nixos/tests/wireguard/amneziawg-quick.nix at master · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / tests / wireguard / amneziawg-quick.nix
at master 2.5 kB view raw
  1{
  2  lib,
  3  kernelPackages ? null,
  4  nftables ? false,
  5  ...
  6}:
  7let
  8  wg-snakeoil-keys = import ./snakeoil-keys.nix;
  9  peer = import ./make-peer.nix;
 10  commonConfig =
 11    { pkgs, ... }:
 12    {
 13      boot.kernelPackages = lib.mkIf (kernelPackages != null) (kernelPackages pkgs);
 14      networking.nftables.enable = nftables;
 15      # Make sure iptables doesn't work with nftables enabled
 16      boot.blacklistedKernelModules = lib.mkIf nftables [ "nft_compat" ];
 17    };
 18  extraOptions = {
 19    Jc = 5;
 20    Jmin = 10;
 21    Jmax = 42;
 22    S1 = 60;
 23    S2 = 90;
 24  };
 25in
 26{
 27  name = "amneziawg-quick";
 28  meta.maintainers = with lib.maintainers; [
 29    averyanalex
 30    azahi
 31  ];
 32
 33  nodes = {
 34    peer0 = peer {
 35      ip4 = "192.168.0.1";
 36      ip6 = "fd00::1";
 37      extraConfig = {
 38        imports = [ commonConfig ];
 39
 40        networking.firewall.allowedUDPPorts = [ 23542 ];
 41        networking.wg-quick.interfaces.wg0 = {
 42          type = "amneziawg";
 43
 44          address = [
 45            "10.23.42.1/32"
 46            "fc00::1/128"
 47          ];
 48          listenPort = 23542;
 49
 50          inherit (wg-snakeoil-keys.peer0) privateKey;
 51
 52          peers = lib.singleton {
 53            allowedIPs = [
 54              "10.23.42.2/32"
 55              "fc00::2/128"
 56            ];
 57
 58            inherit (wg-snakeoil-keys.peer1) publicKey;
 59          };
 60
 61          dns = [
 62            "10.23.42.2"
 63            "fc00::2"
 64            "wg0"
 65          ];
 66
 67          inherit extraOptions;
 68        };
 69      };
 70    };
 71
 72    peer1 = peer {
 73      ip4 = "192.168.0.2";
 74      ip6 = "fd00::2";
 75      extraConfig = {
 76        imports = [ commonConfig ];
 77
 78        networking.useNetworkd = true;
 79        networking.wg-quick.interfaces.wg0 = {
 80          type = "amneziawg";
 81
 82          address = [
 83            "10.23.42.2/32"
 84            "fc00::2/128"
 85          ];
 86          inherit (wg-snakeoil-keys.peer1) privateKey;
 87
 88          peers = lib.singleton {
 89            allowedIPs = [
 90              "0.0.0.0/0"
 91              "::/0"
 92            ];
 93            endpoint = "192.168.0.1:23542";
 94            persistentKeepalive = 25;
 95
 96            inherit (wg-snakeoil-keys.peer0) publicKey;
 97          };
 98
 99          dns = [
100            "10.23.42.1"
101            "fc00::1"
102            "wg0"
103          ];
104
105          inherit extraOptions;
106        };
107      };
108    };
109  };
110
111  testScript = ''
112    start_all()
113
114    peer0.wait_for_unit("wg-quick-wg0.service")
115    peer1.wait_for_unit("wg-quick-wg0.service")
116
117    peer1.succeed("ping -c5 fc00::1")
118    peer1.succeed("ping -c5 10.23.42.1")
119  '';
120}