nixos/tests/wireguard/networkd.nix at 25.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / tests / wireguard / networkd.nix
at 25.11-pre 3.0 kB view raw
  1import ../make-test-python.nix (
  2  {
  3    pkgs,
  4    lib,
  5    kernelPackages ? null,
  6    ...
  7  }:
  8  let
  9    wg-snakeoil-keys = import ./snakeoil-keys.nix;
 10    peer = (import ./make-peer.nix) { inherit lib; };
 11  in
 12  {
 13    name = "wireguard-networkd";
 14    meta = with pkgs.lib.maintainers; {
 15      maintainers = [ majiir ];
 16    };
 17
 18    nodes = {
 19      peer0 = peer {
 20        ip4 = "192.168.0.1";
 21        ip6 = "fd00::1";
 22        extraConfig = {
 23          boot = lib.mkIf (kernelPackages != null) { inherit kernelPackages; };
 24          networking.firewall.allowedUDPPorts = [ 23542 ];
 25          networking.wireguard.useNetworkd = true;
 26          networking.wireguard.interfaces.wg0 = {
 27            ips = [
 28              "10.23.42.1/32"
 29              "fc00::1/128"
 30            ];
 31            listenPort = 23542;
 32
 33            # !!! Don't do this with real keys. The /nix store is world-readable!
 34            privateKeyFile = toString (pkgs.writeText "privateKey" wg-snakeoil-keys.peer0.privateKey);
 35
 36            peers = lib.singleton {
 37              allowedIPs = [
 38                "10.23.42.2/32"
 39                "fc00::2/128"
 40              ];
 41
 42              # !!! Don't do this with real keys. The /nix store is world-readable!
 43              presharedKeyFile = toString (pkgs.writeText "presharedKey" wg-snakeoil-keys.presharedKey);
 44
 45              inherit (wg-snakeoil-keys.peer1) publicKey;
 46            };
 47          };
 48        };
 49      };
 50
 51      peer1 = peer {
 52        ip4 = "192.168.0.2";
 53        ip6 = "fd00::2";
 54        extraConfig = {
 55          boot = lib.mkIf (kernelPackages != null) { inherit kernelPackages; };
 56          networking.wireguard.useNetworkd = true;
 57          networking.wireguard.interfaces.wg0 = {
 58            ips = [
 59              "10.23.42.2/32"
 60              "fc00::2/128"
 61            ];
 62            listenPort = 23542;
 63
 64            # !!! Don't do this with real keys. The /nix store is world-readable!
 65            privateKeyFile = toString (pkgs.writeText "privateKey" wg-snakeoil-keys.peer1.privateKey);
 66
 67            peers = lib.singleton {
 68              allowedIPs = [
 69                "0.0.0.0/0"
 70                "::/0"
 71              ];
 72              endpoint = "192.168.0.1:23542";
 73              persistentKeepalive = 25;
 74
 75              # !!! Don't do this with real keys. The /nix store is world-readable!
 76              presharedKeyFile = toString (pkgs.writeText "presharedKey" wg-snakeoil-keys.presharedKey);
 77
 78              inherit (wg-snakeoil-keys.peer0) publicKey;
 79            };
 80          };
 81        };
 82      };
 83    };
 84
 85    testScript = ''
 86      start_all()
 87
 88      peer0.systemctl("start network-online.target")
 89      peer0.wait_for_unit("network-online.target")
 90
 91      peer1.systemctl("start network-online.target")
 92      peer1.wait_for_unit("network-online.target")
 93
 94      peer1.succeed("ping -c5 fc00::1")
 95      peer1.succeed("ping -c5 10.23.42.1")
 96
 97      with subtest("Has PSK set"):
 98        peer0.succeed("wg | grep 'preshared key'")
 99        peer1.succeed("wg | grep 'preshared key'")
100    '';
101  }
102)