nixosTests.wstunnel: init

Co-authored-by: r-vdp <ramses@well-founded.dev>

2 files changed, 97 insertions, 0 deletions

diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix
index 746b29fd27258..bfeab82e5f1be 100644
--- a/nixos/tests/all-tests.nix
+++ b/nixos/tests/all-tests.nix
@@ -1043,6 +1043,7 @@ in {
   wordpress = handleTest ./wordpress.nix {};
   wrappers = handleTest ./wrappers.nix {};
   writefreely = handleTest ./web-apps/writefreely.nix {};
+  wstunnel = runTest ./wstunnel.nix;
   xandikos = handleTest ./xandikos.nix {};
   xautolock = handleTest ./xautolock.nix {};
   xfce = handleTest ./xfce.nix {};
diff --git a/nixos/tests/wstunnel.nix b/nixos/tests/wstunnel.nix
new file mode 100644
index 0000000000000..3bbc295568fb7
--- /dev/null
+++ b/nixos/tests/wstunnel.nix
@@ -0,0 +1,96 @@
+let
+  certs = import ./common/acme/server/snakeoil-certs.nix;
+  domain = certs.domain;
+in
+
+{
+  name = "wstunnel";
+
+  nodes = {
+    server = {
+      virtualisation.vlans = [ 1 ];
+
+      security.pki.certificateFiles = [ certs.ca.cert ];
+
+      networking = {
+        useNetworkd = true;
+        useDHCP = false;
+        firewall.enable = false;
+      };
+
+      systemd.network.networks."01-eth1" = {
+        name = "eth1";
+        networkConfig.Address = "10.0.0.1/24";
+      };
+
+      services.wstunnel = {
+        enable = true;
+        servers.my-server = {
+          listen = {
+            host = "10.0.0.1";
+            port = 443;
+          };
+          tlsCertificate = certs.${domain}.cert;
+          tlsKey = certs.${domain}.key;
+        };
+      };
+    };
+
+    client = {
+      virtualisation.vlans = [ 1 ];
+
+      security.pki.certificateFiles = [ certs.ca.cert ];
+
+      networking = {
+        useNetworkd = true;
+        useDHCP = false;
+        firewall.enable = false;
+        extraHosts = ''
+          10.0.0.1 ${domain}
+        '';
+      };
+
+      systemd.network.networks."01-eth1" = {
+        name = "eth1";
+        networkConfig.Address = "10.0.0.2/24";
+      };
+
+      services.wstunnel = {
+        enable = true;
+        clients.my-client = {
+          autoStart = false;
+          connectTo = "wss://${domain}:443";
+          localToRemote = [
+            "tcp://8080:localhost:2080"
+          ];
+          remoteToLocal = [
+            "tcp://2081:localhost:8081"
+          ];
+        };
+      };
+    };
+  };
+
+  testScript = /* python */ ''
+    start_all()
+    server.wait_for_unit("wstunnel-server-my-server.service")
+    client.wait_for_open_port(443, "10.0.0.1")
+
+    client.systemctl("start wstunnel-client-my-client.service")
+    client.wait_for_unit("wstunnel-client-my-client.service")
+
+    with subtest("connection from client to server"):
+      server.succeed("nc -l 2080 >/tmp/msg &")
+      client.sleep(1)
+      client.succeed('nc -w1 localhost 8080 <<<"Hello from client"')
+      server.succeed('grep "Hello from client" /tmp/msg')
+
+    with subtest("connection from server to client"):
+      client.succeed("nc -l 8081 >/tmp/msg &")
+      server.sleep(1)
+      server.succeed('nc -w1 localhost 2081 <<<"Hello from server"')
+      client.succeed('grep "Hello from server" /tmp/msg')
+
+    client.systemctl("stop wstunnel-client-my-client.service")
+  '';
+}