pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / tests / wireguard / wg-quick.nix
at 23.11-beta 2.3 kB view raw
1import ../make-test-python.nix ({ pkgs, lib, kernelPackages ? null, nftables ? false, ... }: 2 let 3 wg-snakeoil-keys = import ./snakeoil-keys.nix; 4 peer = import ./make-peer.nix { inherit lib; }; 5 commonConfig = { 6 boot.kernelPackages = lib.mkIf (kernelPackages != null) kernelPackages; 7 networking.nftables.enable = nftables; 8 # Make sure iptables doesn't work with nftables enabled 9 boot.blacklistedKernelModules = lib.mkIf nftables [ "nft_compat" ]; 10 }; 11 in 12 { 13 name = "wg-quick"; 14 meta = with pkgs.lib.maintainers; { 15 maintainers = [ d-xo ]; 16 }; 17 18 nodes = { 19 peer0 = peer { 20 ip4 = "192.168.0.1"; 21 ip6 = "fd00::1"; 22 extraConfig = lib.mkMerge [ 23 commonConfig 24 { 25 networking.firewall.allowedUDPPorts = [ 23542 ]; 26 networking.wg-quick.interfaces.wg0 = { 27 address = [ "10.23.42.1/32" "fc00::1/128" ]; 28 listenPort = 23542; 29 30 inherit (wg-snakeoil-keys.peer0) privateKey; 31 32 peers = lib.singleton { 33 allowedIPs = [ "10.23.42.2/32" "fc00::2/128" ]; 34 35 inherit (wg-snakeoil-keys.peer1) publicKey; 36 }; 37 38 dns = [ "10.23.42.2" "fc00::2" "wg0" ]; 39 }; 40 } 41 ]; 42 }; 43 44 peer1 = peer { 45 ip4 = "192.168.0.2"; 46 ip6 = "fd00::2"; 47 extraConfig = lib.mkMerge [ 48 commonConfig 49 { 50 networking.useNetworkd = true; 51 networking.wg-quick.interfaces.wg0 = { 52 address = [ "10.23.42.2/32" "fc00::2/128" ]; 53 inherit (wg-snakeoil-keys.peer1) privateKey; 54 55 peers = lib.singleton { 56 allowedIPs = [ "0.0.0.0/0" "::/0" ]; 57 endpoint = "192.168.0.1:23542"; 58 persistentKeepalive = 25; 59 60 inherit (wg-snakeoil-keys.peer0) publicKey; 61 }; 62 63 dns = [ "10.23.42.1" "fc00::1" "wg0" ]; 64 }; 65 } 66 ]; 67 }; 68 }; 69 70 testScript = '' 71 start_all() 72 73 peer0.wait_for_unit("wg-quick-wg0.service") 74 peer1.wait_for_unit("wg-quick-wg0.service") 75 76 peer1.succeed("ping -c5 fc00::1") 77 peer1.succeed("ping -c5 10.23.42.1") 78 ''; 79 } 80)