pyrox.dev
1import ../make-test-python.nix (
2 {
3 pkgs,
4 lib,
5 kernelPackages ? null,
6 nftables ? false,
7 ...
8 }:
9 let
10 wg-snakeoil-keys = import ./snakeoil-keys.nix;
11 peer = import ./make-peer.nix { inherit lib; };
12 commonConfig = {
13 boot.kernelPackages = lib.mkIf (kernelPackages != null) kernelPackages;
14 networking.nftables.enable = nftables;
15 # Make sure iptables doesn't work with nftables enabled
16 boot.blacklistedKernelModules = lib.mkIf nftables [ "nft_compat" ];
17 };
18 in
19 {
20 name = "wg-quick";
21 meta = with pkgs.lib.maintainers; {
22 maintainers = [ d-xo ];
23 };
24
25 nodes = {
26 peer0 = peer {
27 ip4 = "192.168.0.1";
28 ip6 = "fd00::1";
29 extraConfig = lib.mkMerge [
30 commonConfig
31 {
32 networking.firewall.allowedUDPPorts = [ 23542 ];
33 networking.wg-quick.interfaces.wg0 = {
34 address = [
35 "10.23.42.1/32"
36 "fc00::1/128"
37 ];
38 listenPort = 23542;
39
40 inherit (wg-snakeoil-keys.peer0) privateKey;
41
42 peers = lib.singleton {
43 allowedIPs = [
44 "10.23.42.2/32"
45 "fc00::2/128"
46 ];
47
48 inherit (wg-snakeoil-keys.peer1) publicKey;
49 };
50
51 dns = [
52 "10.23.42.2"
53 "fc00::2"
54 "wg0"
55 ];
56 };
57 }
58 ];
59 };
60
61 peer1 = peer {
62 ip4 = "192.168.0.2";
63 ip6 = "fd00::2";
64 extraConfig = lib.mkMerge [
65 commonConfig
66 {
67 networking.useNetworkd = true;
68 networking.wg-quick.interfaces.wg0 = {
69 address = [
70 "10.23.42.2/32"
71 "fc00::2/128"
72 ];
73 inherit (wg-snakeoil-keys.peer1) privateKey;
74
75 peers = lib.singleton {
76 allowedIPs = [
77 "0.0.0.0/0"
78 "::/0"
79 ];
80 endpoint = "192.168.0.1:23542";
81 persistentKeepalive = 25;
82
83 inherit (wg-snakeoil-keys.peer0) publicKey;
84 };
85
86 dns = [
87 "10.23.42.1"
88 "fc00::1"
89 "wg0"
90 ];
91 };
92 }
93 ];
94 };
95 };
96
97 testScript = ''
98 start_all()
99
100 peer0.wait_for_unit("wg-quick-wg0.service")
101 peer1.wait_for_unit("wg-quick-wg0.service")
102
103 peer1.succeed("ping -c5 fc00::1")
104 peer1.succeed("ping -c5 10.23.42.1")
105 '';
106 }
107)