pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / tests / wireguard / networkd.nix
at master 3.0 kB view raw
1{ 2 lib, 3 kernelPackages ? null, 4 ... 5}: 6let 7 wg-snakeoil-keys = import ./snakeoil-keys.nix; 8 peer = import ./make-peer.nix; 9in 10{ 11 name = "wireguard-networkd"; 12 meta.maintainers = with lib.maintainers; [ majiir ]; 13 14 nodes = { 15 peer0 = peer { 16 ip4 = "192.168.0.1"; 17 ip6 = "fd00::1"; 18 extraConfig = 19 { lib, pkgs, ... }: 20 { 21 boot.kernelPackages = lib.mkIf (kernelPackages != null) (kernelPackages pkgs); 22 networking.firewall.allowedUDPPorts = [ 23542 ]; 23 networking.wireguard.useNetworkd = true; 24 networking.wireguard.interfaces.wg0 = { 25 ips = [ 26 "10.23.42.1/32" 27 "fc00::1/128" 28 ]; 29 listenPort = 23542; 30 31 # !!! Don't do this with real keys. The /nix store is world-readable! 32 privateKeyFile = toString (pkgs.writeText "privateKey" wg-snakeoil-keys.peer0.privateKey); 33 34 peers = lib.singleton { 35 allowedIPs = [ 36 "10.23.42.2/32" 37 "fc00::2/128" 38 ]; 39 40 # !!! Don't do this with real keys. The /nix store is world-readable! 41 presharedKeyFile = toString (pkgs.writeText "presharedKey" wg-snakeoil-keys.presharedKey); 42 43 inherit (wg-snakeoil-keys.peer1) publicKey; 44 }; 45 }; 46 }; 47 }; 48 49 peer1 = peer { 50 ip4 = "192.168.0.2"; 51 ip6 = "fd00::2"; 52 extraConfig = 53 { lib, pkgs, ... }: 54 { 55 boot.kernelPackages = lib.mkIf (kernelPackages != null) (kernelPackages pkgs); 56 networking.wireguard.useNetworkd = true; 57 networking.wireguard.interfaces.wg0 = { 58 ips = [ 59 "10.23.42.2/32" 60 "fc00::2/128" 61 ]; 62 listenPort = 23542; 63 64 # !!! Don't do this with real keys. The /nix store is world-readable! 65 privateKeyFile = toString (pkgs.writeText "privateKey" wg-snakeoil-keys.peer1.privateKey); 66 67 peers = lib.singleton { 68 allowedIPs = [ 69 "0.0.0.0/0" 70 "::/0" 71 ]; 72 endpoint = "192.168.0.1:23542"; 73 persistentKeepalive = 25; 74 75 # !!! Don't do this with real keys. The /nix store is world-readable! 76 presharedKeyFile = toString (pkgs.writeText "presharedKey" wg-snakeoil-keys.presharedKey); 77 78 inherit (wg-snakeoil-keys.peer0) publicKey; 79 }; 80 }; 81 }; 82 }; 83 }; 84 85 testScript = '' 86 start_all() 87 88 peer0.systemctl("start network-online.target") 89 peer0.wait_for_unit("network-online.target") 90 91 peer1.systemctl("start network-online.target") 92 peer1.wait_for_unit("network-online.target") 93 94 peer1.succeed("ping -c5 fc00::1") 95 peer1.succeed("ping -c5 10.23.42.1") 96 97 with subtest("Has PSK set"): 98 peer0.succeed("wg | grep 'preshared key'") 99 peer1.succeed("wg | grep 'preshared key'") 100 ''; 101}