let
certs = import ./common/acme/server/snakeoil-certs.nix;
domain = certs.domain;
in
{
name = "wstunnel";
nodes = {
server = {
virtualisation.vlans = [ 1 ];
security.pki.certificateFiles = [ certs.ca.cert ];
networking = {
useNetworkd = true;
useDHCP = false;
firewall.enable = false;
};
systemd.network.networks."01-eth1" = {
name = "eth1";
networkConfig.Address = "10.0.0.1/24";
};
services.wstunnel = {
enable = true;
servers.my-server = {
listen = {
host = "10.0.0.1";
port = 443;
};
tlsCertificate = certs.${domain}.cert;
tlsKey = certs.${domain}.key;
};
};
};
client = {
virtualisation.vlans = [ 1 ];
security.pki.certificateFiles = [ certs.ca.cert ];
networking = {
useNetworkd = true;
useDHCP = false;
firewall.enable = false;
extraHosts = ''
10.0.0.1 ${domain}
'';
};
systemd.network.networks."01-eth1" = {
name = "eth1";
networkConfig.Address = "10.0.0.2/24";
};
services.wstunnel = {
enable = true;
clients.my-client = {
autoStart = false;
connectTo = "wss://${domain}:443";
localToRemote = [
"tcp://8080:localhost:2080"
];
remoteToLocal = [
"tcp://2081:localhost:8081"
];
};
};
};
};
testScript = /* python */ ''
start_all()
server.wait_for_unit("wstunnel-server-my-server.service")
client.wait_for_open_port(443, "10.0.0.1")
client.systemctl("start wstunnel-client-my-client.service")
client.wait_for_unit("wstunnel-client-my-client.service")
with subtest("connection from client to server"):
server.succeed("nc -l 2080 >/tmp/msg &")
client.sleep(1)
client.succeed('nc -w1 localhost 8080 <<<"Hello from client"')
server.succeed('grep "Hello from client" /tmp/msg')
with subtest("connection from server to client"):
client.succeed("nc -l 8081 >/tmp/msg &")
server.sleep(1)
server.succeed('nc -w1 localhost 2081 <<<"Hello from server"')
client.succeed('grep "Hello from server" /tmp/msg')
client.systemctl("stop wstunnel-client-my-client.service")
'';
}