blob: 507e20fe7cc464b84c02bfa5007c9e31b2c7e9b7 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
|
import ./make-test-python.nix ({ pkgs, ... }:
let
fakeReply = pkgs.writeText "namecoin-reply.json" ''
{ "error": null,
"id": 1,
"result": {
"address": "T31q8ucJ4dI1xzhxQ5QispfECld5c7Xw",
"expired": false,
"expires_in": 2248,
"height": 438155,
"name": "d/test",
"txid": "db61c0b2540ba0c1a2c8cc92af703a37002e7566ecea4dbf8727c7191421edfb",
"value": "{\"ip\": \"1.2.3.4\", \"email\": \"root@test.bit\",\"info\": \"Fake record\"}",
"vout": 0
}
}
'';
in
{
name = "ncdns";
nodes.server = { ... }: {
networking.nameservers = [ "127.0.0.1" ];
services.namecoind.rpc = {
address = "127.0.0.1";
user = "namecoin";
password = "secret";
port = 8332;
};
# Fake namecoin RPC server because we can't
# run a full node in a test.
systemd.services.namecoind = {
wantedBy = [ "multi-user.target" ];
script = ''
while true; do
echo -e "HTTP/1.1 200 OK\n\n $(<${fakeReply})\n" \
| ${pkgs.netcat}/bin/nc -N -l 127.0.0.1 8332
done
'';
};
services.ncdns = {
enable = true;
dnssec.enable = true;
};
services.pdns-recursor = {
enable = true;
dns.allowFrom = [ "127.0.0.0/8" ];
settings.loglevel = 8;
resolveNamecoin = true;
};
environment.systemPackages = [ pkgs.dnsutils ];
};
testScript = ''
with subtest("DNSSEC keys have been generated"):
server.wait_for_unit("ncdns")
server.wait_for_file("/var/lib/ncdns/bit.key")
server.wait_for_file("/var/lib/ncdns/bit-zone.key")
with subtest("DNSKEY bit record is present"):
server.wait_for_unit("pdns-recursor")
server.wait_for_open_port("53")
server.succeed("host -t DNSKEY bit")
with subtest("can resolve a .bit name"):
server.wait_for_unit("namecoind")
server.wait_for_open_port("8332")
assert "1.2.3.4" in server.succeed("host -t A test.bit")
'';
})
|
