pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / tests / wireguard / basic.nix
at master 2.3 kB view raw
1{ 2 lib, 3 kernelPackages ? null, 4 ... 5}: 6let 7 wg-snakeoil-keys = import ./snakeoil-keys.nix; 8 peer = import ./make-peer.nix; 9in 10{ 11 name = "wireguard"; 12 meta.maintainers = with lib.maintainers; [ ma27 ]; 13 14 nodes = { 15 peer0 = peer { 16 ip4 = "192.168.0.1"; 17 ip6 = "fd00::1"; 18 extraConfig = 19 { lib, pkgs, ... }: 20 { 21 boot.kernelPackages = lib.mkIf (kernelPackages != null) (kernelPackages pkgs); 22 networking.firewall.allowedUDPPorts = [ 23542 ]; 23 networking.wireguard.interfaces.wg0 = { 24 ips = [ 25 "10.23.42.1/32" 26 "fc00::1/128" 27 ]; 28 listenPort = 23542; 29 30 inherit (wg-snakeoil-keys.peer0) privateKey; 31 32 peers = lib.singleton { 33 allowedIPs = [ 34 "10.23.42.2/32" 35 "fc00::2/128" 36 ]; 37 38 inherit (wg-snakeoil-keys.peer1) publicKey; 39 }; 40 }; 41 }; 42 }; 43 44 peer1 = peer { 45 ip4 = "192.168.0.2"; 46 ip6 = "fd00::2"; 47 extraConfig = 48 { lib, pkgs, ... }: 49 { 50 boot.kernelPackages = lib.mkIf (kernelPackages != null) (kernelPackages pkgs); 51 networking.wireguard.interfaces.wg0 = { 52 ips = [ 53 "10.23.42.2/32" 54 "fc00::2/128" 55 ]; 56 listenPort = 23542; 57 allowedIPsAsRoutes = false; 58 59 inherit (wg-snakeoil-keys.peer1) privateKey; 60 61 peers = lib.singleton { 62 allowedIPs = [ 63 "0.0.0.0/0" 64 "::/0" 65 ]; 66 endpoint = "192.168.0.1:23542"; 67 persistentKeepalive = 25; 68 69 inherit (wg-snakeoil-keys.peer0) publicKey; 70 }; 71 72 postSetup = 73 let 74 ip = lib.getExe' pkgs.iproute2 "ip"; 75 in 76 '' 77 ${ip} route replace 10.23.42.1/32 dev wg0 78 ${ip} route replace fc00::1/128 dev wg0 79 ''; 80 }; 81 }; 82 }; 83 }; 84 85 testScript = '' 86 start_all() 87 88 peer0.wait_for_unit("wireguard-wg0.service") 89 peer1.wait_for_unit("wireguard-wg0.service") 90 91 peer1.succeed("ping -c5 fc00::1") 92 peer1.succeed("ping -c5 10.23.42.1") 93 ''; 94}