test: add comprehensive VPN confinement test with DNS leak detection

Add a new test that validates VPN namespace isolation for Nixarr services. The test uses a 3-VM topology to ensure that transmission traffic is properly confined to the VPN tunnel and includes: - IPv4 and IPv6 traffic routing verification - DNS leak detection using tcpdump and static DNS entries - Traffic leak prevention when VPN fails - Port forwarding from external clients - Service recovery after VPN reconnection 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-06-22 16:06:46 +02:00
parent 26afa5c7af
commit 05dba0ff71
2 changed files with 770 additions and 0 deletions
@@ -39,6 +39,9 @@
      permissions-test = pkgs.callPackage ./tests/permissions-test.nix {
        inherit (self) nixosModules;
      };
+      vpn-confinement-test = pkgs.callPackage ./tests/vpn-confinement-test.nix {
+        inherit (self) nixosModules;
+      };
    });

    devShells = forAllSystems ({pkgs}: {