pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / tests / wireguard / basic.nix
at 23.11-pre 2.1 kB view raw
1import ../make-test-python.nix ({ pkgs, lib, kernelPackages ? null, ...} : 2 let 3 wg-snakeoil-keys = import ./snakeoil-keys.nix; 4 peer = (import ./make-peer.nix) { inherit lib; }; 5 in 6 { 7 name = "wireguard"; 8 meta = with pkgs.lib.maintainers; { 9 maintainers = [ ma27 ]; 10 }; 11 12 nodes = { 13 peer0 = peer { 14 ip4 = "192.168.0.1"; 15 ip6 = "fd00::1"; 16 extraConfig = { 17 boot = lib.mkIf (kernelPackages != null) { inherit kernelPackages; }; 18 networking.firewall.allowedUDPPorts = [ 23542 ]; 19 networking.wireguard.interfaces.wg0 = { 20 ips = [ "10.23.42.1/32" "fc00::1/128" ]; 21 listenPort = 23542; 22 23 inherit (wg-snakeoil-keys.peer0) privateKey; 24 25 peers = lib.singleton { 26 allowedIPs = [ "10.23.42.2/32" "fc00::2/128" ]; 27 28 inherit (wg-snakeoil-keys.peer1) publicKey; 29 }; 30 }; 31 }; 32 }; 33 34 peer1 = peer { 35 ip4 = "192.168.0.2"; 36 ip6 = "fd00::2"; 37 extraConfig = { 38 boot = lib.mkIf (kernelPackages != null) { inherit kernelPackages; }; 39 networking.wireguard.interfaces.wg0 = { 40 ips = [ "10.23.42.2/32" "fc00::2/128" ]; 41 listenPort = 23542; 42 allowedIPsAsRoutes = false; 43 44 inherit (wg-snakeoil-keys.peer1) privateKey; 45 46 peers = lib.singleton { 47 allowedIPs = [ "0.0.0.0/0" "::/0" ]; 48 endpoint = "192.168.0.1:23542"; 49 persistentKeepalive = 25; 50 51 inherit (wg-snakeoil-keys.peer0) publicKey; 52 }; 53 54 postSetup = let inherit (pkgs) iproute2; in '' 55 ${iproute2}/bin/ip route replace 10.23.42.1/32 dev wg0 56 ${iproute2}/bin/ip route replace fc00::1/128 dev wg0 57 ''; 58 }; 59 }; 60 }; 61 }; 62 63 testScript = '' 64 start_all() 65 66 peer0.wait_for_unit("wireguard-wg0.service") 67 peer1.wait_for_unit("wireguard-wg0.service") 68 69 peer1.succeed("ping -c5 fc00::1") 70 peer1.succeed("ping -c5 10.23.42.1") 71 ''; 72 } 73)