| blob | 36ab226cde0e4e241ff92b9be8aef5d2b11b8649 |
1 { kernelPackages ? null }:
2 import ../make-test-python.nix ({ pkgs, lib, ...} :
3 let
4 wg-snakeoil-keys = import ./snakeoil-keys.nix;
5 peer = (import ./make-peer.nix) { inherit lib; };
6 in
7 {
8 name = "wireguard";
9 meta = with pkgs.lib.maintainers; {
10 maintainers = [ ma27 ];
11 };
13 nodes = {
14 peer0 = peer {
15 ip4 = "192.168.0.1";
16 ip6 = "fd00::1";
17 extraConfig = {
18 boot = lib.mkIf (kernelPackages != null) { inherit kernelPackages; };
19 networking.firewall.allowedUDPPorts = [ 23542 ];
20 networking.wireguard.interfaces.wg0 = {
21 ips = [ "10.23.42.1/32" "fc00::1/128" ];
22 listenPort = 23542;
24 inherit (wg-snakeoil-keys.peer0) privateKey;
26 peers = lib.singleton {
27 allowedIPs = [ "10.23.42.2/32" "fc00::2/128" ];
29 inherit (wg-snakeoil-keys.peer1) publicKey;
30 };
31 };
32 };
33 };
35 peer1 = peer {
36 ip4 = "192.168.0.2";
37 ip6 = "fd00::2";
38 extraConfig = {
39 boot = lib.mkIf (kernelPackages != null) { inherit kernelPackages; };
40 networking.wireguard.interfaces.wg0 = {
41 ips = [ "10.23.42.2/32" "fc00::2/128" ];
42 listenPort = 23542;
43 allowedIPsAsRoutes = false;
45 inherit (wg-snakeoil-keys.peer1) privateKey;
47 peers = lib.singleton {
48 allowedIPs = [ "0.0.0.0/0" "::/0" ];
49 endpoint = "192.168.0.1:23542";
50 persistentKeepalive = 25;
52 inherit (wg-snakeoil-keys.peer0) publicKey;
53 };
55 postSetup = let inherit (pkgs) iproute2; in ''
56 ${iproute2}/bin/ip route replace 10.23.42.1/32 dev wg0
57 ${iproute2}/bin/ip route replace fc00::1/128 dev wg0
58 '';
59 };
60 };
61 };
62 };
64 testScript = ''
65 start_all()
67 peer0.wait_for_unit("wireguard-wg0.service")
68 peer1.wait_for_unit("wireguard-wg0.service")
70 peer1.succeed("ping -c5 fc00::1")
71 peer1.succeed("ping -c5 10.23.42.1")
72 '';
73 }
74 )