summary refs log tree commit diff
path: root/nixos/tests/wireguard
diff options
context:
space:
mode:
Diffstat (limited to 'nixos/tests/wireguard')
-rw-r--r--nixos/tests/wireguard/default.nix142
-rw-r--r--nixos/tests/wireguard/make-peer.nix23
-rw-r--r--nixos/tests/wireguard/wg-quick.nix63
3 files changed, 144 insertions, 84 deletions
diff --git a/nixos/tests/wireguard/default.nix b/nixos/tests/wireguard/default.nix
index 8206823a918..e3bc31c600f 100644
--- a/nixos/tests/wireguard/default.nix
+++ b/nixos/tests/wireguard/default.nix
@@ -1,97 +1,71 @@
-let
-  wg-snakeoil-keys = import ./snakeoil-keys.nix;
-in
-
-import ../make-test-python.nix ({ pkgs, ...} : {
-  name = "wireguard";
-  meta = with pkgs.stdenv.lib.maintainers; {
-    maintainers = [ ma27 ];
-  };
-
-  nodes = {
-    peer0 = { lib, ... }: {
-      boot.kernel.sysctl = {
-        "net.ipv6.conf.all.forwarding" = "1";
-        "net.ipv6.conf.default.forwarding" = "1";
-        "net.ipv4.ip_forward" = "1";
-      };
-
-      networking.useDHCP = false;
-      networking.interfaces.eth1 = {
-        ipv4.addresses = lib.singleton {
-          address = "192.168.0.1";
-          prefixLength = 24;
-        };
-        ipv6.addresses = lib.singleton {
-          address = "fd00::1";
-          prefixLength = 64;
-        };
-      };
+import ../make-test-python.nix ({ pkgs, lib, ...} :
+  let
+    wg-snakeoil-keys = import ./snakeoil-keys.nix;
+    peer = (import ./make-peer.nix) { inherit lib; };
+  in
+  {
+    name = "wireguard";
+    meta = with pkgs.stdenv.lib.maintainers; {
+      maintainers = [ ma27 ];
+    };
 
-      networking.firewall.allowedUDPPorts = [ 23542 ];
-      networking.wireguard.interfaces.wg0 = {
-        ips = [ "10.23.42.1/32" "fc00::1/128" ];
-        listenPort = 23542;
+    nodes = {
+      peer0 = peer {
+        ip4 = "192.168.0.1";
+        ip6 = "fd00::1";
+        extraConfig = {
+          networking.firewall.allowedUDPPorts = [ 23542 ];
+          networking.wireguard.interfaces.wg0 = {
+            ips = [ "10.23.42.1/32" "fc00::1/128" ];
+            listenPort = 23542;
 
-        inherit (wg-snakeoil-keys.peer0) privateKey;
+            inherit (wg-snakeoil-keys.peer0) privateKey;
 
-        peers = lib.singleton {
-          allowedIPs = [ "10.23.42.2/32" "fc00::2/128" ];
+            peers = lib.singleton {
+              allowedIPs = [ "10.23.42.2/32" "fc00::2/128" ];
 
-          inherit (wg-snakeoil-keys.peer1) publicKey;
+              inherit (wg-snakeoil-keys.peer1) publicKey;
+            };
+          };
         };
       };
-    };
 
-    peer1 = { pkgs, lib, ... }: {
-      boot.kernel.sysctl = {
-        "net.ipv6.conf.all.forwarding" = "1";
-        "net.ipv6.conf.default.forwarding" = "1";
-        "net.ipv4.ip_forward" = "1";
-      };
-
-      networking.useDHCP = false;
-      networking.interfaces.eth1 = {
-        ipv4.addresses = lib.singleton {
-          address = "192.168.0.2";
-          prefixLength = 24;
-        };
-        ipv6.addresses = lib.singleton {
-          address = "fd00::2";
-          prefixLength = 64;
+      peer1 = peer {
+        ip4 = "192.168.0.2";
+        ip6 = "fd00::2";
+        extraConfig = {
+          networking.wireguard.interfaces.wg0 = {
+            ips = [ "10.23.42.2/32" "fc00::2/128" ];
+            listenPort = 23542;
+            allowedIPsAsRoutes = false;
+
+            inherit (wg-snakeoil-keys.peer1) privateKey;
+
+            peers = lib.singleton {
+              allowedIPs = [ "0.0.0.0/0" "::/0" ];
+              endpoint = "192.168.0.1:23542";
+              persistentKeepalive = 25;
+
+              inherit (wg-snakeoil-keys.peer0) publicKey;
+            };
+
+            postSetup = let inherit (pkgs) iproute; in ''
+              ${iproute}/bin/ip route replace 10.23.42.1/32 dev wg0
+              ${iproute}/bin/ip route replace fc00::1/128 dev wg0
+            '';
+          };
         };
       };
-
-      networking.wireguard.interfaces.wg0 = {
-        ips = [ "10.23.42.2/32" "fc00::2/128" ];
-        listenPort = 23542;
-        allowedIPsAsRoutes = false;
-
-        inherit (wg-snakeoil-keys.peer1) privateKey;
-
-        peers = lib.singleton {
-          allowedIPs = [ "0.0.0.0/0" "::/0" ];
-          endpoint = "192.168.0.1:23542";
-          persistentKeepalive = 25;
-
-          inherit (wg-snakeoil-keys.peer0) publicKey;
-        };
-
-        postSetup = let inherit (pkgs) iproute; in ''
-          ${iproute}/bin/ip route replace 10.23.42.1/32 dev wg0
-          ${iproute}/bin/ip route replace fc00::1/128 dev wg0
-        '';
-      };
     };
-  };
 
-  testScript = ''
-    start_all()
+    testScript = ''
+      start_all()
 
-    peer0.wait_for_unit("wireguard-wg0.service")
-    peer1.wait_for_unit("wireguard-wg0.service")
+      peer0.wait_for_unit("wireguard-wg0.service")
+      peer1.wait_for_unit("wireguard-wg0.service")
 
-    peer1.succeed("ping -c5 fc00::1")
-    peer1.succeed("ping -c5 10.23.42.1")
-  '';
-})
+      peer1.succeed("ping -c5 fc00::1")
+      peer1.succeed("ping -c5 10.23.42.1")
+    '';
+  }
+)
diff --git a/nixos/tests/wireguard/make-peer.nix b/nixos/tests/wireguard/make-peer.nix
new file mode 100644
index 00000000000..d2740549738
--- /dev/null
+++ b/nixos/tests/wireguard/make-peer.nix
@@ -0,0 +1,23 @@
+{ lib, ... }: { ip4, ip6, extraConfig }:
+lib.mkMerge [
+  {
+    boot.kernel.sysctl = {
+      "net.ipv6.conf.all.forwarding" = "1";
+      "net.ipv6.conf.default.forwarding" = "1";
+      "net.ipv4.ip_forward" = "1";
+    };
+
+    networking.useDHCP = false;
+    networking.interfaces.eth1 = {
+      ipv4.addresses = [{
+        address = ip4;
+        prefixLength = 24;
+      }];
+      ipv6.addresses = [{
+        address = ip6;
+        prefixLength = 64;
+      }];
+    };
+  }
+  extraConfig
+]
diff --git a/nixos/tests/wireguard/wg-quick.nix b/nixos/tests/wireguard/wg-quick.nix
new file mode 100644
index 00000000000..7354dd01a34
--- /dev/null
+++ b/nixos/tests/wireguard/wg-quick.nix
@@ -0,0 +1,63 @@
+import ../make-test-python.nix ({ pkgs, lib, ... }:
+  let
+    wg-snakeoil-keys = import ./snakeoil-keys.nix;
+    peer = (import ./make-peer.nix) { inherit lib; };
+  in
+  {
+    name = "wg-quick";
+    meta = with pkgs.stdenv.lib.maintainers; {
+      maintainers = [ xwvvvvwx ];
+    };
+
+    nodes = {
+      peer0 = peer {
+        ip4 = "192.168.0.1";
+        ip6 = "fd00::1";
+        extraConfig = {
+          networking.firewall.allowedUDPPorts = [ 23542 ];
+          networking.wg-quick.interfaces.wg0 = {
+            address = [ "10.23.42.1/32" "fc00::1/128" ];
+            listenPort = 23542;
+
+            inherit (wg-snakeoil-keys.peer0) privateKey;
+
+            peers = lib.singleton {
+              allowedIPs = [ "10.23.42.2/32" "fc00::2/128" ];
+
+              inherit (wg-snakeoil-keys.peer1) publicKey;
+            };
+          };
+        };
+      };
+
+      peer1 = peer {
+        ip4 = "192.168.0.2";
+        ip6 = "fd00::2";
+        extraConfig = {
+          networking.wg-quick.interfaces.wg0 = {
+            address = [ "10.23.42.2/32" "fc00::2/128" ];
+            inherit (wg-snakeoil-keys.peer1) privateKey;
+
+            peers = lib.singleton {
+              allowedIPs = [ "0.0.0.0/0" "::/0" ];
+              endpoint = "192.168.0.1:23542";
+              persistentKeepalive = 25;
+
+              inherit (wg-snakeoil-keys.peer0) publicKey;
+            };
+          };
+        };
+      };
+    };
+
+    testScript = ''
+      start_all()
+
+      peer0.wait_for_unit("wg-quick-wg0.service")
+      peer1.wait_for_unit("wg-quick-wg0.service")
+
+      peer1.succeed("ping -c5 fc00::1")
+      peer1.succeed("ping -c5 10.23.42.1")
+    '';
+  }
+)
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-06-13 02:17:14 +0000