about summary refs log tree commit diff
path: root/nixos/tests/kea.nix
blob: b4095893b4825acc2c49d8e9fab5dca1724d358d (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
# This test verifies DHCPv4 interaction between a client and a router.
# For successful DHCP allocations a dynamic update request is sent
# towards a nameserver to allocate a name in the lan.nixos.test zone.
# We then verify whether client and router can ping each other, and
# that the nameserver can resolve the clients fqdn to the correct IP
# address.

import ./make-test-python.nix ({ pkgs, lib, ...}: {
  meta.maintainers = with lib.maintainers; [ hexa ];

  name = "kea";

  nodes = {
    router = { config, pkgs, ... }: {
      virtualisation.vlans = [ 1 ];

      networking = {
        useDHCP = false;
        firewall.allowedUDPPorts = [ 67 ];
      };

      systemd.network = {
        enable = true;
        networks = {
          "01-eth1" = {
            name = "eth1";
            networkConfig = {
              Address = "10.0.0.1/29";
            };
          };
        };
      };

      services.kea.dhcp4 = {
        enable = true;
        settings = {
          valid-lifetime = 3600;
          renew-timer = 900;
          rebind-timer = 1800;

          lease-database = {
            type = "memfile";
            persist = true;
            name = "/var/lib/kea/dhcp4.leases";
          };

          interfaces-config = {
            dhcp-socket-type = "raw";
            interfaces = [
              "eth1"
            ];
          };

          subnet4 = [ {
            subnet = "10.0.0.0/29";
            pools = [ {
              pool = "10.0.0.3 - 10.0.0.3";
            } ];
          } ];

          # Enable communication between dhcp4 and a local dhcp-ddns
          # instance.
          # https://kea.readthedocs.io/en/kea-2.2.0/arm/dhcp4-srv.html#ddns-for-dhcpv4
          dhcp-ddns = {
            enable-updates = true;
          };

          ddns-send-updates = true;
          ddns-qualifying-suffix = "lan.nixos.test.";
        };
      };

      services.kea.dhcp-ddns = {
        enable = true;
        settings = {
          forward-ddns = {
            # Configure updates of a forward zone named `lan.nixos.test`
            # hosted at the nameserver at 10.0.0.2
            # https://kea.readthedocs.io/en/kea-2.2.0/arm/ddns.html#adding-forward-dns-servers
            ddns-domains = [ {
              name = "lan.nixos.test.";
              # Use a TSIG key in production!
              key-name = "";
              dns-servers = [ {
                ip-address = "10.0.0.2";
                port = 53;
              } ];
            } ];
          };
        };
      };
    };

    nameserver = { config, pkgs, ... }: {
      virtualisation.vlans = [ 1 ];

      networking = {
        useDHCP = false;
        firewall.allowedUDPPorts = [ 53 ];
      };

      systemd.network = {
        enable = true;
        networks = {
          "01-eth1" = {
            name = "eth1";
            networkConfig = {
              Address = "10.0.0.2/29";
            };
          };
        };
      };

      services.resolved.enable = false;

      # Set up an authoritative nameserver, serving the `lan.nixos.test`
      # zone and configure an ACL that allows dynamic updates from
      # the router's ip address.
      # This ACL is likely insufficient for production usage. Please
      # use TSIG keys.
      services.knot = let
        zone = pkgs.writeTextDir "lan.nixos.test.zone" ''
          @ SOA ns.nixos.test nox.nixos.test 0 86400 7200 3600000 172800
          @ NS nameserver
          nameserver A 10.0.0.3
          router A 10.0.0.1
        '';
        zonesDir = pkgs.buildEnv {
          name = "knot-zones";
          paths = [ zone ];
        };
      in {
        enable = true;
        extraArgs = [
          "-v"
        ];
        extraConfig = ''
          server:
              listen: 0.0.0.0@53

          log:
            - target: syslog
              any: debug

          acl:
            - id: dhcp_ddns
              address: 10.0.0.1
              action: update

          template:
            - id: default
              storage: ${zonesDir}
              zonefile-sync: -1
              zonefile-load: difference-no-serial
              journal-content: all

          zone:
            - domain: lan.nixos.test
              file: lan.nixos.test.zone
              acl: [dhcp_ddns]
        '';
      };

    };

    client = { config, pkgs, ... }: {
      virtualisation.vlans = [ 1 ];
      systemd.services.systemd-networkd.environment.SYSTEMD_LOG_LEVEL = "debug";
      networking = {
        useNetworkd = true;
        useDHCP = false;
        firewall.enable = false;
        interfaces.eth1.useDHCP = true;
      };
    };
  };
  testScript = { ... }: ''
    start_all()
    router.wait_for_unit("kea-dhcp4-server.service")
    client.wait_for_unit("systemd-networkd-wait-online.service")
    client.wait_until_succeeds("ping -c 5 10.0.0.1")
    router.wait_until_succeeds("ping -c 5 10.0.0.3")
    nameserver.wait_until_succeeds("kdig +short client.lan.nixos.test @10.0.0.2 | grep -q 10.0.0.3")
  '';
})