| blob | c58f7a75071ec8c6c87d513c2f9a0dde0c1f16e6 |
1 import ../make-test-python.nix ({ pkgs, lib, kernelPackages ? null, ... } : {
2 name = "wireguard-generated";
3 meta = with pkgs.lib.maintainers; {
4 maintainers = [ ma27 grahamc ];
5 };
7 nodes = {
8 peer1 = {
9 boot = lib.mkIf (kernelPackages != null) { inherit kernelPackages; };
10 networking.firewall.allowedUDPPorts = [ 12345 ];
11 networking.wireguard.interfaces.wg0 = {
12 ips = [ "10.10.10.1/24" ];
13 listenPort = 12345;
14 privateKeyFile = "/etc/wireguard/private";
15 generatePrivateKeyFile = true;
17 };
18 };
20 peer2 = {
21 boot = lib.mkIf (kernelPackages != null) { inherit kernelPackages; };
22 networking.firewall.allowedUDPPorts = [ 12345 ];
23 networking.wireguard.interfaces.wg0 = {
24 ips = [ "10.10.10.2/24" ];
25 listenPort = 12345;
26 privateKeyFile = "/etc/wireguard/private";
27 generatePrivateKeyFile = true;
28 };
29 };
30 };
32 testScript = ''
33 start_all()
35 peer1.wait_for_unit("wireguard-wg0.service")
36 peer2.wait_for_unit("wireguard-wg0.service")
38 retcode, peer1pubkey = peer1.execute("wg pubkey < /etc/wireguard/private")
39 if retcode != 0:
40 raise Exception("Could not read public key from peer1")
42 retcode, peer2pubkey = peer2.execute("wg pubkey < /etc/wireguard/private")
43 if retcode != 0:
44 raise Exception("Could not read public key from peer2")
46 peer1.succeed(
47 "wg set wg0 peer {} allowed-ips 10.10.10.2/32 endpoint 192.168.1.2:12345 persistent-keepalive 1".format(
48 peer2pubkey.strip()
49 )
50 )
51 peer1.succeed("ip route replace 10.10.10.2/32 dev wg0 table main")
53 peer2.succeed(
54 "wg set wg0 peer {} allowed-ips 10.10.10.1/32 endpoint 192.168.1.1:12345 persistent-keepalive 1".format(
55 peer1pubkey.strip()
56 )
57 )
58 peer2.succeed("ip route replace 10.10.10.1/32 dev wg0 table main")
60 peer1.succeed("ping -c1 10.10.10.2")
61 peer2.succeed("ping -c1 10.10.10.1")
62 '';
63 })