pyrox.dev
1let
2 mkNode =
3 {
4 id,
5 wgPriv,
6 wgPeerPubKey,
7 wgPeerId,
8 }:
9 (
10 { pkgs, ... }:
11 {
12 imports = [ ../../modules/profiles/minimal.nix ];
13
14 virtualisation.interfaces.eth1.vlan = 1;
15
16 networking = {
17 firewall.interfaces.eth1.allowedUDPPorts = [ 51820 ];
18
19 ifstate = {
20 enable = true;
21 settings = {
22 namespaces.outside.interfaces.eth1 = {
23 addresses = [ "2001:0db8:a::${builtins.toString id}/64" ];
24 link = {
25 state = "up";
26 kind = "physical";
27 };
28 };
29 interfaces = {
30 wg0 = {
31 addresses = [ "2001:0db8:b::${builtins.toString id}/64" ];
32 link = {
33 state = "up";
34 kind = "wireguard";
35 bind_netns = "outside";
36 };
37 wireguard = {
38 private_key = "!include ${pkgs.writeText "wg_priv.key" wgPriv}";
39 listen_port = 51820;
40 peers."${wgPeerPubKey}" = {
41 endpoint = "[2001:0db8:a::${builtins.toString wgPeerId}]:51820";
42 allowedips = [ "::/0" ];
43 };
44 };
45 };
46 };
47 routing.routes = [
48 {
49 to = "2001:0db8:b::/64";
50 dev = "wg0";
51 }
52 ];
53 };
54 };
55 };
56 }
57 );
58in
59
60{
61 name = "ifstate-wireguard";
62
63 nodes = {
64 foo = mkNode {
65 id = 1;
66 wgPriv = "6KmLyTyrN9OZIOCkdpiAwoVoeSiwvyI+mtn1wooKSEU=";
67 wgPeerPubKey = "olFuE7u5pVwSeWLFtrXSvD8+aCDBiKNKCLjLb/dgXiA=";
68 wgPeerId = 2;
69 };
70 bar = mkNode {
71 id = 2;
72 wgPriv = "QN89cvFD0C8z1MSpUaJa1YBXt2MaIQegVkEYROi71Fg=";
73 wgPeerPubKey = "5qeKbAGc7wh9Xg0MoMXqXCSmp9TawmtI1bVk/vp3Cn4=";
74 wgPeerId = 1;
75 };
76 };
77
78 testScript = # python
79 ''
80 start_all()
81
82 foo.wait_for_unit("default.target")
83 bar.wait_for_unit("default.target")
84
85 foo.wait_until_succeeds("ping -c 1 2001:0db8:b::2")
86 bar.wait_until_succeeds("ping -c 1 2001:0db8:b::1")
87 '';
88}