diff options
author | Franz Pletz <fpletz@fnordicwalking.de> | 2019-04-02 08:11:52 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2019-04-02 08:11:52 +0000 |
commit | ab574424a0b4a5abd33b861fd9f0c1471a5e0003 (patch) | |
tree | b8e85e6421e61a315b712bf18f33120d621ab33d /nixos | |
parent | a2f5d643b5add1c579af33efda8fc551e85f913c (diff) | |
parent | 0c4e9e397eed1e53975b3124af3b36939f8a40f7 (diff) | |
download | nixlib-ab574424a0b4a5abd33b861fd9f0c1471a5e0003.tar nixlib-ab574424a0b4a5abd33b861fd9f0c1471a5e0003.tar.gz nixlib-ab574424a0b4a5abd33b861fd9f0c1471a5e0003.tar.bz2 nixlib-ab574424a0b4a5abd33b861fd9f0c1471a5e0003.tar.lz nixlib-ab574424a0b4a5abd33b861fd9f0c1471a5e0003.tar.xz nixlib-ab574424a0b4a5abd33b861fd9f0c1471a5e0003.tar.zst nixlib-ab574424a0b4a5abd33b861fd9f0c1471a5e0003.zip |
Merge pull request #57789 from Ma27/wireguard-test
nixos/wireguard: add test
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/tests/all-tests.nix | 1 | ||||
-rw-r--r-- | nixos/tests/wireguard/default.nix | 97 | ||||
-rw-r--r-- | nixos/tests/wireguard/snakeoil-keys.nix | 11 |
3 files changed, 109 insertions, 0 deletions
diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index 1db99a03d25d..d47ebd4a51c7 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -232,6 +232,7 @@ in upnp = handleTest ./upnp.nix {}; vault = handleTest ./vault.nix {}; virtualbox = handleTestOn ["x86_64-linux"] ./virtualbox.nix {}; + wireguard = handleTest ./wireguard {}; wordpress = handleTest ./wordpress.nix {}; xautolock = handleTest ./xautolock.nix {}; xdg-desktop-portal = handleTest ./xdg-desktop-portal.nix {}; diff --git a/nixos/tests/wireguard/default.nix b/nixos/tests/wireguard/default.nix new file mode 100644 index 000000000000..b0797b963235 --- /dev/null +++ b/nixos/tests/wireguard/default.nix @@ -0,0 +1,97 @@ +let + wg-snakeoil-keys = import ./snakeoil-keys.nix; +in + +import ../make-test.nix ({ pkgs, ...} : { + name = "wireguard"; + meta = with pkgs.stdenv.lib.maintainers; { + maintainers = [ ma27 ]; + }; + + nodes = { + peer0 = { lib, ... }: { + boot.kernel.sysctl = { + "net.ipv6.conf.all.forwarding" = "1"; + "net.ipv6.conf.default.forwarding" = "1"; + "net.ipv4.ip_forward" = "1"; + }; + + networking.useDHCP = false; + networking.interfaces.eth1 = { + ipv4.addresses = lib.singleton { + address = "192.168.0.1"; + prefixLength = 24; + }; + ipv6.addresses = lib.singleton { + address = "fd00::1"; + prefixLength = 64; + }; + }; + + networking.firewall.allowedUDPPorts = [ 23542 ]; + networking.wireguard.interfaces.wg0 = { + ips = [ "10.23.42.1/32" "fc00::1/128" ]; + listenPort = 23542; + + inherit (wg-snakeoil-keys.peer0) privateKey; + + peers = lib.singleton { + allowedIPs = [ "10.23.42.2/32" "fc00::2/128" ]; + + inherit (wg-snakeoil-keys.peer1) publicKey; + }; + }; + }; + + peer1 = { pkgs, lib, ... }: { + boot.kernel.sysctl = { + "net.ipv6.conf.all.forwarding" = "1"; + "net.ipv6.conf.default.forwarding" = "1"; + "net.ipv4.ip_forward" = "1"; + }; + + networking.useDHCP = false; + networking.interfaces.eth1 = { + ipv4.addresses = lib.singleton { + address = "192.168.0.2"; + prefixLength = 24; + }; + ipv6.addresses = lib.singleton { + address = "fd00::2"; + prefixLength = 64; + }; + }; + + networking.wireguard.interfaces.wg0 = { + ips = [ "10.23.42.2/32" "fc00::2/128" ]; + listenPort = 23542; + allowedIPsAsRoutes = false; + + inherit (wg-snakeoil-keys.peer1) privateKey; + + peers = lib.singleton { + allowedIPs = [ "0.0.0.0/0" "::/0" ]; + endpoint = "192.168.0.1:23542"; + persistentKeepalive = 25; + + inherit (wg-snakeoil-keys.peer0) publicKey; + }; + + postSetup = let inherit (pkgs) iproute; in '' + ${iproute}/bin/ip route replace 10.23.42.1/32 dev wg0 + ${iproute}/bin/ip route replace fc00::1/128 dev wg0 + ''; + }; + }; + }; + + testScript = '' + startAll; + + $peer0->waitForUnit("wireguard-wg0.service"); + $peer1->waitForUnit("wireguard-wg0.service"); + + $peer1->succeed("ping -c5 fc00::1"); + $peer1->succeed("ping -c5 10.23.42.1") + ''; +}) diff --git a/nixos/tests/wireguard/snakeoil-keys.nix b/nixos/tests/wireguard/snakeoil-keys.nix new file mode 100644 index 000000000000..55ad582d4059 --- /dev/null +++ b/nixos/tests/wireguard/snakeoil-keys.nix @@ -0,0 +1,11 @@ +{ + peer0 = { + privateKey = "OPuVRS2T0/AtHDp3PXkNuLQYDiqJaBEEnYe42BSnJnQ="; + publicKey = "IujkG119YPr2cVQzJkSLYCdjpHIDjvr/qH1w1tdKswY="; + }; + + peer1 = { + privateKey = "uO8JVo/sanx2DOM0L9GUEtzKZ82RGkRnYgpaYc7iXmg="; + publicKey = "Ks9yRJIi/0vYgRmn14mIOQRwkcUGBujYINbMpik2SBI="; + }; +} |