import ./make-test-python.nix ( { pkgs, ... }: let domain = "whatever.example.com"; password = "false;foo;exit;withspecialcharacters"; in { name = "iodine"; nodes = { server = { ... }: { networking.firewall = { allowedUDPPorts = [ 53 ]; trustedInterfaces = [ "dns0" ]; }; boot.kernel.sysctl = { "net.ipv4.ip_forward" = 1; "net.ipv6.ip_forward" = 1; }; services.iodine.server = { enable = true; ip = "10.53.53.1/24"; passwordFile = "${builtins.toFile "password" password}"; inherit domain; }; # test resource: accessible only via tunnel services.openssh = { enable = true; openFirewall = false; }; }; client = { ... }: { services.iodine.clients.testClient = { # test that ProtectHome is "read-only" passwordFile = "/root/pw"; relay = "server"; server = domain; }; systemd.tmpfiles.rules = [ "f /root/pw 0666 root root - ${password}" ]; environment.systemPackages = [ pkgs.nagiosPluginsOfficial ]; }; }; testScript = '' start_all() server.wait_for_unit("sshd") server.wait_for_unit("iodined") client.wait_for_unit("iodine-testClient") client.succeed("check_ssh -H 10.53.53.1") ''; } )