Compare commits
2 commits
70162c83f6
...
5f961ac785
| Author | SHA1 | Date | |
|---|---|---|---|
5f961ac785
|
|||
542336867a
|
3 changed files with 117 additions and 100 deletions
18
Cargo.lock
generated
18
Cargo.lock
generated
|
|
@ -78,9 +78,9 @@ dependencies = [
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "axum"
|
name = "axum"
|
||||||
version = "0.8.2"
|
version = "0.8.1"
|
||||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||||
checksum = "efea76243612a2436fb4074ba0cf3ba9ea29efdeb72645d8fc63f116462be1de"
|
checksum = "6d6fd624c75e18b3b4c6b9caf42b1afe24437daaee904069137d8bab077be8b8"
|
||||||
dependencies = [
|
dependencies = [
|
||||||
"axum-core",
|
"axum-core",
|
||||||
"bytes",
|
"bytes",
|
||||||
|
|
@ -123,12 +123,12 @@ dependencies = [
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "axum-core"
|
name = "axum-core"
|
||||||
version = "0.5.1"
|
version = "0.5.0"
|
||||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||||
checksum = "eab1b0df7cded837c40dacaa2e1c33aa17c84fc3356ae67b5645f1e83190753e"
|
checksum = "df1362f362fd16024ae199c1970ce98f9661bf5ef94b9808fee734bc3698b733"
|
||||||
dependencies = [
|
dependencies = [
|
||||||
"bytes",
|
"bytes",
|
||||||
"futures-core",
|
"futures-util",
|
||||||
"http",
|
"http",
|
||||||
"http-body",
|
"http-body",
|
||||||
"http-body-util",
|
"http-body-util",
|
||||||
|
|
@ -728,9 +728,9 @@ checksum = "719b953e2095829ee67db738b3bfa9fa368c94900df327b3f07fe6e794d2fe1f"
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "rustix"
|
name = "rustix"
|
||||||
version = "0.38.43"
|
version = "0.38.44"
|
||||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||||
checksum = "a78891ee6bf2340288408954ac787aa063d8e8817e9f53abb37c695c6d834ef6"
|
checksum = "fdb5bc1ae2baa591800df16c9ca78619bf65c0488b41b96ccec5d11220d8c154"
|
||||||
dependencies = [
|
dependencies = [
|
||||||
"bitflags",
|
"bitflags",
|
||||||
"errno",
|
"errno",
|
||||||
|
|
@ -1086,9 +1086,9 @@ dependencies = [
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "unicode-ident"
|
name = "unicode-ident"
|
||||||
version = "1.0.14"
|
version = "1.0.15"
|
||||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||||
checksum = "adb9e6ca4f869e1180728b7950e35922a7fc6397f7b641499e8f3ef06e50dc83"
|
checksum = "11cd88e12b17c6494200a9c1b683a04fcac9573ed74cd1b62aeb2727c5592243"
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "unicode-linebreak"
|
name = "unicode-linebreak"
|
||||||
|
|
|
||||||
|
|
@ -54,100 +54,117 @@
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
webnsupdate-machine = {
|
webnsupdate-ipv4-machine =
|
||||||
imports = [
|
{ lib, ... }:
|
||||||
bindDynamicZone
|
{
|
||||||
self.nixosModules.webnsupdate
|
imports = [
|
||||||
];
|
bindDynamicZone
|
||||||
|
self.nixosModules.webnsupdate
|
||||||
config = {
|
|
||||||
environment.systemPackages = [
|
|
||||||
pkgs.dig
|
|
||||||
pkgs.curl
|
|
||||||
];
|
];
|
||||||
|
|
||||||
services = {
|
config = {
|
||||||
bind.enable = true;
|
environment.systemPackages = [
|
||||||
|
pkgs.dig
|
||||||
|
pkgs.curl
|
||||||
|
];
|
||||||
|
|
||||||
webnsupdate = {
|
services = {
|
||||||
enable = true;
|
bind.enable = true;
|
||||||
bindIp = "127.0.0.1";
|
|
||||||
keyFile = "/etc/bind/rndc.key";
|
webnsupdate = {
|
||||||
# test:test (user:password)
|
enable = true;
|
||||||
passwordFile = pkgs.writeText "webnsupdate.pass" "FQoNmuU1BKfg8qsU96F6bK5ykp2b0SLe3ZpB3nbtfZA";
|
bindIp = lib.mkDefault "127.0.0.1";
|
||||||
package = self'.packages.webnsupdate;
|
keyFile = "/etc/bind/rndc.key";
|
||||||
extraArgs = [
|
# test:test (user:password)
|
||||||
"-vvv" # debug messages
|
passwordFile = pkgs.writeText "webnsupdate.pass" "FQoNmuU1BKfg8qsU96F6bK5ykp2b0SLe3ZpB3nbtfZA";
|
||||||
"--ip-source=ConnectInfo"
|
package = self'.packages.webnsupdate;
|
||||||
];
|
extraArgs = [
|
||||||
records = ''
|
"-vvv" # debug messages
|
||||||
test1.${testDomain}.
|
"--ip-source=ConnectInfo"
|
||||||
test2.${testDomain}.
|
];
|
||||||
test3.${testDomain}.
|
records = ''
|
||||||
'';
|
test1.${testDomain}.
|
||||||
|
test2.${testDomain}.
|
||||||
|
test3.${testDomain}.
|
||||||
|
'';
|
||||||
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
webnsupdate-ipv6-machine = {
|
||||||
|
imports = [
|
||||||
|
webnsupdate-ipv4-machine
|
||||||
|
];
|
||||||
|
|
||||||
|
config.services.webnsupdate.bindIp = "::1";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
testScript = ''
|
||||||
|
machine.start(allow_reboot=True)
|
||||||
|
machine.wait_for_unit("bind.service")
|
||||||
|
machine.wait_for_unit("webnsupdate.service")
|
||||||
|
|
||||||
|
# ensure base DNS records area available
|
||||||
|
with subtest("query base DNS records"):
|
||||||
|
machine.succeed("dig @127.0.0.1 ${testDomain} | grep ^${testDomain}")
|
||||||
|
machine.succeed("dig @127.0.0.1 ns1.${testDomain} | grep ^ns1.${testDomain}")
|
||||||
|
machine.succeed("dig @127.0.0.1 nsupdate.${testDomain} | grep ^nsupdate.${testDomain}")
|
||||||
|
|
||||||
|
# ensure webnsupdate managed records are missing
|
||||||
|
with subtest("query webnsupdate DNS records (fail)"):
|
||||||
|
machine.fail("dig @127.0.0.1 test1.${testDomain} A test1.${testDomain} AAAA | grep ^test1.${testDomain}")
|
||||||
|
machine.fail("dig @127.0.0.1 test2.${testDomain} A test2.${testDomain} AAAA | grep ^test2.${testDomain}")
|
||||||
|
machine.fail("dig @127.0.0.1 test3.${testDomain} A test3.${testDomain} AAAA | grep ^test3.${testDomain}")
|
||||||
|
|
||||||
|
with subtest("update webnsupdate DNS records (invalid auth)"):
|
||||||
|
machine.fail("curl --fail --silent -u test1:test1 -X GET http://localhost:5353/update")
|
||||||
|
machine.fail("cat /var/lib/webnsupdate/last-ip") # no last-ip set yet
|
||||||
|
|
||||||
|
# ensure webnsupdate managed records are missing
|
||||||
|
with subtest("query webnsupdate DNS records (fail)"):
|
||||||
|
machine.fail("dig @127.0.0.1 test1.${testDomain} A test1.${testDomain} AAAA | grep ^test1.${testDomain}")
|
||||||
|
machine.fail("dig @127.0.0.1 test2.${testDomain} A test2.${testDomain} AAAA | grep ^test2.${testDomain}")
|
||||||
|
machine.fail("dig @127.0.0.1 test3.${testDomain} A test3.${testDomain} AAAA | grep ^test3.${testDomain}")
|
||||||
|
|
||||||
|
with subtest("update webnsupdate DNS records (valid auth)"):
|
||||||
|
machine.succeed("curl --fail --silent -u test:test -X GET http://localhost:5353/update")
|
||||||
|
machine.succeed("cat /var/lib/webnsupdate/last-ip")
|
||||||
|
|
||||||
|
# ensure webnsupdate managed records are available
|
||||||
|
with subtest("query webnsupdate DNS records (succeed)"):
|
||||||
|
machine.succeed("dig @127.0.0.1 test1.${testDomain} A test1.${testDomain} AAAA | grep ^test1.${testDomain}")
|
||||||
|
machine.succeed("dig @127.0.0.1 test2.${testDomain} A test2.${testDomain} AAAA | grep ^test2.${testDomain}")
|
||||||
|
machine.succeed("dig @127.0.0.1 test3.${testDomain} A test3.${testDomain} AAAA | grep ^test3.${testDomain}")
|
||||||
|
|
||||||
|
machine.reboot()
|
||||||
|
machine.succeed("cat /var/lib/webnsupdate/last-ip")
|
||||||
|
machine.wait_for_unit("webnsupdate.service")
|
||||||
|
machine.succeed("cat /var/lib/webnsupdate/last-ip")
|
||||||
|
|
||||||
|
# ensure base DNS records area available after a reboot
|
||||||
|
with subtest("query base DNS records"):
|
||||||
|
machine.succeed("dig @127.0.0.1 ${testDomain} | grep ^${testDomain}")
|
||||||
|
machine.succeed("dig @127.0.0.1 ns1.${testDomain} | grep ^ns1.${testDomain}")
|
||||||
|
machine.succeed("dig @127.0.0.1 nsupdate.${testDomain} | grep ^nsupdate.${testDomain}")
|
||||||
|
|
||||||
|
# ensure webnsupdate managed records are available after a reboot
|
||||||
|
with subtest("query webnsupdate DNS records (succeed)"):
|
||||||
|
machine.succeed("dig @127.0.0.1 test1.${testDomain} A test1.${testDomain} AAAA | grep ^test1.${testDomain}")
|
||||||
|
machine.succeed("dig @127.0.0.1 test2.${testDomain} A test2.${testDomain} AAAA | grep ^test2.${testDomain}")
|
||||||
|
machine.succeed("dig @127.0.0.1 test3.${testDomain} A test3.${testDomain} AAAA | grep ^test3.${testDomain}")
|
||||||
|
'';
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
module-test = pkgs.testers.runNixOSTest {
|
module-ipv4-test = pkgs.testers.runNixOSTest {
|
||||||
name = "webnsupdate-module";
|
name = "webnsupdate-ipv4-module";
|
||||||
nodes.machine = webnsupdate-machine;
|
nodes.machine = webnsupdate-ipv4-machine;
|
||||||
testScript = ''
|
inherit testScript;
|
||||||
machine.start(allow_reboot=True)
|
};
|
||||||
machine.wait_for_unit("bind.service")
|
module-ipv6-test = pkgs.testers.runNixOSTest {
|
||||||
machine.wait_for_unit("webnsupdate.service")
|
name = "webnsupdate-ipv6-module";
|
||||||
|
nodes.machine = webnsupdate-ipv6-machine;
|
||||||
# ensure base DNS records area available
|
inherit testScript;
|
||||||
with subtest("query base DNS records"):
|
|
||||||
machine.succeed("dig @127.0.0.1 ${testDomain} | grep ^${testDomain}")
|
|
||||||
machine.succeed("dig @127.0.0.1 ns1.${testDomain} | grep ^ns1.${testDomain}")
|
|
||||||
machine.succeed("dig @127.0.0.1 nsupdate.${testDomain} | grep ^nsupdate.${testDomain}")
|
|
||||||
|
|
||||||
# ensure webnsupdate managed records are missing
|
|
||||||
with subtest("query webnsupdate DNS records (fail)"):
|
|
||||||
machine.fail("dig @127.0.0.1 test1.${testDomain} | grep ^test1.${testDomain}")
|
|
||||||
machine.fail("dig @127.0.0.1 test2.${testDomain} | grep ^test2.${testDomain}")
|
|
||||||
machine.fail("dig @127.0.0.1 test3.${testDomain} | grep ^test3.${testDomain}")
|
|
||||||
|
|
||||||
with subtest("update webnsupdate DNS records (invalid auth)"):
|
|
||||||
machine.fail("curl --fail --silent -u test1:test1 -X GET http://localhost:5353/update")
|
|
||||||
machine.fail("cat /var/lib/webnsupdate/last-ip") # no last-ip set yet
|
|
||||||
|
|
||||||
# ensure webnsupdate managed records are missing
|
|
||||||
with subtest("query webnsupdate DNS records (fail)"):
|
|
||||||
machine.fail("dig @127.0.0.1 test1.${testDomain} | grep ^test1.${testDomain}")
|
|
||||||
machine.fail("dig @127.0.0.1 test2.${testDomain} | grep ^test2.${testDomain}")
|
|
||||||
machine.fail("dig @127.0.0.1 test3.${testDomain} | grep ^test3.${testDomain}")
|
|
||||||
|
|
||||||
with subtest("update webnsupdate DNS records (valid auth)"):
|
|
||||||
machine.succeed("curl --fail --silent -u test:test -X GET http://localhost:5353/update")
|
|
||||||
machine.succeed("cat /var/lib/webnsupdate/last-ip")
|
|
||||||
|
|
||||||
# ensure webnsupdate managed records are available
|
|
||||||
with subtest("query webnsupdate DNS records (succeed)"):
|
|
||||||
machine.succeed("dig @127.0.0.1 test1.${testDomain} | grep ^test1.${testDomain}")
|
|
||||||
machine.succeed("dig @127.0.0.1 test2.${testDomain} | grep ^test2.${testDomain}")
|
|
||||||
machine.succeed("dig @127.0.0.1 test3.${testDomain} | grep ^test3.${testDomain}")
|
|
||||||
|
|
||||||
machine.reboot()
|
|
||||||
machine.succeed("cat /var/lib/webnsupdate/last-ip")
|
|
||||||
machine.wait_for_unit("webnsupdate.service")
|
|
||||||
machine.succeed("cat /var/lib/webnsupdate/last-ip")
|
|
||||||
|
|
||||||
# ensure base DNS records area available after a reboot
|
|
||||||
with subtest("query base DNS records"):
|
|
||||||
machine.succeed("dig @127.0.0.1 ${testDomain} | grep ^${testDomain}")
|
|
||||||
machine.succeed("dig @127.0.0.1 ns1.${testDomain} | grep ^ns1.${testDomain}")
|
|
||||||
machine.succeed("dig @127.0.0.1 nsupdate.${testDomain} | grep ^nsupdate.${testDomain}")
|
|
||||||
|
|
||||||
# ensure webnsupdate managed records are available after a reboot
|
|
||||||
with subtest("query webnsupdate DNS records (succeed)"):
|
|
||||||
machine.succeed("dig @127.0.0.1 test1.${testDomain} | grep ^test1.${testDomain}")
|
|
||||||
machine.succeed("dig @127.0.0.1 test2.${testDomain} | grep ^test2.${testDomain}")
|
|
||||||
machine.succeed("dig @127.0.0.1 test3.${testDomain} | grep ^test3.${testDomain}")
|
|
||||||
'';
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
||||||
12
flake.lock
generated
12
flake.lock
generated
|
|
@ -2,11 +2,11 @@
|
||||||
"nodes": {
|
"nodes": {
|
||||||
"crane": {
|
"crane": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1737250794,
|
"lastModified": 1737563566,
|
||||||
"narHash": "sha256-bdIPhvsAKyYQzqAIeay4kOxTHGwLGkhM+IlBIsmMYFI=",
|
"narHash": "sha256-GLJvkOG29XCynQm8XWPyykMRqIhxKcBARVu7Ydrz02M=",
|
||||||
"owner": "ipetkov",
|
"owner": "ipetkov",
|
||||||
"repo": "crane",
|
"repo": "crane",
|
||||||
"rev": "c5b7075f4a6d523fe8204618aa9754e56478c0e0",
|
"rev": "849376434956794ebc7a6b487d31aace395392ba",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
@ -37,11 +37,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs": {
|
"nixpkgs": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1737062831,
|
"lastModified": 1737469691,
|
||||||
"narHash": "sha256-Tbk1MZbtV2s5aG+iM99U8FqwxU/YNArMcWAv6clcsBc=",
|
"narHash": "sha256-nmKOgAU48S41dTPIXAq0AHZSehWUn6ZPrUKijHAMmIk=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "5df43628fdf08d642be8ba5b3625a6c70731c19c",
|
"rev": "9e4d5190a9482a1fb9d18adf0bdb83c6e506eaab",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue