pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / tests / wireguard / basic.nix
at 23.05-pre 2.1 kB view raw
1{ kernelPackages ? null }: 2import ../make-test-python.nix ({ pkgs, lib, ...} : 3 let 4 wg-snakeoil-keys = import ./snakeoil-keys.nix; 5 peer = (import ./make-peer.nix) { inherit lib; }; 6 in 7 { 8 name = "wireguard"; 9 meta = with pkgs.lib.maintainers; { 10 maintainers = [ ma27 ]; 11 }; 12 13 nodes = { 14 peer0 = peer { 15 ip4 = "192.168.0.1"; 16 ip6 = "fd00::1"; 17 extraConfig = { 18 boot = lib.mkIf (kernelPackages != null) { inherit kernelPackages; }; 19 networking.firewall.allowedUDPPorts = [ 23542 ]; 20 networking.wireguard.interfaces.wg0 = { 21 ips = [ "10.23.42.1/32" "fc00::1/128" ]; 22 listenPort = 23542; 23 24 inherit (wg-snakeoil-keys.peer0) privateKey; 25 26 peers = lib.singleton { 27 allowedIPs = [ "10.23.42.2/32" "fc00::2/128" ]; 28 29 inherit (wg-snakeoil-keys.peer1) publicKey; 30 }; 31 }; 32 }; 33 }; 34 35 peer1 = peer { 36 ip4 = "192.168.0.2"; 37 ip6 = "fd00::2"; 38 extraConfig = { 39 boot = lib.mkIf (kernelPackages != null) { inherit kernelPackages; }; 40 networking.wireguard.interfaces.wg0 = { 41 ips = [ "10.23.42.2/32" "fc00::2/128" ]; 42 listenPort = 23542; 43 allowedIPsAsRoutes = false; 44 45 inherit (wg-snakeoil-keys.peer1) privateKey; 46 47 peers = lib.singleton { 48 allowedIPs = [ "0.0.0.0/0" "::/0" ]; 49 endpoint = "192.168.0.1:23542"; 50 persistentKeepalive = 25; 51 52 inherit (wg-snakeoil-keys.peer0) publicKey; 53 }; 54 55 postSetup = let inherit (pkgs) iproute2; in '' 56 ${iproute2}/bin/ip route replace 10.23.42.1/32 dev wg0 57 ${iproute2}/bin/ip route replace fc00::1/128 dev wg0 58 ''; 59 }; 60 }; 61 }; 62 }; 63 64 testScript = '' 65 start_all() 66 67 peer0.wait_for_unit("wireguard-wg0.service") 68 peer1.wait_for_unit("wireguard-wg0.service") 69 70 peer1.succeed("ping -c5 fc00::1") 71 peer1.succeed("ping -c5 10.23.42.1") 72 ''; 73 } 74)