nixos/tests/wireguard/amneziawg-quick.nix at 25.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / tests / wireguard / amneziawg-quick.nix
at 25.11-pre 2.9 kB view raw
  1import ../make-test-python.nix (
  2  {
  3    pkgs,
  4    lib,
  5    kernelPackages ? null,
  6    nftables ? false,
  7    ...
  8  }:
  9  let
 10    wg-snakeoil-keys = import ./snakeoil-keys.nix;
 11    peer = import ./make-peer.nix { inherit lib; };
 12    commonConfig = {
 13      boot.kernelPackages = lib.mkIf (kernelPackages != null) kernelPackages;
 14      networking.nftables.enable = nftables;
 15      # Make sure iptables doesn't work with nftables enabled
 16      boot.blacklistedKernelModules = lib.mkIf nftables [ "nft_compat" ];
 17    };
 18    extraOptions = {
 19      Jc = 5;
 20      Jmin = 10;
 21      Jmax = 42;
 22      S1 = 60;
 23      S2 = 90;
 24    };
 25  in
 26  {
 27    name = "amneziawg-quick";
 28    meta = with pkgs.lib.maintainers; {
 29      maintainers = [
 30        averyanalex
 31        azahi
 32      ];
 33    };
 34
 35    nodes = {
 36      peer0 = peer {
 37        ip4 = "192.168.0.1";
 38        ip6 = "fd00::1";
 39        extraConfig = lib.mkMerge [
 40          commonConfig
 41          {
 42            networking.firewall.allowedUDPPorts = [ 23542 ];
 43            networking.wg-quick.interfaces.wg0 = {
 44              type = "amneziawg";
 45
 46              address = [
 47                "10.23.42.1/32"
 48                "fc00::1/128"
 49              ];
 50              listenPort = 23542;
 51
 52              inherit (wg-snakeoil-keys.peer0) privateKey;
 53
 54              peers = lib.singleton {
 55                allowedIPs = [
 56                  "10.23.42.2/32"
 57                  "fc00::2/128"
 58                ];
 59
 60                inherit (wg-snakeoil-keys.peer1) publicKey;
 61              };
 62
 63              dns = [
 64                "10.23.42.2"
 65                "fc00::2"
 66                "wg0"
 67              ];
 68
 69              inherit extraOptions;
 70            };
 71          }
 72        ];
 73      };
 74
 75      peer1 = peer {
 76        ip4 = "192.168.0.2";
 77        ip6 = "fd00::2";
 78        extraConfig = lib.mkMerge [
 79          commonConfig
 80          {
 81            networking.useNetworkd = true;
 82            networking.wg-quick.interfaces.wg0 = {
 83              type = "amneziawg";
 84
 85              address = [
 86                "10.23.42.2/32"
 87                "fc00::2/128"
 88              ];
 89              inherit (wg-snakeoil-keys.peer1) privateKey;
 90
 91              peers = lib.singleton {
 92                allowedIPs = [
 93                  "0.0.0.0/0"
 94                  "::/0"
 95                ];
 96                endpoint = "192.168.0.1:23542";
 97                persistentKeepalive = 25;
 98
 99                inherit (wg-snakeoil-keys.peer0) publicKey;
100              };
101
102              dns = [
103                "10.23.42.1"
104                "fc00::1"
105                "wg0"
106              ];
107
108              inherit extraOptions;
109            };
110          }
111        ];
112      };
113    };
114
115    testScript = ''
116      start_all()
117
118      peer0.wait_for_unit("wg-quick-wg0.service")
119      peer1.wait_for_unit("wg-quick-wg0.service")
120
121      peer1.succeed("ping -c5 fc00::1")
122      peer1.succeed("ping -c5 10.23.42.1")
123    '';
124  }
125)