pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / tests / wireguard / generated.nix
at 23.05-pre 2.0 kB view raw
1{ kernelPackages ? null }: 2import ../make-test-python.nix ({ pkgs, lib, ... } : { 3 name = "wireguard-generated"; 4 meta = with pkgs.lib.maintainers; { 5 maintainers = [ ma27 grahamc ]; 6 }; 7 8 nodes = { 9 peer1 = { 10 boot = lib.mkIf (kernelPackages != null) { inherit kernelPackages; }; 11 networking.firewall.allowedUDPPorts = [ 12345 ]; 12 networking.wireguard.interfaces.wg0 = { 13 ips = [ "10.10.10.1/24" ]; 14 listenPort = 12345; 15 privateKeyFile = "/etc/wireguard/private"; 16 generatePrivateKeyFile = true; 17 18 }; 19 }; 20 21 peer2 = { 22 boot = lib.mkIf (kernelPackages != null) { inherit kernelPackages; }; 23 networking.firewall.allowedUDPPorts = [ 12345 ]; 24 networking.wireguard.interfaces.wg0 = { 25 ips = [ "10.10.10.2/24" ]; 26 listenPort = 12345; 27 privateKeyFile = "/etc/wireguard/private"; 28 generatePrivateKeyFile = true; 29 }; 30 }; 31 }; 32 33 testScript = '' 34 start_all() 35 36 peer1.wait_for_unit("wireguard-wg0.service") 37 peer2.wait_for_unit("wireguard-wg0.service") 38 39 retcode, peer1pubkey = peer1.execute("wg pubkey < /etc/wireguard/private") 40 if retcode != 0: 41 raise Exception("Could not read public key from peer1") 42 43 retcode, peer2pubkey = peer2.execute("wg pubkey < /etc/wireguard/private") 44 if retcode != 0: 45 raise Exception("Could not read public key from peer2") 46 47 peer1.succeed( 48 "wg set wg0 peer {} allowed-ips 10.10.10.2/32 endpoint 192.168.1.2:12345 persistent-keepalive 1".format( 49 peer2pubkey.strip() 50 ) 51 ) 52 peer1.succeed("ip route replace 10.10.10.2/32 dev wg0 table main") 53 54 peer2.succeed( 55 "wg set wg0 peer {} allowed-ips 10.10.10.1/32 endpoint 192.168.1.1:12345 persistent-keepalive 1".format( 56 peer1pubkey.strip() 57 ) 58 ) 59 peer2.succeed("ip route replace 10.10.10.1/32 dev wg0 table main") 60 61 peer1.succeed("ping -c1 10.10.10.2") 62 peer2.succeed("ping -c1 10.10.10.1") 63 ''; 64})