# This tests whether UPnP port mappings can be created using Miniupnpd
# and Miniupnpc.
# It runs a Miniupnpd service on one machine, and verifies
# a client can indeed create a port mapping using Miniupnpc. If
# this succeeds an external client will try to connect to the port
# mapping.

import ./make-test-python.nix (
  { pkgs, useNftables, ... }:

  let
    internalRouterAddress = "192.168.3.1";
    internalClient1Address = "192.168.3.2";
    externalRouterAddress = "80.100.100.1";
    externalClient2Address = "80.100.100.2";
  in
  {
    name = "upnp";
    meta = with pkgs.lib.maintainers; {
      maintainers = [ bobvanderlinden ];
    };

    nodes = {
      router =
        { pkgs, nodes, ... }:
        {
          virtualisation.vlans = [
            1
            2
          ];
          networking.nat.enable = true;
          networking.nat.internalInterfaces = [ "eth2" ];
          networking.nat.externalInterface = "eth1";
          networking.nftables.enable = useNftables;
          networking.firewall.enable = true;
          networking.firewall.trustedInterfaces = [ "eth2" ];
          networking.interfaces.eth1.ipv4.addresses = [
            {
              address = externalRouterAddress;
              prefixLength = 24;
            }
          ];
          networking.interfaces.eth2.ipv4.addresses = [
            {
              address = internalRouterAddress;
              prefixLength = 24;
            }
          ];
          services.miniupnpd = {
            enable = true;
            externalInterface = "eth1";
            internalIPs = [ "eth2" ];
            appendConfig = ''
              ext_ip=${externalRouterAddress}
            '';
          };
        };

      client1 =
        { pkgs, nodes, ... }:
        {
          environment.systemPackages = [
            pkgs.miniupnpc
            pkgs.netcat
          ];
          virtualisation.vlans = [ 2 ];
          networking.defaultGateway = internalRouterAddress;
          networking.interfaces.eth1.ipv4.addresses = [
            {
              address = internalClient1Address;
              prefixLength = 24;
            }
          ];
          networking.firewall.enable = false;

          services.httpd.enable = true;
          services.httpd.virtualHosts.localhost = {
            listen = [
              {
                ip = "*";
                port = 9000;
              }
            ];
            adminAddr = "foo@example.org";
            documentRoot = "/tmp";
          };
        };

      client2 =
        { pkgs, ... }:
        {
          environment.systemPackages = [ pkgs.miniupnpc ];
          virtualisation.vlans = [ 1 ];
          networking.interfaces.eth1.ipv4.addresses = [
            {
              address = externalClient2Address;
              prefixLength = 24;
            }
          ];
          networking.firewall.enable = false;
        };
    };

    testScript =
      { nodes, ... }:
      ''
        start_all()

        # Wait for network and miniupnpd.
        router.systemctl("start network-online.target")
        router.wait_for_unit("network-online.target")
        # $router.wait_for_unit("nat")
        router.wait_for_unit("${if useNftables then "nftables" else "firewall"}.service")
        router.wait_for_unit("miniupnpd")

        client1.systemctl("start network-online.target")
        client1.wait_for_unit("network-online.target")

        client1.succeed("upnpc -a ${internalClient1Address} 9000 9000 TCP")

        client1.wait_for_unit("httpd")
        client2.wait_until_succeeds("curl -f http://${externalRouterAddress}:9000/")
      '';

  }
)