diff options
author | Franz Pletz <fpletz@fnordicwalking.de> | 2019-11-14 01:24:59 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2019-11-14 01:24:59 +0000 |
commit | e84840117b612a5e7b388975cace07e754acd1b6 (patch) | |
tree | 607b81d2dc112448230bb87cc6db3baa19a8b719 /nixos/tests | |
parent | a1a0f45fb85e898f545cfcba27bc9890c347fba9 (diff) | |
parent | 412f6a967d0d545686e284bfb3fdfe6015eb8bb1 (diff) | |
download | nixlib-e84840117b612a5e7b388975cace07e754acd1b6.tar nixlib-e84840117b612a5e7b388975cace07e754acd1b6.tar.gz nixlib-e84840117b612a5e7b388975cace07e754acd1b6.tar.bz2 nixlib-e84840117b612a5e7b388975cace07e754acd1b6.tar.lz nixlib-e84840117b612a5e7b388975cace07e754acd1b6.tar.xz nixlib-e84840117b612a5e7b388975cace07e754acd1b6.tar.zst nixlib-e84840117b612a5e7b388975cace07e754acd1b6.zip |
Merge pull request #71510 from asymmetric/wg-ns
Add namespace support to Wireguard module
Diffstat (limited to 'nixos/tests')
-rw-r--r-- | nixos/tests/all-tests.nix | 1 | ||||
-rw-r--r-- | nixos/tests/wireguard/namespaces.nix | 80 |
2 files changed, 81 insertions, 0 deletions
diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index 9db505a27d41..8ba10bdc4f40 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -279,6 +279,7 @@ in virtualbox = handleTestOn ["x86_64-linux"] ./virtualbox.nix {}; wireguard = handleTest ./wireguard {}; wireguard-generated = handleTest ./wireguard/generated.nix {}; + wireguard-namespaces = handleTest ./wireguard/namespaces.nix {}; wordpress = handleTest ./wordpress.nix {}; xautolock = handleTest ./xautolock.nix {}; xfce = handleTest ./xfce.nix {}; diff --git a/nixos/tests/wireguard/namespaces.nix b/nixos/tests/wireguard/namespaces.nix new file mode 100644 index 000000000000..94f993d9475d --- /dev/null +++ b/nixos/tests/wireguard/namespaces.nix @@ -0,0 +1,80 @@ +let + listenPort = 12345; + socketNamespace = "foo"; + interfaceNamespace = "bar"; + node = { + networking.wireguard.interfaces.wg0 = { + listenPort = listenPort; + ips = [ "10.10.10.1/24" ]; + privateKeyFile = "/etc/wireguard/private"; + generatePrivateKeyFile = true; + }; + }; + +in + +import ../make-test.nix ({ pkgs, ...} : { + name = "wireguard-with-namespaces"; + meta = with pkgs.stdenv.lib.maintainers; { + maintainers = [ asymmetric ]; + }; + + nodes = { + # interface should be created in the socketNamespace + # and not moved from there + peer0 = pkgs.lib.attrsets.recursiveUpdate node { + networking.wireguard.interfaces.wg0 = { + preSetup = '' + ip netns add ${socketNamespace} + ''; + inherit socketNamespace; + }; + }; + # interface should be created in the init namespace + # and moved to the interfaceNamespace + peer1 = pkgs.lib.attrsets.recursiveUpdate node { + networking.wireguard.interfaces.wg0 = { + preSetup = '' + ip netns add ${interfaceNamespace} + ''; + inherit interfaceNamespace; + }; + }; + # interface should be created in the socketNamespace + # and moved to the interfaceNamespace + peer2 = pkgs.lib.attrsets.recursiveUpdate node { + networking.wireguard.interfaces.wg0 = { + preSetup = '' + ip netns add ${socketNamespace} + ip netns add ${interfaceNamespace} + ''; + inherit socketNamespace interfaceNamespace; + }; + }; + # interface should be created in the socketNamespace + # and moved to the init namespace + peer3 = pkgs.lib.attrsets.recursiveUpdate node { + networking.wireguard.interfaces.wg0 = { + preSetup = '' + ip netns add ${socketNamespace} + ''; + inherit socketNamespace; + interfaceNamespace = "init"; + }; + }; + }; + + testScript = '' + startAll(); + + $peer0->waitForUnit("wireguard-wg0.service"); + $peer1->waitForUnit("wireguard-wg0.service"); + $peer2->waitForUnit("wireguard-wg0.service"); + $peer3->waitForUnit("wireguard-wg0.service"); + + $peer0->succeed("ip -n ${socketNamespace} link show wg0"); + $peer1->succeed("ip -n ${interfaceNamespace} link show wg0"); + $peer2->succeed("ip -n ${interfaceNamespace} link show wg0"); + $peer3->succeed("ip link show wg0"); + ''; +}) |