| blob | 96b0a681c364daa2b81a31af18529a8c864a7240 |
1 import ../make-test-python.nix ({ pkgs, lib, kernelPackages ? null, ...} :
2 let
3 wg-snakeoil-keys = import ./snakeoil-keys.nix;
4 peer = (import ./make-peer.nix) { inherit lib; };
5 in
6 {
7 name = "wireguard";
8 meta = with pkgs.lib.maintainers; {
9 maintainers = [ ma27 ];
10 };
12 nodes = {
13 peer0 = peer {
14 ip4 = "192.168.0.1";
15 ip6 = "fd00::1";
16 extraConfig = {
17 boot = lib.mkIf (kernelPackages != null) { inherit kernelPackages; };
18 networking.firewall.allowedUDPPorts = [ 23542 ];
19 networking.wireguard.interfaces.wg0 = {
20 ips = [ "10.23.42.1/32" "fc00::1/128" ];
21 listenPort = 23542;
23 inherit (wg-snakeoil-keys.peer0) privateKey;
25 peers = lib.singleton {
26 allowedIPs = [ "10.23.42.2/32" "fc00::2/128" ];
28 inherit (wg-snakeoil-keys.peer1) publicKey;
29 };
30 };
31 };
32 };
34 peer1 = peer {
35 ip4 = "192.168.0.2";
36 ip6 = "fd00::2";
37 extraConfig = {
38 boot = lib.mkIf (kernelPackages != null) { inherit kernelPackages; };
39 networking.wireguard.interfaces.wg0 = {
40 ips = [ "10.23.42.2/32" "fc00::2/128" ];
41 listenPort = 23542;
42 allowedIPsAsRoutes = false;
44 inherit (wg-snakeoil-keys.peer1) privateKey;
46 peers = lib.singleton {
47 allowedIPs = [ "0.0.0.0/0" "::/0" ];
48 endpoint = "192.168.0.1:23542";
49 persistentKeepalive = 25;
51 inherit (wg-snakeoil-keys.peer0) publicKey;
52 };
54 postSetup = let inherit (pkgs) iproute2; in ''
55 ${iproute2}/bin/ip route replace 10.23.42.1/32 dev wg0
56 ${iproute2}/bin/ip route replace fc00::1/128 dev wg0
57 '';
58 };
59 };
60 };
61 };
63 testScript = ''
64 start_all()
66 peer0.wait_for_unit("wireguard-wg0.service")
67 peer1.wait_for_unit("wireguard-wg0.service")
69 peer1.succeed("ping -c5 fc00::1")
70 peer1.succeed("ping -c5 10.23.42.1")
71 '';
72 }
73 )