nixos/tests/wireguard/namespaces.nix at 23.05-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / tests / wireguard / namespaces.nix
at 23.05-pre 2.6 kB view raw
 1{ kernelPackages ? null }:
 2
 3let
 4  listenPort = 12345;
 5  socketNamespace = "foo";
 6  interfaceNamespace = "bar";
 7  node = {
 8    networking.wireguard.interfaces.wg0 = {
 9      listenPort = listenPort;
10      ips = [ "10.10.10.1/24" ];
11      privateKeyFile = "/etc/wireguard/private";
12      generatePrivateKeyFile = true;
13    };
14  };
15
16in
17
18import ../make-test-python.nix ({ pkgs, lib, ... } : {
19  name = "wireguard-with-namespaces";
20  meta = with pkgs.lib.maintainers; {
21    maintainers = [ asymmetric ];
22  };
23
24  nodes = {
25    # interface should be created in the socketNamespace
26    # and not moved from there
27    peer0 = pkgs.lib.attrsets.recursiveUpdate node {
28      boot = lib.mkIf (kernelPackages != null) { inherit kernelPackages; };
29      networking.wireguard.interfaces.wg0 = {
30        preSetup = ''
31          ip netns add ${socketNamespace}
32        '';
33        inherit socketNamespace;
34      };
35    };
36    # interface should be created in the init namespace
37    # and moved to the interfaceNamespace
38    peer1 = pkgs.lib.attrsets.recursiveUpdate node {
39      boot = lib.mkIf (kernelPackages != null) { inherit kernelPackages; };
40      networking.wireguard.interfaces.wg0 = {
41        preSetup = ''
42          ip netns add ${interfaceNamespace}
43        '';
44        inherit interfaceNamespace;
45      };
46    };
47    # interface should be created in the socketNamespace
48    # and moved to the interfaceNamespace
49    peer2 = pkgs.lib.attrsets.recursiveUpdate node {
50      boot = lib.mkIf (kernelPackages != null) { inherit kernelPackages; };
51      networking.wireguard.interfaces.wg0 = {
52        preSetup = ''
53          ip netns add ${socketNamespace}
54          ip netns add ${interfaceNamespace}
55        '';
56        inherit socketNamespace interfaceNamespace;
57      };
58    };
59    # interface should be created in the socketNamespace
60    # and moved to the init namespace
61    peer3 = pkgs.lib.attrsets.recursiveUpdate node {
62      boot = lib.mkIf (kernelPackages != null) { inherit kernelPackages; };
63      networking.wireguard.interfaces.wg0 = {
64        preSetup = ''
65          ip netns add ${socketNamespace}
66        '';
67        inherit socketNamespace;
68        interfaceNamespace = "init";
69      };
70    };
71  };
72
73  testScript = ''
74    start_all()
75
76    for machine in peer0, peer1, peer2, peer3:
77        machine.wait_for_unit("wireguard-wg0.service")
78
79    peer0.succeed("ip -n ${socketNamespace} link show wg0")
80    peer1.succeed("ip -n ${interfaceNamespace} link show wg0")
81    peer2.succeed("ip -n ${interfaceNamespace} link show wg0")
82    peer3.succeed("ip link show wg0")
83  '';
84})