diff options
author | Maximilian Bosch <maximilian@mbosch.me> | 2020-03-28 16:26:43 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-03-28 16:26:43 +0100 |
commit | 63e81053b0e5de72d7e5b18491992e4ce19b58b8 (patch) | |
tree | bea7baa3538a05d80476ba257306725d2d2d1575 /nixos/tests | |
parent | c7ec02588859ee6ece973efc3c15fa3081e2d1be (diff) | |
parent | c9a3e1f99c0de9acf30ad01eefba4eea559c7434 (diff) | |
download | nixpkgs-63e81053b0e5de72d7e5b18491992e4ce19b58b8.tar nixpkgs-63e81053b0e5de72d7e5b18491992e4ce19b58b8.tar.gz nixpkgs-63e81053b0e5de72d7e5b18491992e4ce19b58b8.tar.bz2 nixpkgs-63e81053b0e5de72d7e5b18491992e4ce19b58b8.tar.lz nixpkgs-63e81053b0e5de72d7e5b18491992e4ce19b58b8.tar.xz nixpkgs-63e81053b0e5de72d7e5b18491992e4ce19b58b8.tar.zst nixpkgs-63e81053b0e5de72d7e5b18491992e4ce19b58b8.zip |
Merge pull request #74504 from xwvvvvwx/wg-quick-tests
tests/wireguard: init wg-quick
Diffstat (limited to 'nixos/tests')
-rw-r--r-- | nixos/tests/all-tests.nix | 1 | ||||
-rw-r--r-- | nixos/tests/wireguard/default.nix | 142 | ||||
-rw-r--r-- | nixos/tests/wireguard/make-peer.nix | 23 | ||||
-rw-r--r-- | nixos/tests/wireguard/wg-quick.nix | 63 |
4 files changed, 145 insertions, 84 deletions
diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index 211fa0ceb28..b62a3e260aa 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -309,6 +309,7 @@ in vault = handleTest ./vault.nix {}; victoriametrics = handleTest ./victoriametrics.nix {}; virtualbox = handleTestOn ["x86_64-linux"] ./virtualbox.nix {}; + wg-quick = handleTest ./wireguard/wg-quick.nix {}; wireguard = handleTest ./wireguard {}; wireguard-generated = handleTest ./wireguard/generated.nix {}; wireguard-namespaces = handleTest ./wireguard/namespaces.nix {}; diff --git a/nixos/tests/wireguard/default.nix b/nixos/tests/wireguard/default.nix index 8206823a918..e3bc31c600f 100644 --- a/nixos/tests/wireguard/default.nix +++ b/nixos/tests/wireguard/default.nix @@ -1,97 +1,71 @@ -let - wg-snakeoil-keys = import ./snakeoil-keys.nix; -in - -import ../make-test-python.nix ({ pkgs, ...} : { - name = "wireguard"; - meta = with pkgs.stdenv.lib.maintainers; { - maintainers = [ ma27 ]; - }; - - nodes = { - peer0 = { lib, ... }: { - boot.kernel.sysctl = { - "net.ipv6.conf.all.forwarding" = "1"; - "net.ipv6.conf.default.forwarding" = "1"; - "net.ipv4.ip_forward" = "1"; - }; - - networking.useDHCP = false; - networking.interfaces.eth1 = { - ipv4.addresses = lib.singleton { - address = "192.168.0.1"; - prefixLength = 24; - }; - ipv6.addresses = lib.singleton { - address = "fd00::1"; - prefixLength = 64; - }; - }; +import ../make-test-python.nix ({ pkgs, lib, ...} : + let + wg-snakeoil-keys = import ./snakeoil-keys.nix; + peer = (import ./make-peer.nix) { inherit lib; }; + in + { + name = "wireguard"; + meta = with pkgs.stdenv.lib.maintainers; { + maintainers = [ ma27 ]; + }; - networking.firewall.allowedUDPPorts = [ 23542 ]; - networking.wireguard.interfaces.wg0 = { - ips = [ "10.23.42.1/32" "fc00::1/128" ]; - listenPort = 23542; + nodes = { + peer0 = peer { + ip4 = "192.168.0.1"; + ip6 = "fd00::1"; + extraConfig = { + networking.firewall.allowedUDPPorts = [ 23542 ]; + networking.wireguard.interfaces.wg0 = { + ips = [ "10.23.42.1/32" "fc00::1/128" ]; + listenPort = 23542; - inherit (wg-snakeoil-keys.peer0) privateKey; + inherit (wg-snakeoil-keys.peer0) privateKey; - peers = lib.singleton { - allowedIPs = [ "10.23.42.2/32" "fc00::2/128" ]; + peers = lib.singleton { + allowedIPs = [ "10.23.42.2/32" "fc00::2/128" ]; - inherit (wg-snakeoil-keys.peer1) publicKey; + inherit (wg-snakeoil-keys.peer1) publicKey; + }; + }; }; }; - }; - peer1 = { pkgs, lib, ... }: { - boot.kernel.sysctl = { - "net.ipv6.conf.all.forwarding" = "1"; - "net.ipv6.conf.default.forwarding" = "1"; - "net.ipv4.ip_forward" = "1"; - }; - - networking.useDHCP = false; - networking.interfaces.eth1 = { - ipv4.addresses = lib.singleton { - address = "192.168.0.2"; - prefixLength = 24; - }; - ipv6.addresses = lib.singleton { - address = "fd00::2"; - prefixLength = 64; + peer1 = peer { + ip4 = "192.168.0.2"; + ip6 = "fd00::2"; + extraConfig = { + networking.wireguard.interfaces.wg0 = { + ips = [ "10.23.42.2/32" "fc00::2/128" ]; + listenPort = 23542; + allowedIPsAsRoutes = false; + + inherit (wg-snakeoil-keys.peer1) privateKey; + + peers = lib.singleton { + allowedIPs = [ "0.0.0.0/0" "::/0" ]; + endpoint = "192.168.0.1:23542"; + persistentKeepalive = 25; + + inherit (wg-snakeoil-keys.peer0) publicKey; + }; + + postSetup = let inherit (pkgs) iproute; in '' + ${iproute}/bin/ip route replace 10.23.42.1/32 dev wg0 + ${iproute}/bin/ip route replace fc00::1/128 dev wg0 + ''; + }; }; }; - - networking.wireguard.interfaces.wg0 = { - ips = [ "10.23.42.2/32" "fc00::2/128" ]; - listenPort = 23542; - allowedIPsAsRoutes = false; - - inherit (wg-snakeoil-keys.peer1) privateKey; - - peers = lib.singleton { - allowedIPs = [ "0.0.0.0/0" "::/0" ]; - endpoint = "192.168.0.1:23542"; - persistentKeepalive = 25; - - inherit (wg-snakeoil-keys.peer0) publicKey; - }; - - postSetup = let inherit (pkgs) iproute; in '' - ${iproute}/bin/ip route replace 10.23.42.1/32 dev wg0 - ${iproute}/bin/ip route replace fc00::1/128 dev wg0 - ''; - }; }; - }; - testScript = '' - start_all() + testScript = '' + start_all() - peer0.wait_for_unit("wireguard-wg0.service") - peer1.wait_for_unit("wireguard-wg0.service") + peer0.wait_for_unit("wireguard-wg0.service") + peer1.wait_for_unit("wireguard-wg0.service") - peer1.succeed("ping -c5 fc00::1") - peer1.succeed("ping -c5 10.23.42.1") - ''; -}) + peer1.succeed("ping -c5 fc00::1") + peer1.succeed("ping -c5 10.23.42.1") + ''; + } +) diff --git a/nixos/tests/wireguard/make-peer.nix b/nixos/tests/wireguard/make-peer.nix new file mode 100644 index 00000000000..d2740549738 --- /dev/null +++ b/nixos/tests/wireguard/make-peer.nix @@ -0,0 +1,23 @@ +{ lib, ... }: { ip4, ip6, extraConfig }: +lib.mkMerge [ + { + boot.kernel.sysctl = { + "net.ipv6.conf.all.forwarding" = "1"; + "net.ipv6.conf.default.forwarding" = "1"; + "net.ipv4.ip_forward" = "1"; + }; + + networking.useDHCP = false; + networking.interfaces.eth1 = { + ipv4.addresses = [{ + address = ip4; + prefixLength = 24; + }]; + ipv6.addresses = [{ + address = ip6; + prefixLength = 64; + }]; + }; + } + extraConfig +] diff --git a/nixos/tests/wireguard/wg-quick.nix b/nixos/tests/wireguard/wg-quick.nix new file mode 100644 index 00000000000..7354dd01a34 --- /dev/null +++ b/nixos/tests/wireguard/wg-quick.nix @@ -0,0 +1,63 @@ +import ../make-test-python.nix ({ pkgs, lib, ... }: + let + wg-snakeoil-keys = import ./snakeoil-keys.nix; + peer = (import ./make-peer.nix) { inherit lib; }; + in + { + name = "wg-quick"; + meta = with pkgs.stdenv.lib.maintainers; { + maintainers = [ xwvvvvwx ]; + }; + + nodes = { + peer0 = peer { + ip4 = "192.168.0.1"; + ip6 = "fd00::1"; + extraConfig = { + networking.firewall.allowedUDPPorts = [ 23542 ]; + networking.wg-quick.interfaces.wg0 = { + address = [ "10.23.42.1/32" "fc00::1/128" ]; + listenPort = 23542; + + inherit (wg-snakeoil-keys.peer0) privateKey; + + peers = lib.singleton { + allowedIPs = [ "10.23.42.2/32" "fc00::2/128" ]; + + inherit (wg-snakeoil-keys.peer1) publicKey; + }; + }; + }; + }; + + peer1 = peer { + ip4 = "192.168.0.2"; + ip6 = "fd00::2"; + extraConfig = { + networking.wg-quick.interfaces.wg0 = { + address = [ "10.23.42.2/32" "fc00::2/128" ]; + inherit (wg-snakeoil-keys.peer1) privateKey; + + peers = lib.singleton { + allowedIPs = [ "0.0.0.0/0" "::/0" ]; + endpoint = "192.168.0.1:23542"; + persistentKeepalive = 25; + + inherit (wg-snakeoil-keys.peer0) publicKey; + }; + }; + }; + }; + }; + + testScript = '' + start_all() + + peer0.wait_for_unit("wg-quick-wg0.service") + peer1.wait_for_unit("wg-quick-wg0.service") + + peer1.succeed("ping -c5 fc00::1") + peer1.succeed("ping -c5 10.23.42.1") + ''; + } +) |