nixos/tests/openssh: add Match
config for validation test
This commit is contained in:
parent
716bde190c
commit
cd2dead42c
1 changed files with 33 additions and 0 deletions
|
@ -52,6 +52,36 @@ in {
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
server_match_rule =
|
||||||
|
{ ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
services.openssh = {
|
||||||
|
enable = true; listenAddresses = [ { addr = "127.0.0.1"; port = 22; } ];
|
||||||
|
extraConfig = ''
|
||||||
|
# Combined test for two (predictable) Match criterias
|
||||||
|
Match LocalAddress 127.0.0.1 LocalPort 22
|
||||||
|
PermitRootLogin yes
|
||||||
|
|
||||||
|
# Separate tests for Match criterias
|
||||||
|
Match User root
|
||||||
|
PermitRootLogin yes
|
||||||
|
Match Group root
|
||||||
|
PermitRootLogin yes
|
||||||
|
Match Host nohost.example
|
||||||
|
PermitRootLogin yes
|
||||||
|
Match LocalAddress 127.0.0.1
|
||||||
|
PermitRootLogin yes
|
||||||
|
Match LocalPort 22
|
||||||
|
PermitRootLogin yes
|
||||||
|
Match RDomain nohost.example
|
||||||
|
PermitRootLogin yes
|
||||||
|
Match Address 127.0.0.1
|
||||||
|
PermitRootLogin yes
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
client =
|
client =
|
||||||
{ ... }: { };
|
{ ... }: { };
|
||||||
|
|
||||||
|
@ -114,5 +144,8 @@ in {
|
||||||
with subtest("localhost-only"):
|
with subtest("localhost-only"):
|
||||||
server_localhost_only.succeed("ss -nlt | grep '127.0.0.1:22'")
|
server_localhost_only.succeed("ss -nlt | grep '127.0.0.1:22'")
|
||||||
server_localhost_only_lazy.succeed("ss -nlt | grep '127.0.0.1:22'")
|
server_localhost_only_lazy.succeed("ss -nlt | grep '127.0.0.1:22'")
|
||||||
|
|
||||||
|
with subtest("match-rules"):
|
||||||
|
server_match_rule.succeed("ss -nlt | grep '127.0.0.1:22'")
|
||||||
'';
|
'';
|
||||||
})
|
})
|
||||||
|
|
Loading…
Reference in a new issue