fujin/nixarr
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fmt

Browse Source
This commit is contained in:
rasmus-kirk
2025-10-23 14:31:53 +02:00
parent bc738eac02
commit e74e0d83ee
2 changed files with 34 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files
flake.nix
+4 -1
View File
@@ -29,7 +29,10 @@
forAllSystems = f: forAllSystems = f:
nixpkgs.lib.genAttrs supportedSystems (system: nixpkgs.lib.genAttrs supportedSystems (system:
f { f {
pkgs = import nixpkgs { inherit system; config.allowUnfree = true; }; pkgs = import nixpkgs {
inherit system;
config.allowUnfree = true;
};
}); });
in { in {
nixosModules.default.imports = [./nixarr vpnconfinement.nixosModules.default]; nixosModules.default.imports = [./nixarr vpnconfinement.nixosModules.default];
tests/vpn-confinement-test.nix
+30 -30
View File
@@ -1,38 +1,38 @@
/* /*
VPN Confinement Integration Test VPN Confinement Integration Test
This test validates that Nixarr services are properly confined to a VPN namespace This test validates that Nixarr services are properly confined to a VPN namespace
and cannot leak traffic when the VPN connection fails. It uses a 3-VM topology and cannot leak traffic when the VPN connection fails. It uses a 3-VM topology
to simulate real-world network conditions. to simulate real-world network conditions.
Network Topology: Network Topology:
VLAN 2 VLAN 1 VLAN 2 VLAN 1
internetClient gateway nixarrHost internetClient gateway nixarrHost
10.0.1.2 10.0.1.1 192.168.1.2 10.0.1.2 10.0.1.1 192.168.1.2
fd00:2::2 192.168.1.1 fd00:1::2 fd00:2::2 192.168.1.1 fd00:1::2
fd00:2::1 fd00:2::1
fd00:1::1 fd00:1::1
WireGuard tunnel WireGuard tunnel
10.100.0.1 10.100.0.1
fd00:100::1 VPN namespace fd00:100::1 VPN namespace
(10.100.0.2, fd00:100::2) (10.100.0.2, fd00:100::2)
Test Coverage: Test Coverage:
- VPN namespace isolation (transmission confined to wg namespace) - VPN namespace isolation (transmission confined to wg namespace)
- IPv4 and IPv6 traffic routing through VPN tunnel - IPv4 and IPv6 traffic routing through VPN tunnel
- Traffic leak prevention when VPN is down - Traffic leak prevention when VPN is down
- Port forwarding from external clients through gateway to VPN services - Port forwarding from external clients through gateway to VPN services
- DNS configuration in VPN namespace - DNS configuration in VPN namespace
- Service recovery after VPN reconnection - Service recovery after VPN reconnection
The test ensures that: The test ensures that:
1. All transmission traffic goes through the VPN tunnel 1. All transmission traffic goes through the VPN tunnel
2. Source IP is preserved (shows VPN client IP: 10.100.0.2/fd00:100::2) 2. Source IP is preserved (shows VPN client IP: 10.100.0.2/fd00:100::2)
3. No traffic leaks to host network when VPN fails 3. No traffic leaks to host network when VPN fails
4. External port forwarding works correctly 4. External port forwarding works correctly
5. Both IPv4 and IPv6 work identically through the tunnel 5. Both IPv4 and IPv6 work identically through the tunnel
*/ */
{ {
pkgs, pkgs,