pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / tests / wireguard / generated.nix
at 25.11-pre 2.1 kB view raw
1import ../make-test-python.nix ( 2 { 3 pkgs, 4 lib, 5 kernelPackages ? null, 6 ... 7 }: 8 { 9 name = "wireguard-generated"; 10 meta = with pkgs.lib.maintainers; { 11 maintainers = [ 12 ma27 13 grahamc 14 ]; 15 }; 16 17 nodes = { 18 peer1 = { 19 boot = lib.mkIf (kernelPackages != null) { inherit kernelPackages; }; 20 networking.firewall.allowedUDPPorts = [ 12345 ]; 21 networking.wireguard.interfaces.wg0 = { 22 ips = [ "10.10.10.1/24" ]; 23 listenPort = 12345; 24 privateKeyFile = "/etc/wireguard/private"; 25 generatePrivateKeyFile = true; 26 27 }; 28 }; 29 30 peer2 = { 31 boot = lib.mkIf (kernelPackages != null) { inherit kernelPackages; }; 32 networking.firewall.allowedUDPPorts = [ 12345 ]; 33 networking.wireguard.interfaces.wg0 = { 34 ips = [ "10.10.10.2/24" ]; 35 listenPort = 12345; 36 privateKeyFile = "/etc/wireguard/private"; 37 generatePrivateKeyFile = true; 38 }; 39 }; 40 }; 41 42 testScript = '' 43 start_all() 44 45 peer1.wait_for_unit("wireguard-wg0.service") 46 peer2.wait_for_unit("wireguard-wg0.service") 47 48 retcode, peer1pubkey = peer1.execute("wg pubkey < /etc/wireguard/private") 49 if retcode != 0: 50 raise Exception("Could not read public key from peer1") 51 52 retcode, peer2pubkey = peer2.execute("wg pubkey < /etc/wireguard/private") 53 if retcode != 0: 54 raise Exception("Could not read public key from peer2") 55 56 peer1.succeed( 57 "wg set wg0 peer {} allowed-ips 10.10.10.2/32 endpoint 192.168.1.2:12345 persistent-keepalive 1".format( 58 peer2pubkey.strip() 59 ) 60 ) 61 peer1.succeed("ip route replace 10.10.10.2/32 dev wg0 table main") 62 63 peer2.succeed( 64 "wg set wg0 peer {} allowed-ips 10.10.10.1/32 endpoint 192.168.1.1:12345 persistent-keepalive 1".format( 65 peer1pubkey.strip() 66 ) 67 ) 68 peer2.succeed("ip route replace 10.10.10.1/32 dev wg0 table main") 69 70 peer1.succeed("ping -c1 10.10.10.2") 71 peer2.succeed("ping -c1 10.10.10.1") 72 ''; 73 } 74)