pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / tests / wireguard / basic.nix
at 25.11-pre 2.4 kB view raw
1import ../make-test-python.nix ( 2 { 3 pkgs, 4 lib, 5 kernelPackages ? null, 6 ... 7 }: 8 let 9 wg-snakeoil-keys = import ./snakeoil-keys.nix; 10 peer = (import ./make-peer.nix) { inherit lib; }; 11 in 12 { 13 name = "wireguard"; 14 meta = with pkgs.lib.maintainers; { 15 maintainers = [ ma27 ]; 16 }; 17 18 nodes = { 19 peer0 = peer { 20 ip4 = "192.168.0.1"; 21 ip6 = "fd00::1"; 22 extraConfig = { 23 boot = lib.mkIf (kernelPackages != null) { inherit kernelPackages; }; 24 networking.firewall.allowedUDPPorts = [ 23542 ]; 25 networking.wireguard.interfaces.wg0 = { 26 ips = [ 27 "10.23.42.1/32" 28 "fc00::1/128" 29 ]; 30 listenPort = 23542; 31 32 inherit (wg-snakeoil-keys.peer0) privateKey; 33 34 peers = lib.singleton { 35 allowedIPs = [ 36 "10.23.42.2/32" 37 "fc00::2/128" 38 ]; 39 40 inherit (wg-snakeoil-keys.peer1) publicKey; 41 }; 42 }; 43 }; 44 }; 45 46 peer1 = peer { 47 ip4 = "192.168.0.2"; 48 ip6 = "fd00::2"; 49 extraConfig = { 50 boot = lib.mkIf (kernelPackages != null) { inherit kernelPackages; }; 51 networking.wireguard.interfaces.wg0 = { 52 ips = [ 53 "10.23.42.2/32" 54 "fc00::2/128" 55 ]; 56 listenPort = 23542; 57 allowedIPsAsRoutes = false; 58 59 inherit (wg-snakeoil-keys.peer1) privateKey; 60 61 peers = lib.singleton { 62 allowedIPs = [ 63 "0.0.0.0/0" 64 "::/0" 65 ]; 66 endpoint = "192.168.0.1:23542"; 67 persistentKeepalive = 25; 68 69 inherit (wg-snakeoil-keys.peer0) publicKey; 70 }; 71 72 postSetup = 73 let 74 inherit (pkgs) iproute2; 75 in 76 '' 77 ${iproute2}/bin/ip route replace 10.23.42.1/32 dev wg0 78 ${iproute2}/bin/ip route replace fc00::1/128 dev wg0 79 ''; 80 }; 81 }; 82 }; 83 }; 84 85 testScript = '' 86 start_all() 87 88 peer0.wait_for_unit("wireguard-wg0.service") 89 peer1.wait_for_unit("wireguard-wg0.service") 90 91 peer1.succeed("ping -c5 fc00::1") 92 peer1.succeed("ping -c5 10.23.42.1") 93 ''; 94 } 95)