import ./make-test-python.nix ( { pkgs, ... }: { name = "coturn"; nodes = { default = { services.coturn.enable = true; }; secretsfile = { boot.postBootCommands = '' echo "some-very-secret-string" > /run/coturn-secret ''; services.coturn = { enable = true; static-auth-secret-file = "/run/coturn-secret"; }; }; }; testScript = '' start_all() with subtest("by default works without configuration"): default.wait_for_unit("coturn.service") with subtest("works with static-auth-secret-file"): secretsfile.wait_for_unit("coturn.service") secretsfile.wait_for_open_port(3478) secretsfile.succeed("grep 'some-very-secret-string' /run/coturn/turnserver.cfg") # Forbidden IP, fails: secretsfile.fail("${pkgs.coturn}/bin/turnutils_uclient -W some-very-secret-string 127.0.0.1 -DgX -e 127.0.0.1 -n 1 -c -y") # allowed-peer-ip, should succeed: secretsfile.succeed("${pkgs.coturn}/bin/turnutils_uclient -W some-very-secret-string 192.168.1.2 -DgX -e 192.168.1.2 -n 1 -c -y") default.log(default.execute("systemd-analyze security coturn.service | grep -v '✓'")[1]) ''; } )