{ lib, pkgs, ... }:
{
name = "3proxy";
meta.maintainers = with lib.maintainers; [ misuzu ];
nodes = {
peer0 =
{ lib, ... }:
networking.useDHCP = false;
networking.interfaces.eth1 = {
ipv4.addresses = [
address = "192.168.0.1";
prefixLength = 24;
}
address = "216.58.211.111";
];
};
peer1 =
address = "192.168.0.2";
address = "216.58.211.112";
# test that binding to [::] is working when ipv6 is disabled
networking.enableIPv6 = false;
services._3proxy = {
enable = true;
services = [
type = "admin";
bindPort = 9999;
auth = [ "none" ];
type = "proxy";
bindPort = 3128;
networking.firewall.allowedTCPPorts = [
3128
9999
peer2 =
address = "192.168.0.3";
address = "216.58.211.113";
auth = [ "iponly" ];
acl = [
rule = "allow";
peer3 =
address = "192.168.0.4";
address = "216.58.211.114";
usersFile = pkgs.writeText "3proxy.passwd" ''
admin:CR:$1$.GUV4Wvk$WnEVQtaqutD9.beO5ar1W/
'';
auth = [ "strong" ];
testScript = ''
start_all()
peer0.systemctl("start network-online.target")
peer0.wait_for_unit("network-online.target")
peer1.wait_for_unit("3proxy.service")
peer1.wait_for_open_port(9999)
# test none auth
peer0.succeed(
"${pkgs.wget}/bin/wget -e use_proxy=yes -e http_proxy=http://192.168.0.2:3128 -S -O /dev/null http://216.58.211.112:9999"
)
"${pkgs.wget}/bin/wget -e use_proxy=yes -e http_proxy=http://192.168.0.2:3128 -S -O /dev/null http://192.168.0.2:9999"
"${pkgs.wget}/bin/wget -e use_proxy=yes -e http_proxy=http://192.168.0.2:3128 -S -O /dev/null http://127.0.0.1:9999"
peer2.wait_for_unit("3proxy.service")
peer2.wait_for_open_port(9999)
# test iponly auth
"${pkgs.wget}/bin/wget -e use_proxy=yes -e http_proxy=http://192.168.0.3:3128 -S -O /dev/null http://216.58.211.113:9999"
peer0.fail(
"${pkgs.wget}/bin/wget -e use_proxy=yes -e http_proxy=http://192.168.0.3:3128 -S -O /dev/null http://192.168.0.3:9999"
"${pkgs.wget}/bin/wget -e use_proxy=yes -e http_proxy=http://192.168.0.3:3128 -S -O /dev/null http://127.0.0.1:9999"
peer3.wait_for_unit("3proxy.service")
peer3.wait_for_open_port(9999)
# test strong auth
"${pkgs.wget}/bin/wget -e use_proxy=yes -e http_proxy=http://admin:bigsecret\@192.168.0.4:3128 -S -O /dev/null http://216.58.211.114:9999"
"${pkgs.wget}/bin/wget -e use_proxy=yes -e http_proxy=http://admin:bigsecret\@192.168.0.4:3128 -S -O /dev/null http://192.168.0.4:9999"
"${pkgs.wget}/bin/wget -e use_proxy=yes -e http_proxy=http://192.168.0.4:3128 -S -O /dev/null http://216.58.211.114:9999"
"${pkgs.wget}/bin/wget -e use_proxy=yes -e http_proxy=http://192.168.0.4:3128 -S -O /dev/null http://192.168.0.4:9999"
"${pkgs.wget}/bin/wget -e use_proxy=yes -e http_proxy=http://192.168.0.4:3128 -S -O /dev/null http://127.0.0.1:9999"