nixos/tests/wireguard/amneziawg.nix at 25.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / tests / wireguard / amneziawg.nix
at 25.11-pre 2.6 kB view raw
  1import ../make-test-python.nix (
  2  {
  3    pkgs,
  4    lib,
  5    kernelPackages ? null,
  6    ...
  7  }:
  8  let
  9    wg-snakeoil-keys = import ./snakeoil-keys.nix;
 10    peer = (import ./make-peer.nix) { inherit lib; };
 11    extraOptions = {
 12      Jc = 5;
 13      Jmin = 10;
 14      Jmax = 42;
 15      S1 = 60;
 16      S2 = 90;
 17    };
 18  in
 19  {
 20    name = "amneziawg";
 21    meta = with pkgs.lib.maintainers; {
 22      maintainers = [
 23        averyanalex
 24        azahi
 25      ];
 26    };
 27
 28    nodes = {
 29      peer0 = peer {
 30        ip4 = "192.168.0.1";
 31        ip6 = "fd00::1";
 32        extraConfig = {
 33          boot = lib.mkIf (kernelPackages != null) { inherit kernelPackages; };
 34          networking.firewall.allowedUDPPorts = [ 23542 ];
 35          networking.wireguard.interfaces.wg0 = {
 36            type = "amneziawg";
 37            ips = [
 38              "10.23.42.1/32"
 39              "fc00::1/128"
 40            ];
 41            listenPort = 23542;
 42
 43            inherit (wg-snakeoil-keys.peer0) privateKey;
 44
 45            peers = lib.singleton {
 46              allowedIPs = [
 47                "10.23.42.2/32"
 48                "fc00::2/128"
 49              ];
 50
 51              inherit (wg-snakeoil-keys.peer1) publicKey;
 52            };
 53
 54            inherit extraOptions;
 55          };
 56        };
 57      };
 58
 59      peer1 = peer {
 60        ip4 = "192.168.0.2";
 61        ip6 = "fd00::2";
 62        extraConfig = {
 63          boot = lib.mkIf (kernelPackages != null) { inherit kernelPackages; };
 64          networking.wireguard.interfaces.wg0 = {
 65            type = "amneziawg";
 66            ips = [
 67              "10.23.42.2/32"
 68              "fc00::2/128"
 69            ];
 70            listenPort = 23542;
 71            allowedIPsAsRoutes = false;
 72
 73            inherit (wg-snakeoil-keys.peer1) privateKey;
 74
 75            peers = lib.singleton {
 76              allowedIPs = [
 77                "0.0.0.0/0"
 78                "::/0"
 79              ];
 80              endpoint = "192.168.0.1:23542";
 81              persistentKeepalive = 25;
 82
 83              inherit (wg-snakeoil-keys.peer0) publicKey;
 84            };
 85
 86            postSetup =
 87              let
 88                inherit (pkgs) iproute2;
 89              in
 90              ''
 91                ${iproute2}/bin/ip route replace 10.23.42.1/32 dev wg0
 92                ${iproute2}/bin/ip route replace fc00::1/128 dev wg0
 93              '';
 94
 95            inherit extraOptions;
 96          };
 97        };
 98      };
 99    };
100
101    testScript = ''
102      start_all()
103
104      peer0.wait_for_unit("wireguard-wg0.service")
105      peer1.wait_for_unit("wireguard-wg0.service")
106
107      peer1.succeed("ping -c5 fc00::1")
108      peer1.succeed("ping -c5 10.23.42.1")
109    '';
110  }
111)