pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / tests / wireguard / generated.nix
at master 2.1 kB view raw
1{ 2 lib, 3 kernelPackages ? null, 4 ... 5}: 6{ 7 name = "wireguard-generated"; 8 meta.maintainers = with lib.maintainers; [ 9 ma27 10 grahamc 11 ]; 12 13 nodes = { 14 peer1 = 15 { lib, pkgs, ... }: 16 { 17 boot.kernelPackages = lib.mkIf (kernelPackages != null) (kernelPackages pkgs); 18 networking.firewall.allowedUDPPorts = [ 12345 ]; 19 networking.wireguard.interfaces.wg0 = { 20 ips = [ "10.10.10.1/24" ]; 21 listenPort = 12345; 22 privateKeyFile = "/etc/wireguard/private"; 23 generatePrivateKeyFile = true; 24 25 }; 26 }; 27 28 peer2 = 29 { lib, pkgs, ... }: 30 { 31 boot.kernelPackages = lib.mkIf (kernelPackages != null) (kernelPackages pkgs); 32 networking.firewall.allowedUDPPorts = [ 12345 ]; 33 networking.wireguard.interfaces.wg0 = { 34 ips = [ "10.10.10.2/24" ]; 35 listenPort = 12345; 36 privateKeyFile = "/etc/wireguard/private"; 37 generatePrivateKeyFile = true; 38 }; 39 }; 40 }; 41 42 testScript = '' 43 start_all() 44 45 peer1.wait_for_unit("wireguard-wg0.service") 46 peer2.wait_for_unit("wireguard-wg0.service") 47 48 retcode, peer1pubkey = peer1.execute("wg pubkey < /etc/wireguard/private") 49 if retcode != 0: 50 raise Exception("Could not read public key from peer1") 51 52 retcode, peer2pubkey = peer2.execute("wg pubkey < /etc/wireguard/private") 53 if retcode != 0: 54 raise Exception("Could not read public key from peer2") 55 56 peer1.succeed( 57 "wg set wg0 peer {} allowed-ips 10.10.10.2/32 endpoint 192.168.1.2:12345 persistent-keepalive 1".format( 58 peer2pubkey.strip() 59 ) 60 ) 61 peer1.succeed("ip route replace 10.10.10.2/32 dev wg0 table main") 62 63 peer2.succeed( 64 "wg set wg0 peer {} allowed-ips 10.10.10.1/32 endpoint 192.168.1.1:12345 persistent-keepalive 1".format( 65 peer1pubkey.strip() 66 ) 67 ) 68 peer2.succeed("ip route replace 10.10.10.1/32 dev wg0 table main") 69 70 peer1.succeed("ping -c1 10.10.10.2") 71 peer2.succeed("ping -c1 10.10.10.1") 72 ''; 73}