nixos/tests/wireguard/namespaces.nix at master · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / tests / wireguard / namespaces.nix
at master 2.8 kB view raw
 1{
 2  lib,
 3  kernelPackages ? null,
 4  ...
 5}:
 6let
 7  listenPort = 12345;
 8  socketNamespace = "foo";
 9  interfaceNamespace = "bar";
10  node = {
11    networking.wireguard.interfaces.wg0 = {
12      listenPort = listenPort;
13      ips = [ "10.10.10.1/24" ];
14      privateKeyFile = "/etc/wireguard/private";
15      generatePrivateKeyFile = true;
16    };
17  };
18in
19{
20  name = "wireguard-with-namespaces";
21  meta.maintainers = with lib.maintainers; [ asymmetric ];
22
23  nodes = {
24    # interface should be created in the socketNamespace
25    # and not moved from there
26    peer0 =
27      { lib, pkgs, ... }:
28      lib.attrsets.recursiveUpdate node {
29        boot.kernelPackages = lib.mkIf (kernelPackages != null) (kernelPackages pkgs);
30        networking.wireguard.interfaces.wg0 = {
31          preSetup = ''
32            ip netns add ${socketNamespace}
33          '';
34          inherit socketNamespace;
35        };
36      };
37    # interface should be created in the init namespace
38    # and moved to the interfaceNamespace
39    peer1 =
40      { lib, pkgs, ... }:
41      lib.attrsets.recursiveUpdate node {
42        boot.kernelPackages = lib.mkIf (kernelPackages != null) (kernelPackages pkgs);
43        networking.wireguard.interfaces.wg0 = {
44          preSetup = ''
45            ip netns add ${interfaceNamespace}
46          '';
47          mtu = 1280;
48          inherit interfaceNamespace;
49        };
50      };
51    # interface should be created in the socketNamespace
52    # and moved to the interfaceNamespace
53    peer2 =
54      { lib, pkgs, ... }:
55      lib.attrsets.recursiveUpdate node {
56        boot.kernelPackages = lib.mkIf (kernelPackages != null) (kernelPackages pkgs);
57        networking.wireguard.interfaces.wg0 = {
58          preSetup = ''
59            ip netns add ${socketNamespace}
60            ip netns add ${interfaceNamespace}
61          '';
62          inherit socketNamespace interfaceNamespace;
63        };
64      };
65    # interface should be created in the socketNamespace
66    # and moved to the init namespace
67    peer3 =
68      { lib, pkgs, ... }:
69      lib.attrsets.recursiveUpdate node {
70        boot.kernelPackages = lib.mkIf (kernelPackages != null) (kernelPackages pkgs);
71        networking.wireguard.interfaces.wg0 = {
72          preSetup = ''
73            ip netns add ${socketNamespace}
74          '';
75          inherit socketNamespace;
76          interfaceNamespace = "init";
77        };
78      };
79  };
80
81  testScript = ''
82    start_all()
83
84    for machine in peer0, peer1, peer2, peer3:
85        machine.wait_for_unit("wireguard-wg0.service")
86
87    peer0.succeed("ip -n ${socketNamespace} link show wg0")
88    peer1.succeed("ip -n ${interfaceNamespace} link show wg0")
89    peer2.succeed("ip -n ${interfaceNamespace} link show wg0")
90    peer3.succeed("ip link show wg0")
91  '';
92}