From 7e644a2054df547c220dc34735328ab020f4a937 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Thu, 11 Jan 2024 14:43:25 +0100 Subject: [PATCH 1/7] make zerotier name configureable --- nixosModules/clanCore/zerotier/generate.py | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/nixosModules/clanCore/zerotier/generate.py b/nixosModules/clanCore/zerotier/generate.py index f459d2184..9dc86b055 100644 --- a/nixosModules/clanCore/zerotier/generate.py +++ b/nixosModules/clanCore/zerotier/generate.py @@ -142,9 +142,9 @@ class NetworkController: # TODO: allow merging more network configuration here -def create_network_controller() -> NetworkController: +def create_network_controller(name: str="") -> NetworkController: with zerotier_controller() as controller: - network = controller.create_network() + network = controller.create_network({"name": name}) return NetworkController(network["nwid"], controller.identity) @@ -199,13 +199,14 @@ def main() -> None: parser.add_argument("--meshname", type=Path, required=True) parser.add_argument("--identity-secret", type=Path, required=True) parser.add_argument("--network-id", type=str, required=False) + parser.add_argument("--network-name", type=str, default="", required=False) args = parser.parse_args() match args.mode: case "network": if args.network_id is None: raise ValueError("network_id parameter is required") - controller = create_network_controller() + controller = create_network_controller(name=args.network_name) identity = controller.identity network_id = controller.networkid Path(args.network_id).write_text(network_id) From 449b8842311b76e5709d8b904852ab72a37fb757 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Thu, 11 Jan 2024 14:55:40 +0100 Subject: [PATCH 2/7] zerotier: use configuration file instead to set the network name --- nixosModules/clanCore/zerotier/default.nix | 10 ++++++++-- nixosModules/clanCore/zerotier/generate.py | 7 +++---- 2 files changed, 11 insertions(+), 6 deletions(-) diff --git a/nixosModules/clanCore/zerotier/default.nix b/nixosModules/clanCore/zerotier/default.nix index 5dd56b542..12208ef71 100644 --- a/nixosModules/clanCore/zerotier/default.nix +++ b/nixosModules/clanCore/zerotier/default.nix @@ -15,7 +15,7 @@ let ipAssignmentPools = [ ]; mtu = 2800; multicastLimit = 32; - name = ""; + name = cfg.name; uwid = cfg.networkId; objtype = "network"; private = !cfg.controller.public; @@ -52,6 +52,13 @@ in zerotier networking id ''; }; + name = lib.mkOption { + type = lib.types.str; + default = config.clanCore.clanName; + description = '' + zerotier network name + ''; + }; subnet = lib.mkOption { type = lib.types.nullOr lib.types.str; readOnly = true; @@ -165,7 +172,6 @@ in environment.systemPackages = [ config.clanCore.clanPkgs.zerotier-members ]; }) (lib.mkIf (config.clanCore.secretsUploadDirectory != null && !cfg.controller.enable && cfg.networkId != null) { - clanCore.secrets.zerotier = { facts.zerotier-ip = { }; facts.zerotier-meshname = { }; diff --git a/nixosModules/clanCore/zerotier/generate.py b/nixosModules/clanCore/zerotier/generate.py index 9dc86b055..f459d2184 100644 --- a/nixosModules/clanCore/zerotier/generate.py +++ b/nixosModules/clanCore/zerotier/generate.py @@ -142,9 +142,9 @@ class NetworkController: # TODO: allow merging more network configuration here -def create_network_controller(name: str="") -> NetworkController: +def create_network_controller() -> NetworkController: with zerotier_controller() as controller: - network = controller.create_network({"name": name}) + network = controller.create_network() return NetworkController(network["nwid"], controller.identity) @@ -199,14 +199,13 @@ def main() -> None: parser.add_argument("--meshname", type=Path, required=True) parser.add_argument("--identity-secret", type=Path, required=True) parser.add_argument("--network-id", type=str, required=False) - parser.add_argument("--network-name", type=str, default="", required=False) args = parser.parse_args() match args.mode: case "network": if args.network_id is None: raise ValueError("network_id parameter is required") - controller = create_network_controller(name=args.network_name) + controller = create_network_controller() identity = controller.identity network_id = controller.networkid Path(args.network_id).write_text(network_id) From 5dd222eb692549e57ff087f9fb23e269fa75f4b0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Thu, 11 Jan 2024 15:34:46 +0100 Subject: [PATCH 3/7] zerotier: set interface altname --- nixosModules/clanCore/zerotier/default.nix | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/nixosModules/clanCore/zerotier/default.nix b/nixosModules/clanCore/zerotier/default.nix index 12208ef71..2ce0088c3 100644 --- a/nixosModules/clanCore/zerotier/default.nix +++ b/nixosModules/clanCore/zerotier/default.nix @@ -136,6 +136,21 @@ in fi ''}" ]; + systemd.services.zerotierone.serviceConfig.ExecStartPost = [ + "+${pkgs.writeShellScript "configure-interface" '' + while ! ${pkgs.netcat}/bin/nc -z localhost 9993; do + sleep 0.1 + done + zerotier-cli listnetworks -j | ${pkgs.jq}/bin/jq -r '.[] | [.portDeviceName, .name] | @tsv' \ + | while IFS=$'\t' read -r portDeviceName name; do + if [[ -z "$name" ]] || [[ -z "$portDeviceName" ]]; then + continue + fi + # Execute the command for each element + ${pkgs.iproute2}/bin/ip link property add dev "$portDeviceName" altname "$name" + done + ''}" + ]; networking.firewall.interfaces."zt+".allowedTCPPorts = [ 5353 ]; # mdns networking.firewall.interfaces."zt+".allowedUDPPorts = [ 5353 ]; # mdns From 163abdb311371e7041cb7a75a473b873473d79d1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Thu, 11 Jan 2024 17:41:41 +0100 Subject: [PATCH 4/7] schema: set also clanName this is usually set by buildClan --- pkgs/clan-cli/clan_cli/config/schema.py | 1 + 1 file changed, 1 insertion(+) diff --git a/pkgs/clan-cli/clan_cli/config/schema.py b/pkgs/clan-cli/clan_cli/config/schema.py index ad927d1ad..a709068cf 100644 --- a/pkgs/clan-cli/clan_cli/config/schema.py +++ b/pkgs/clan-cli/clan_cli/config/schema.py @@ -87,6 +87,7 @@ def machine_schema( # potentially the config might affect submodule options, # therefore we need to import it config + {{ clanCore.clanName = "fakeClan"; }} ] # add all clan modules specified via clanImports ++ (map (name: clan-core.clanModules.${{name}}) config.clanImports or []); From ca0749c76fbf4807cad2bd296e97fce1a79c8c5f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Thu, 11 Jan 2024 17:51:30 +0100 Subject: [PATCH 5/7] drop runSchemaTests/runMockApi from checks --- checks/impure/flake-module.nix | 76 +++++++--------------------------- docs/contributing.md | 8 ---- 2 files changed, 14 insertions(+), 70 deletions(-) diff --git a/checks/impure/flake-module.nix b/checks/impure/flake-module.nix index 18f3e7ada..b0865c6ff 100644 --- a/checks/impure/flake-module.nix +++ b/checks/impure/flake-module.nix @@ -1,66 +1,18 @@ -{ ... }: { +{ perSystem = { pkgs, lib, ... }: { - packages = rec { - # a script that executes all other checks - impure-checks = pkgs.writeShellScriptBin "impure-checks" '' - #!${pkgs.bash}/bin/bash - set -euo pipefail + # a script that executes all other checks + packages.impure-checks = pkgs.writeShellScriptBin "impure-checks" '' + #!${pkgs.bash}/bin/bash + set -euo pipefail - export PATH="${lib.makeBinPath [ - pkgs.gitMinimal - pkgs.nix - pkgs.rsync # needed to have rsync installed on the dummy ssh server - ]}" - ROOT=$(git rev-parse --show-toplevel) - cd "$ROOT/pkgs/clan-cli" - nix develop "$ROOT#clan-cli" -c bash -c "TMPDIR=/tmp python -m pytest -m impure ./tests $@" - ''; - - runMockApi = pkgs.writeShellScriptBin "run-mock-api" '' - #!${pkgs.bash}/bin/bash - set -euo pipefail - - export PATH="${lib.makeBinPath [ - pkgs.gitMinimal - pkgs.nix - pkgs.rsync # needed to have rsync installed on the dummy ssh server - pkgs.coreutils - pkgs.procps - ]}" - ROOT=$(git rev-parse --show-toplevel) - cd "$ROOT/pkgs/clan-cli" - nix develop "$ROOT#clan-cli" -c bash -c 'TMPDIR=/tmp clan webui --no-open --port 5757' - ''; - - - runSchemaTests = pkgs.writeShellScriptBin "runSchemaTests" '' - #!${pkgs.bash}/bin/bash - set -euo pipefail - - ${runMockApi}/bin/run-mock-api & - MOCK_API_PID=$! - echo "Started mock api with pid $MOCK_API_PID" - function cleanup { - echo "Stopping server..." - pkill -9 -f "python -m clan webui --no-open --port 5757" - } - trap cleanup EXIT - - export PATH="${lib.makeBinPath [ - pkgs.gitMinimal - pkgs.nix - pkgs.rsync # needed to have rsync installed on the dummy ssh server - pkgs.procps - pkgs.coreutils - ]}" - - sleep 3 - - ROOT=$(git rev-parse --show-toplevel) - cd "$ROOT/pkgs/clan-cli" - nix develop "$ROOT#clan-cli" -c bash -c 'TMPDIR=/tmp st auth login RHtr8nLtz77tqRP8yUGyf-Flv_9SLI' - nix develop "$ROOT#clan-cli" -c bash -c 'TMPDIR=/tmp st run http://localhost:5757/openapi.json --experimental=openapi-3.1 --report --workers 8 --max-response-time=50 --request-timeout=1000 -M GET' - ''; - }; + export PATH="${lib.makeBinPath [ + pkgs.gitMinimal + pkgs.nix + pkgs.rsync # needed to have rsync installed on the dummy ssh server + ]}" + ROOT=$(git rev-parse --show-toplevel) + cd "$ROOT/pkgs/clan-cli" + nix develop "$ROOT#clan-cli" -c bash -c "TMPDIR=/tmp python -m pytest -m impure ./tests $@" + ''; }; } diff --git a/docs/contributing.md b/docs/contributing.md index e6d094e0a..3ac914e08 100644 --- a/docs/contributing.md +++ b/docs/contributing.md @@ -174,14 +174,6 @@ nix build .#checks.x86_64-linux.clan-pytest --rebuild This command will run all pure test functions. -### Running schemathesis fuzzer on GET requests - -```bash -nix run .#runSchemaTests -``` - -If you want to test more request types edit the file `checks/impure/flake-module.nix` - ### Inspecting the Nix Sandbox If you need to inspect the Nix sandbox while running tests, follow these steps: From bb26c855731cfd5e7829d02659927f3f4873a55d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Thu, 11 Jan 2024 18:00:42 +0100 Subject: [PATCH 6/7] drop deadcode --- checks/schema.nix | 54 ----------------------------------------------- 1 file changed, 54 deletions(-) delete mode 100644 checks/schema.nix diff --git a/checks/schema.nix b/checks/schema.nix deleted file mode 100644 index d862f8a4b..000000000 --- a/checks/schema.nix +++ /dev/null @@ -1,54 +0,0 @@ -{ self, lib, inputs, ... }: -let - inherit (builtins) - mapAttrs - toJSON - toFile - ; - inherit (lib) - mapAttrs' - ; - clanLib = self.lib; - clanModules = self.clanModules; - - -in -{ - perSystem = { pkgs, ... }: - let - baseModule = { - imports = - (import (inputs.nixpkgs + "/nixos/modules/module-list.nix")) - ++ [{ - nixpkgs.hostPlatform = pkgs.system; - }]; - }; - - optionsFromModule = module: - let - evaled = lib.evalModules { - modules = [ module baseModule ]; - }; - in - evaled.options.clan.networking; - - clanModuleSchemas = - mapAttrs - (_: module: clanLib.jsonschema.parseOptions (optionsFromModule module)) - clanModules; - - mkTest = name: schema: pkgs.runCommand "schema-${name}" { } '' - ${pkgs.check-jsonschema}/bin/check-jsonschema \ - --check-metaschema ${toFile "schema-${name}" (toJSON schema)} - touch $out - ''; - in - { - checks = mapAttrs' - (name: schema: { - name = "schema-${name}"; - value = mkTest name schema; - }) - clanModuleSchemas; - }; -} From 656d94ed4d6d3e50246fa6d68ed08109c76a7e04 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Thu, 11 Jan 2024 18:02:50 +0100 Subject: [PATCH 7/7] schema-check: set clanName dummy --- checks/schemas.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/checks/schemas.nix b/checks/schemas.nix index f2a9960a7..c12e1d8f1 100644 --- a/checks/schemas.nix +++ b/checks/schemas.nix @@ -7,6 +7,7 @@ let (import (pkgs.path + "/nixos/modules/module-list.nix")) ++ [{ nixpkgs.hostPlatform = "x86_64-linux"; + clanCore.clanName = "dummy"; }]; };