgs.type;
|
||||||
default = pkgs;
|
default = pkgs;
|
||||||
|
@ -36,7 +36,7 @@ import ./make-test-python.nix ( { pkgs, nftables, ... } : {
|
|||||||
};
|
};
|
||||||
|
|
||||||
testScript = { nodes, ... }: let
|
testScript = { nodes, ... }: let
|
||||||
newSystem = nodes.walled2.config.system.build.toplevel;
|
newSystem = nodes.walled2.system.build.toplevel;
|
||||||
unit = if nftables then "nftables" else "firewall";
|
unit = if nftables then "nftables" else "firewall";
|
||||||
in ''
|
in ''
|
||||||
start_all()
|
start_all()
|
||||||
|
@ -39,6 +39,8 @@ import ./make-test-python.nix ({ pkgs, lib, ...} : {
|
|||||||
{ services.httpd.enable = true;
|
{ services.httpd.enable = true;
|
||||||
services.httpd.adminAddr = "foo@example.org";
|
services.httpd.adminAddr = "foo@example.org";
|
||||||
networking.firewall.allowedTCPPorts = [ 80 ];
|
networking.firewall.allowedTCPPorts = [ 80 ];
|
||||||
|
# disable testing driver's default IPv6 address.
|
||||||
|
networking.interfaces.eth1.ipv6.addresses = lib.mkForce [ ];
|
||||||
};
|
};
|
||||||
|
|
||||||
router =
|
router =
|
||||||
|
@ -59,7 +59,7 @@ import ./make-test-python.nix (
|
|||||||
];
|
];
|
||||||
portals = [
|
portals = [
|
||||||
{
|
{
|
||||||
ip_address = "0.0.0.0";
|
ip_address = "[::]";
|
||||||
iser = false;
|
iser = false;
|
||||||
offload = false;
|
offload = false;
|
||||||
port = 3260;
|
port = 3260;
|
||||||
@ -93,7 +93,7 @@ import ./make-test-python.nix (
|
|||||||
xfsprogs
|
xfsprogs
|
||||||
];
|
];
|
||||||
|
|
||||||
system.extraDependencies = [ nodes.initiatorRootDisk.config.system.build.toplevel ];
|
system.extraDependencies = [ nodes.initiatorRootDisk.system.build.toplevel ];
|
||||||
|
|
||||||
nix.settings = {
|
nix.settings = {
|
||||||
substituters = lib.mkForce [];
|
substituters = lib.mkForce [];
|
||||||
@ -108,7 +108,7 @@ import ./make-test-python.nix (
|
|||||||
[
|
[
|
||||||
"boot.shell_on_fail"
|
"boot.shell_on_fail"
|
||||||
"console=tty1"
|
"console=tty1"
|
||||||
"ip=${config.networking.primaryIPAddress}:::255.255.255.0::ens9:none"
|
"ip=${config.networking.primaryIPAddress}:::255.255.255.0::eth1:none"
|
||||||
]
|
]
|
||||||
);
|
);
|
||||||
|
|
||||||
|
@ -165,9 +165,12 @@ in
|
|||||||
virtualisation.vlans = [ 1 ];
|
virtualisation.vlans = [ 1 ];
|
||||||
|
|
||||||
networking.interfaces.eth1.ipv6 = {
|
networking.interfaces.eth1.ipv6 = {
|
||||||
addresses = [ { address = "2001:db8::8"; prefixLength = 96; } ];
|
addresses = lib.mkForce [ { address = "2001:db8::8"; prefixLength = 96; } ];
|
||||||
routes = [ { address = "64:ff9b::"; prefixLength = 96;
|
routes = lib.mkForce [ {
|
||||||
via = "2001:db8::1"; } ];
|
address = "64:ff9b::";
|
||||||
|
prefixLength = 96;
|
||||||
|
via = "2001:db8::1";
|
||||||
|
} ];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
@ -177,9 +180,12 @@ in
|
|||||||
|
|
||||||
virtualisation.vlans = [ 1 ];
|
virtualisation.vlans = [ 1 ];
|
||||||
networking.interfaces.eth1.ipv6 = {
|
networking.interfaces.eth1.ipv6 = {
|
||||||
addresses = [ { address = "2001:db8::9"; prefixLength = 96; } ];
|
addresses = lib.mkForce [ { address = "2001:db8::9"; prefixLength = 96; } ];
|
||||||
routes = [ { address = "64:ff9b::"; prefixLength = 96;
|
routes = lib.mkForce [ {
|
||||||
via = "2001:db8::1"; } ];
|
address = "64:ff9b::";
|
||||||
|
prefixLength = 96;
|
||||||
|
via = "2001:db8::1";
|
||||||
|
} ];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -30,15 +30,22 @@ import ./make-test-python.nix {
|
|||||||
client = {};
|
client = {};
|
||||||
};
|
};
|
||||||
|
|
||||||
testScript = ''
|
testScript = { nodes, ... }:
|
||||||
start_all()
|
let
|
||||||
|
serverIP = nodes.server.networking.primaryIPAddress;
|
||||||
|
serverIPv6 = nodes.server.networking.primaryIPv6Address;
|
||||||
|
in
|
||||||
|
''
|
||||||
|
start_all()
|
||||||
|
|
||||||
server.wait_for_unit("mediatomb")
|
server.wait_for_unit("mediatomb")
|
||||||
server.wait_until_succeeds("nc -z 192.168.1.2 49152")
|
server.wait_until_succeeds("nc -z ${serverIP} 49152")
|
||||||
server.succeed("curl -v --fail http://server:49152/")
|
server.succeed("curl -v --fail http://${serverIP}:49152/")
|
||||||
|
server.succeed("curl -v --fail http://[${serverIPv6}]:49152/")
|
||||||
|
|
||||||
client.wait_for_unit("multi-user.target")
|
client.wait_for_unit("multi-user.target")
|
||||||
page = client.succeed("curl -v --fail http://server:49152/")
|
page = client.succeed("curl -v --fail http://${serverIP}:49152/")
|
||||||
assert "Gerbera" in page and "MediaTomb" not in page
|
page = client.succeed("curl -v --fail http://[${serverIPv6}]:49152/")
|
||||||
'';
|
assert "Gerbera" in page and "MediaTomb" not in page
|
||||||
|
'';
|
||||||
}
|
}
|
||||||
|
@ -31,7 +31,7 @@ import ./make-test-python.nix ({ pkgs, lib, withFirewall, nftables ? false, ...
|
|||||||
lib.mkMerge [
|
lib.mkMerge [
|
||||||
{ virtualisation.vlans = [ 1 ];
|
{ virtualisation.vlans = [ 1 ];
|
||||||
networking.defaultGateway =
|
networking.defaultGateway =
|
||||||
(pkgs.lib.head nodes.router.config.networking.interfaces.eth2.ipv4.addresses).address;
|
(pkgs.lib.head nodes.router.networking.interfaces.eth2.ipv4.addresses).address;
|
||||||
networking.nftables.enable = nftables;
|
networking.nftables.enable = nftables;
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
@ -61,8 +61,8 @@ import ./make-test-python.nix ({ pkgs, lib, withFirewall, nftables ? false, ...
|
|||||||
|
|
||||||
testScript =
|
testScript =
|
||||||
{ nodes, ... }: let
|
{ nodes, ... }: let
|
||||||
routerDummyNoNatClosure = nodes.routerDummyNoNat.config.system.build.toplevel;
|
routerDummyNoNatClosure = nodes.routerDummyNoNat.system.build.toplevel;
|
||||||
routerClosure = nodes.router.config.system.build.toplevel;
|
routerClosure = nodes.router.system.build.toplevel;
|
||||||
in ''
|
in ''
|
||||||
client.start()
|
client.start()
|
||||||
router.start()
|
router.start()
|
||||||
@ -72,13 +72,13 @@ import ./make-test-python.nix ({ pkgs, lib, withFirewall, nftables ? false, ...
|
|||||||
server.wait_for_unit("network.target")
|
server.wait_for_unit("network.target")
|
||||||
server.wait_for_unit("httpd")
|
server.wait_for_unit("httpd")
|
||||||
router.wait_for_unit("network.target")
|
router.wait_for_unit("network.target")
|
||||||
router.succeed("curl --fail http://server/ >&2")
|
router.succeed("curl -4 --fail http://server/ >&2")
|
||||||
|
|
||||||
# The client should be also able to connect via the NAT router.
|
# The client should be also able to connect via the NAT router.
|
||||||
router.wait_for_unit("${unit}")
|
router.wait_for_unit("${unit}")
|
||||||
client.wait_for_unit("network.target")
|
client.wait_for_unit("network.target")
|
||||||
client.succeed("curl --fail http://server/ >&2")
|
client.succeed("curl --fail http://server/ >&2")
|
||||||
client.succeed("ping -c 1 server >&2")
|
client.succeed("ping -4 -c 1 server >&2")
|
||||||
|
|
||||||
# Test whether passive FTP works.
|
# Test whether passive FTP works.
|
||||||
server.wait_for_unit("vsftpd")
|
server.wait_for_unit("vsftpd")
|
||||||
@ -89,15 +89,15 @@ import ./make-test-python.nix ({ pkgs, lib, withFirewall, nftables ? false, ...
|
|||||||
client.fail("curl -v -P - ftp://server/foo.txt >&2")
|
client.fail("curl -v -P - ftp://server/foo.txt >&2")
|
||||||
|
|
||||||
# Test ICMP.
|
# Test ICMP.
|
||||||
client.succeed("ping -c 1 router >&2")
|
client.succeed("ping -4 -c 1 router >&2")
|
||||||
router.succeed("ping -c 1 client >&2")
|
router.succeed("ping -4 -c 1 client >&2")
|
||||||
|
|
||||||
# If we turn off NAT, the client shouldn't be able to reach the server.
|
# If we turn off NAT, the client shouldn't be able to reach the server.
|
||||||
router.succeed(
|
router.succeed(
|
||||||
"${routerDummyNoNatClosure}/bin/switch-to-configuration test 2>&1"
|
"${routerDummyNoNatClosure}/bin/switch-to-configuration test 2>&1"
|
||||||
)
|
)
|
||||||
client.fail("curl --fail --connect-timeout 5 http://server/ >&2")
|
client.fail("curl -4 --fail --connect-timeout 5 http://server/ >&2")
|
||||||
client.fail("ping -c 1 server >&2")
|
client.fail("ping -4 -c 1 server >&2")
|
||||||
|
|
||||||
# And make sure that reloading the NAT job works.
|
# And make sure that reloading the NAT job works.
|
||||||
router.succeed(
|
router.succeed(
|
||||||
@ -109,7 +109,7 @@ import ./make-test-python.nix ({ pkgs, lib, withFirewall, nftables ? false, ...
|
|||||||
${lib.optionalString (!withFirewall && !nftables) ''
|
${lib.optionalString (!withFirewall && !nftables) ''
|
||||||
router.succeed("systemctl start nat.service")
|
router.succeed("systemctl start nat.service")
|
||||||
''}
|
''}
|
||||||
client.succeed("curl --fail http://server/ >&2")
|
client.succeed("curl -4 --fail http://server/ >&2")
|
||||||
client.succeed("ping -c 1 server >&2")
|
client.succeed("ping -4 -c 1 server >&2")
|
||||||
'';
|
'';
|
||||||
})
|
})
|
||||||
|
@ -27,7 +27,7 @@ import ./make-test-python.nix ({ lib, ... }: {
|
|||||||
|
|
||||||
with subtest("Bind subsystem to port"):
|
with subtest("Bind subsystem to port"):
|
||||||
server.wait_for_unit("network-online.target")
|
server.wait_for_unit("network-online.target")
|
||||||
server.succeed("nvmet port add 1 tcp 0.0.0.0:4420")
|
server.succeed("nvmet port add 1 tcp [::]:4420")
|
||||||
server.succeed("nvmet port add-subsystem 1 ${subsystem}")
|
server.succeed("nvmet port add-subsystem 1 ${subsystem}")
|
||||||
|
|
||||||
with subtest("Discover and connect to available subsystems"):
|
with subtest("Discover and connect to available subsystems"):
|
||||||
|
@ -16,7 +16,7 @@ import ./make-test-python.nix ({ pkgs, ... }:
|
|||||||
{ config, pkgs, ... }: {
|
{ config, pkgs, ... }: {
|
||||||
services.step-ca = {
|
services.step-ca = {
|
||||||
enable = true;
|
enable = true;
|
||||||
address = "0.0.0.0";
|
address = "[::]";
|
||||||
port = 8443;
|
port = 8443;
|
||||||
openFirewall = true;
|
openFirewall = true;
|
||||||
intermediatePasswordFile = "${test-certificates}/intermediate-password-file";
|
intermediatePasswordFile = "${test-certificates}/intermediate-password-file";
|
||||||
|
@ -133,7 +133,7 @@ let
|
|||||||
enable = true;
|
enable = true;
|
||||||
dbBackend = backend;
|
dbBackend = backend;
|
||||||
config = {
|
config = {
|
||||||
rocketAddress = "0.0.0.0";
|
rocketAddress = "::";
|
||||||
rocketPort = 8080;
|
rocketPort = 8080;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
@ -49,7 +49,7 @@ in
|
|||||||
settings = {
|
settings = {
|
||||||
server = {
|
server = {
|
||||||
interface = [ "0.0.0.0" "::" ];
|
interface = [ "0.0.0.0" "::" ];
|
||||||
access-control = [ "192.168.1.0/24 allow" ];
|
access-control = [ "192.168.0.0/24 allow" "::/0 allow" ];
|
||||||
|
|
||||||
domain-insecure = "local";
|
domain-insecure = "local";
|
||||||
private-domain = "local";
|
private-domain = "local";
|
||||||
|
Loading…
Reference in New Issue
Block a user