nixos/tests/openssh: add Match
config for validation test
This commit is contained in:
parent
716bde190c
commit
cd2dead42c
1 changed files with 33 additions and 0 deletions
|
@ -52,6 +52,36 @@ in {
|
|||
};
|
||||
};
|
||||
|
||||
server_match_rule =
|
||||
{ ... }:
|
||||
|
||||
{
|
||||
services.openssh = {
|
||||
enable = true; listenAddresses = [ { addr = "127.0.0.1"; port = 22; } ];
|
||||
extraConfig = ''
|
||||
# Combined test for two (predictable) Match criterias
|
||||
Match LocalAddress 127.0.0.1 LocalPort 22
|
||||
PermitRootLogin yes
|
||||
|
||||
# Separate tests for Match criterias
|
||||
Match User root
|
||||
PermitRootLogin yes
|
||||
Match Group root
|
||||
PermitRootLogin yes
|
||||
Match Host nohost.example
|
||||
PermitRootLogin yes
|
||||
Match LocalAddress 127.0.0.1
|
||||
PermitRootLogin yes
|
||||
Match LocalPort 22
|
||||
PermitRootLogin yes
|
||||
Match RDomain nohost.example
|
||||
PermitRootLogin yes
|
||||
Match Address 127.0.0.1
|
||||
PermitRootLogin yes
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
client =
|
||||
{ ... }: { };
|
||||
|
||||
|
@ -114,5 +144,8 @@ in {
|
|||
with subtest("localhost-only"):
|
||||
server_localhost_only.succeed("ss -nlt | grep '127.0.0.1:22'")
|
||||
server_localhost_only_lazy.succeed("ss -nlt | grep '127.0.0.1:22'")
|
||||
|
||||
with subtest("match-rules"):
|
||||
server_match_rule.succeed("ss -nlt | grep '127.0.0.1:22'")
|
||||
'';
|
||||
})
|
||||
|
|
Loading…
Reference in a new issue