pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / tests / wireguard / wg-quick.nix
at master 2.2 kB view raw
1{ 2 lib, 3 kernelPackages ? null, 4 nftables ? false, 5 ... 6}: 7let 8 wg-snakeoil-keys = import ./snakeoil-keys.nix; 9 peer = import ./make-peer.nix; 10 commonConfig = 11 { pkgs, ... }: 12 { 13 boot.kernelPackages = lib.mkIf (kernelPackages != null) (kernelPackages pkgs); 14 networking.nftables.enable = nftables; 15 # Make sure iptables doesn't work with nftables enabled 16 boot.blacklistedKernelModules = lib.mkIf nftables [ "nft_compat" ]; 17 }; 18in 19{ 20 name = "wg-quick"; 21 22 nodes = { 23 peer0 = peer { 24 ip4 = "192.168.0.1"; 25 ip6 = "fd00::1"; 26 extraConfig = { 27 imports = [ commonConfig ]; 28 29 networking.firewall.allowedUDPPorts = [ 23542 ]; 30 networking.wg-quick.interfaces.wg0 = { 31 address = [ 32 "10.23.42.1/32" 33 "fc00::1/128" 34 ]; 35 listenPort = 23542; 36 37 inherit (wg-snakeoil-keys.peer0) privateKey; 38 39 peers = lib.singleton { 40 allowedIPs = [ 41 "10.23.42.2/32" 42 "fc00::2/128" 43 ]; 44 45 inherit (wg-snakeoil-keys.peer1) publicKey; 46 }; 47 48 dns = [ 49 "10.23.42.2" 50 "fc00::2" 51 "wg0" 52 ]; 53 }; 54 }; 55 }; 56 57 peer1 = peer { 58 ip4 = "192.168.0.2"; 59 ip6 = "fd00::2"; 60 extraConfig = { 61 imports = [ commonConfig ]; 62 63 networking.useNetworkd = true; 64 networking.wg-quick.interfaces.wg0 = { 65 address = [ 66 "10.23.42.2/32" 67 "fc00::2/128" 68 ]; 69 inherit (wg-snakeoil-keys.peer1) privateKey; 70 71 peers = lib.singleton { 72 allowedIPs = [ 73 "0.0.0.0/0" 74 "::/0" 75 ]; 76 endpoint = "192.168.0.1:23542"; 77 persistentKeepalive = 25; 78 79 inherit (wg-snakeoil-keys.peer0) publicKey; 80 }; 81 82 dns = [ 83 "10.23.42.1" 84 "fc00::1" 85 "wg0" 86 ]; 87 }; 88 }; 89 }; 90 }; 91 92 testScript = '' 93 start_all() 94 95 peer0.wait_for_unit("wg-quick-wg0.service") 96 peer1.wait_for_unit("wg-quick-wg0.service") 97 98 peer1.succeed("ping -c5 fc00::1") 99 peer1.succeed("ping -c5 10.23.42.1") 100 ''; 101}