nixos/tests/wireguard/amneziawg.nix at master · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / tests / wireguard / amneziawg.nix
at master 2.5 kB view raw
  1{
  2  lib,
  3  kernelPackages ? null,
  4  ...
  5}:
  6let
  7  wg-snakeoil-keys = import ./snakeoil-keys.nix;
  8  peer = import ./make-peer.nix;
  9  extraOptions = {
 10    Jc = 5;
 11    Jmin = 10;
 12    Jmax = 42;
 13    S1 = 60;
 14    S2 = 90;
 15  };
 16in
 17{
 18  name = "amneziawg";
 19  meta.maintainers = with lib.maintainers; [
 20    averyanalex
 21    azahi
 22  ];
 23
 24  nodes = {
 25    peer0 = peer {
 26      ip4 = "192.168.0.1";
 27      ip6 = "fd00::1";
 28      extraConfig =
 29        { lib, pkgs, ... }:
 30        {
 31          boot.kernelPackages = lib.mkIf (kernelPackages != null) (kernelPackages pkgs);
 32          networking.firewall.allowedUDPPorts = [ 23542 ];
 33          networking.wireguard.interfaces.wg0 = {
 34            type = "amneziawg";
 35            ips = [
 36              "10.23.42.1/32"
 37              "fc00::1/128"
 38            ];
 39            listenPort = 23542;
 40
 41            inherit (wg-snakeoil-keys.peer0) privateKey;
 42
 43            peers = lib.singleton {
 44              allowedIPs = [
 45                "10.23.42.2/32"
 46                "fc00::2/128"
 47              ];
 48
 49              inherit (wg-snakeoil-keys.peer1) publicKey;
 50            };
 51
 52            inherit extraOptions;
 53          };
 54        };
 55    };
 56
 57    peer1 = peer {
 58      ip4 = "192.168.0.2";
 59      ip6 = "fd00::2";
 60      extraConfig =
 61        { lib, pkgs, ... }:
 62        {
 63          boot.kernelPackages = lib.mkIf (kernelPackages != null) (kernelPackages pkgs);
 64          networking.wireguard.interfaces.wg0 = {
 65            type = "amneziawg";
 66            ips = [
 67              "10.23.42.2/32"
 68              "fc00::2/128"
 69            ];
 70            listenPort = 23542;
 71            allowedIPsAsRoutes = false;
 72
 73            inherit (wg-snakeoil-keys.peer1) privateKey;
 74
 75            peers = lib.singleton {
 76              allowedIPs = [
 77                "0.0.0.0/0"
 78                "::/0"
 79              ];
 80              endpoint = "192.168.0.1:23542";
 81              persistentKeepalive = 25;
 82
 83              inherit (wg-snakeoil-keys.peer0) publicKey;
 84            };
 85
 86            postSetup =
 87              let
 88                ip = lib.getExe' pkgs.iproute2 "ip";
 89              in
 90              ''
 91                ${ip} route replace 10.23.42.1/32 dev wg0
 92                ${ip} route replace fc00::1/128 dev wg0
 93              '';
 94
 95            inherit extraOptions;
 96          };
 97        };
 98    };
 99  };
100
101  testScript = ''
102    start_all()
103
104    peer0.wait_for_unit("wireguard-wg0.service")
105    peer1.wait_for_unit("wireguard-wg0.service")
106
107    peer1.succeed("ping -c5 fc00::1")
108    peer1.succeed("ping -c5 10.23.42.1")
109  '';
110}