From f7ff17bdefb2d977e468b48debabcbcc00d05aa8 Mon Sep 17 00:00:00 2001
From: Nikolay Petrov <sungon@gmail.com>
Date: Sat, 15 Feb 2025 17:04:59 -0500
Subject: [PATCH 1/2] add tests for nixos

---
 flake.nix | 81 ++++++++++++++++++++++++++++++++++++++++++++++++++++++-
 server.go |  8 +++++-
 2 files changed, 87 insertions(+), 2 deletions(-)

diff --git a/flake.nix b/flake.nix
index b6e7199..52bfcbd 100644
--- a/flake.nix
+++ b/flake.nix
@@ -6,7 +6,7 @@
     flake-utils.url = "github:numtide/flake-utils";
   };
 
-  outputs = { nixpkgs, flake-utils, ... }:
+  outputs = { self, nixpkgs, flake-utils, ... }:
     {
       nixosModules.default = ./nix/client-module.nix;
       nixosModules.server = ./nix/server-module.nix;
@@ -17,6 +17,10 @@
         pkgs = import nixpkgs {
           inherit system;
         };
+        testCerts = pkgs.runCommand "test-certs" { } ''
+          mkdir $out && cd $out
+          ${pkgs.minica}/bin/minica -ip-addresses 192.168.1.3
+        '';
       in
       {
         formatter = pkgs.nixpkgs-fmt;
@@ -49,5 +53,80 @@
             '')
           ];
         };
+        checks = {
+          moduleTest = pkgs.testers.runNixOSTest {
+            name = "moduleTest";
+            nodes.server = {
+              imports = [ self.nixosModules.server ];
+              environment.etc."server.cert" = {
+                source = "${testCerts}/192.168.1.3/cert.pem";
+              };
+              environment.etc."server.key" = {
+                source = "${testCerts}/192.168.1.3/key.pem";
+              };
+              environment.etc."tokens" = {
+                text = "abcba";
+              };
+              services.connet-server = {
+                enable = true;
+                openFirewall = true;
+                settings.server = {
+                  cert-file = "/etc/server.cert";
+                  key-file = "/etc/server.key";
+                  tokens-file = "/etc/tokens";
+                };
+              };
+            };
+            nodes.clientDst = {
+              imports = [ self.nixosModules.default ];
+              environment.etc."server.cert" = {
+                source = "${testCerts}/192.168.1.3/cert.pem";
+              };
+              environment.etc."tokens" = {
+                text = "abcba";
+              };
+              services.connet-client = {
+                enable = true;
+                openFirewall = true;
+                settings.client = {
+                  token-file = "/etc/tokens";
+                  server-addr = "192.168.1.3:19190";
+                  server-cas = "/etc/server.cert";
+                  destinations.abc = {
+                    addr = ":3000";
+                  };
+                };
+              };
+            };
+            nodes.clientSrc = {
+              imports = [ self.nixosModules.default ];
+              environment.etc."server.cert" = {
+                source = "${testCerts}/192.168.1.3/cert.pem";
+              };
+              environment.etc."tokens" = {
+                text = "abcba";
+              };
+              services.connet-client = {
+                enable = true;
+                openFirewall = true;
+                settings.client = {
+                  token-file = "/etc/tokens";
+                  server-addr = "192.168.1.3:19190";
+                  server-cas = "/etc/server.cert";
+                  sources.abc = {
+                    addr = ":3000";
+                  };
+                };
+              };
+            };
+
+            testScript = ''
+              start_all()
+              server.wait_for_unit("connet-server.service")
+              clientDst.wait_for_unit("connet-client.service")
+              clientSrc.wait_for_unit("connet-client.service")
+            '';
+          };
+        };
       });
 }
diff --git a/server.go b/server.go
index 5e195d5..063f63f 100644
--- a/server.go
+++ b/server.go
@@ -83,6 +83,12 @@ func NewServer(opts ...ServerOption) (*Server, error) {
 		return nil, err
 	}
 
+	controlHost := "localhost"
+	if len(cfg.cert.Leaf.IPAddresses) > 0 {
+		controlHost = cfg.cert.Leaf.IPAddresses[0].String()
+	} else if len(cfg.cert.Leaf.DNSNames) > 0 {
+		controlHost = cfg.cert.Leaf.DNSNames[0]
+	}
 	controlCAs := x509.NewCertPool()
 	controlCAs.AddCert(cfg.cert.Leaf)
 	relay, err := relay.NewServer(relay.Config{
@@ -92,7 +98,7 @@ func NewServer(opts ...ServerOption) (*Server, error) {
 		Stores:   relay.NewFileStores(filepath.Join(cfg.dir, "relay")),
 
 		ControlAddr:  relaysAddr,
-		ControlHost:  "localhost",
+		ControlHost:  controlHost,
 		ControlToken: relayAuth.Token,
 		ControlCAs:   controlCAs,
 	})

From 0b1519e920aac6fbdbce32e913c634e4181efc6c Mon Sep 17 00:00:00 2001
From: Nikolay Petrov <sungon@gmail.com>
Date: Sat, 15 Feb 2025 17:30:06 -0500
Subject: [PATCH 2/2] run nix flake check

---
 .github/workflows/ci.yml | 2 ++
 Makefile                 | 6 ++++++
 2 files changed, 8 insertions(+)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index a600406..7b62239 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -55,3 +55,5 @@ jobs:
         run: nix build .
       - name: Build docker
         run: nix build .#docker
+      - name: Flake check
+        run: nix flake check
diff --git a/Makefile b/Makefile
index 04b9e76..07e739d 100644
--- a/Makefile
+++ b/Makefile
@@ -16,6 +16,12 @@ lint:
 test-always:
 	go test -v -cover -timeout 10s -count 1 ./...
 
+test-nix:
+	nix build .#checks.x86_64-linux.moduleTest
+
+test-nix-interactive:
+	nix run .#checks.x86_64-linux.moduleTest.driverInteractive
+
 .PHONY: gen
 gen:
 	fd --extension ".pb.go" . --exec-batch rm {}