diff options
| author | Lorenzo Manacorda <lorenzo@mailbox.org> | 2019-09-19 22:54:38 +0200 |
|---|---|---|
| committer | Lorenzo Manacorda <lorenzo@mailbox.org> | 2019-11-09 11:59:14 +0100 |
| commit | 412f6a967d0d545686e284bfb3fdfe6015eb8bb1 (patch) | |
| tree | 6263413597082ce7dc124c05e9348b4910e6f247 /nixos/tests/wireguard/namespaces.nix | |
| parent | b943338ea582aeb9b0a406d7fb75f3f62bc16a9d (diff) | |
| download | nixpkgs-412f6a967d0d545686e284bfb3fdfe6015eb8bb1.tar nixpkgs-412f6a967d0d545686e284bfb3fdfe6015eb8bb1.tar.gz nixpkgs-412f6a967d0d545686e284bfb3fdfe6015eb8bb1.tar.bz2 nixpkgs-412f6a967d0d545686e284bfb3fdfe6015eb8bb1.tar.lz nixpkgs-412f6a967d0d545686e284bfb3fdfe6015eb8bb1.tar.xz nixpkgs-412f6a967d0d545686e284bfb3fdfe6015eb8bb1.tar.zst nixpkgs-412f6a967d0d545686e284bfb3fdfe6015eb8bb1.zip | |
wireguard: add creation and destination namespaces
The two new options make it possible to create the interface in one namespace and move it to a different one, as explained at https://www.wireguard.com/netns/.
Diffstat (limited to 'nixos/tests/wireguard/namespaces.nix')
| -rw-r--r-- | nixos/tests/wireguard/namespaces.nix | 80 |
1 files changed, 80 insertions, 0 deletions
diff --git a/nixos/tests/wireguard/namespaces.nix b/nixos/tests/wireguard/namespaces.nix new file mode 100644 index 00000000000..94f993d9475 --- /dev/null +++ b/nixos/tests/wireguard/namespaces.nix @@ -0,0 +1,80 @@ +let + listenPort = 12345; + socketNamespace = "foo"; + interfaceNamespace = "bar"; + node = { + networking.wireguard.interfaces.wg0 = { + listenPort = listenPort; + ips = [ "10.10.10.1/24" ]; + privateKeyFile = "/etc/wireguard/private"; + generatePrivateKeyFile = true; + }; + }; + +in + +import ../make-test.nix ({ pkgs, ...} : { + name = "wireguard-with-namespaces"; + meta = with pkgs.stdenv.lib.maintainers; { + maintainers = [ asymmetric ]; + }; + + nodes = { + # interface should be created in the socketNamespace + # and not moved from there + peer0 = pkgs.lib.attrsets.recursiveUpdate node { + networking.wireguard.interfaces.wg0 = { + preSetup = '' + ip netns add ${socketNamespace} + ''; + inherit socketNamespace; + }; + }; + # interface should be created in the init namespace + # and moved to the interfaceNamespace + peer1 = pkgs.lib.attrsets.recursiveUpdate node { + networking.wireguard.interfaces.wg0 = { + preSetup = '' + ip netns add ${interfaceNamespace} + ''; + inherit interfaceNamespace; + }; + }; + # interface should be created in the socketNamespace + # and moved to the interfaceNamespace + peer2 = pkgs.lib.attrsets.recursiveUpdate node { + networking.wireguard.interfaces.wg0 = { + preSetup = '' + ip netns add ${socketNamespace} + ip netns add ${interfaceNamespace} + ''; + inherit socketNamespace interfaceNamespace; + }; + }; + # interface should be created in the socketNamespace + # and moved to the init namespace + peer3 = pkgs.lib.attrsets.recursiveUpdate node { + networking.wireguard.interfaces.wg0 = { + preSetup = '' + ip netns add ${socketNamespace} + ''; + inherit socketNamespace; + interfaceNamespace = "init"; + }; + }; + }; + + testScript = '' + startAll(); + + $peer0->waitForUnit("wireguard-wg0.service"); + $peer1->waitForUnit("wireguard-wg0.service"); + $peer2->waitForUnit("wireguard-wg0.service"); + $peer3->waitForUnit("wireguard-wg0.service"); + + $peer0->succeed("ip -n ${socketNamespace} link show wg0"); + $peer1->succeed("ip -n ${interfaceNamespace} link show wg0"); + $peer2->succeed("ip -n ${interfaceNamespace} link show wg0"); + $peer3->succeed("ip link show wg0"); + ''; +}) |