connet-dev · ingon · Feb 15, 2025 · Feb 15, 2025 · Feb 15, 2025
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -13,7 +13,7 @@
        with:
          nix_path: nixpkgs=channel:nixos-unstable
          github_access_token: ${{ secrets.GITHUB_TOKEN }}
      - uses: DeterminateSystems/magic-nix-cache-action@main
      - name: Build connet
        run: nix develop --command make build

@@ -27,7 +27,7 @@
        with:
          nix_path: nixpkgs=channel:nixos-unstable
          github_access_token: ${{ secrets.GITHUB_TOKEN }}
      - uses: DeterminateSystems/magic-nix-cache-action@main
      - name: Run tests
        run: nix develop --command make test
      - name: Run lint
@@ -49,9 +49,11 @@
        with:
          nix_path: nixpkgs=channel:nixos-unstable
          github_access_token: ${{ secrets.GITHUB_TOKEN }}
      - uses: DeterminateSystems/magic-nix-cache-action@main
      - uses: DeterminateSystems/flake-checker-action@main
      - name: Build default
         run: nix build .
       - name: Build docker
         run: nix build .#docker
+      - name: Flake check
+        run: nix flake check
diff --git a/Makefile b/Makefile
@@ -16,6 +16,12 @@ lint:
 test-always:
 	go test -v -cover -timeout 10s -count 1 ./...
 
+test-nix:
+	nix build .#checks.x86_64-linux.moduleTest
+
+test-nix-interactive:
+	nix run .#checks.x86_64-linux.moduleTest.driverInteractive
+
 .PHONY: gen
 gen:
 	fd --extension ".pb.go" . --exec-batch rm {}

diff --git a/flake.nix b/flake.nix
@@ -6,7 +6,7 @@
     flake-utils.url = "github:numtide/flake-utils";
   };
 
-  outputs = { nixpkgs, flake-utils, ... }:
+  outputs = { self, nixpkgs, flake-utils, ... }:
     {
       nixosModules.default = ./nix/client-module.nix;
       nixosModules.server = ./nix/server-module.nix;
@@ -17,6 +17,10 @@
         pkgs = import nixpkgs {
           inherit system;
         };
+        testCerts = pkgs.runCommand "test-certs" { } ''
+          mkdir $out && cd $out
+          ${pkgs.minica}/bin/minica -ip-addresses 192.168.1.3
+        '';
       in
       {
         formatter = pkgs.nixpkgs-fmt;
@@ -49,5 +53,80 @@
             '')
           ];
         };
+        checks = {
+          moduleTest = pkgs.testers.runNixOSTest {
+            name = "moduleTest";
+            nodes.server = {
+              imports = [ self.nixosModules.server ];
+              environment.etc."server.cert" = {
+                source = "${testCerts}/192.168.1.3/cert.pem";
+              };
+              environment.etc."server.key" = {
+                source = "${testCerts}/192.168.1.3/key.pem";
+              };
+              environment.etc."tokens" = {
+                text = "abcba";
+              };
+              services.connet-server = {
+                enable = true;
+                openFirewall = true;
+                settings.server = {
+                  cert-file = "/etc/server.cert";
+                  key-file = "/etc/server.key";
+                  tokens-file = "/etc/tokens";
+                };
+              };
+            };
+            nodes.clientDst = {
+              imports = [ self.nixosModules.default ];
+              environment.etc."server.cert" = {
+                source = "${testCerts}/192.168.1.3/cert.pem";
+              };
+              environment.etc."tokens" = {
+                text = "abcba";
+              };
+              services.connet-client = {
+                enable = true;
+                openFirewall = true;
+                settings.client = {
+                  token-file = "/etc/tokens";
+                  server-addr = "192.168.1.3:19190";
+                  server-cas = "/etc/server.cert";
+                  destinations.abc = {
+                    addr = ":3000";
+                  };
+                };
+              };
+            };
+            nodes.clientSrc = {
+              imports = [ self.nixosModules.default ];
+              environment.etc."server.cert" = {
+                source = "${testCerts}/192.168.1.3/cert.pem";
+              };
+              environment.etc."tokens" = {
+                text = "abcba";
+              };
+              services.connet-client = {
+                enable = true;
+                openFirewall = true;
+                settings.client = {
+                  token-file = "/etc/tokens";
+                  server-addr = "192.168.1.3:19190";
+                  server-cas = "/etc/server.cert";
+                  sources.abc = {
+                    addr = ":3000";
+                  };
+                };
+              };
+            };
+
+            testScript = ''
+              start_all()
+              server.wait_for_unit("connet-server.service")
+              clientDst.wait_for_unit("connet-client.service")
+              clientSrc.wait_for_unit("connet-client.service")
+            '';
+          };
+        };
       });
 }
diff --git a/server.go b/server.go
@@ -83,6 +83,12 @@ func NewServer(opts ...ServerOption) (*Server, error) {
 		return nil, err
 	}
 
+	controlHost := "localhost"
+	if len(cfg.cert.Leaf.IPAddresses) > 0 {
+		controlHost = cfg.cert.Leaf.IPAddresses[0].String()
+	} else if len(cfg.cert.Leaf.DNSNames) > 0 {
+		controlHost = cfg.cert.Leaf.DNSNames[0]
+	}
 	controlCAs := x509.NewCertPool()
 	controlCAs.AddCert(cfg.cert.Leaf)
 	relay, err := relay.NewServer(relay.Config{
@@ -92,7 +98,7 @@ func NewServer(opts ...ServerOption) (*Server, error) {
 		Stores:   relay.NewFileStores(filepath.Join(cfg.dir, "relay")),
 
 		ControlAddr:  relaysAddr,
-		ControlHost:  "localhost",
+		ControlHost:  controlHost,
 		ControlToken: relayAuth.Token,
 		ControlCAs:   controlCAs,
 	})