depot/nixos/tests/coturn.nix
Luke Granger-Brown 57725ef3ec Squashed 'third_party/nixpkgs/' content from commit 76612b17c0ce
git-subtree-dir: third_party/nixpkgs
git-subtree-split: 76612b17c0ce71689921ca12d9ffdc9c23ce40b2
2024-11-10 23:59:47 +00:00

36 lines
1.2 KiB
Nix

import ./make-test-python.nix ({ pkgs, ... }: {
name = "coturn";
nodes = {
default = {
services.coturn.enable = true;
};
secretsfile = {
boot.postBootCommands = ''
echo "some-very-secret-string" > /run/coturn-secret
'';
services.coturn = {
enable = true;
static-auth-secret-file = "/run/coturn-secret";
};
};
};
testScript =
''
start_all()
with subtest("by default works without configuration"):
default.wait_for_unit("coturn.service")
with subtest("works with static-auth-secret-file"):
secretsfile.wait_for_unit("coturn.service")
secretsfile.wait_for_open_port(3478)
secretsfile.succeed("grep 'some-very-secret-string' /run/coturn/turnserver.cfg")
# Forbidden IP, fails:
secretsfile.fail("${pkgs.coturn}/bin/turnutils_uclient -W some-very-secret-string 127.0.0.1 -DgX -e 127.0.0.1 -n 1 -c -y")
# allowed-peer-ip, should succeed:
secretsfile.succeed("${pkgs.coturn}/bin/turnutils_uclient -W some-very-secret-string 192.168.1.2 -DgX -e 192.168.1.2 -n 1 -c -y")
default.log(default.execute("systemd-analyze security coturn.service | grep -v ''")[1])
'';
})