vuls: init at 0.27.0
[NixPkgs.git] / nixos / tests / wireguard / wg-quick.nix
blobec2b8d7f2d9d166e6e291d5f00f61338eb72258b
1 import ../make-test-python.nix ({ pkgs, lib, kernelPackages ? null, nftables ? false, ... }:
2   let
3     wg-snakeoil-keys = import ./snakeoil-keys.nix;
4     peer = import ./make-peer.nix { inherit lib; };
5     commonConfig = {
6       boot.kernelPackages = lib.mkIf (kernelPackages != null) kernelPackages;
7       networking.nftables.enable = nftables;
8       # Make sure iptables doesn't work with nftables enabled
9       boot.blacklistedKernelModules = lib.mkIf nftables [ "nft_compat" ];
10     };
11   in
12   {
13     name = "wg-quick";
14     meta = with pkgs.lib.maintainers; {
15       maintainers = [ d-xo ];
16     };
18     nodes = {
19       peer0 = peer {
20         ip4 = "192.168.0.1";
21         ip6 = "fd00::1";
22         extraConfig = lib.mkMerge [
23           commonConfig
24           {
25             networking.firewall.allowedUDPPorts = [ 23542 ];
26             networking.wg-quick.interfaces.wg0 = {
27               address = [ "10.23.42.1/32" "fc00::1/128" ];
28               listenPort = 23542;
30               inherit (wg-snakeoil-keys.peer0) privateKey;
32               peers = lib.singleton {
33                 allowedIPs = [ "10.23.42.2/32" "fc00::2/128" ];
35                 inherit (wg-snakeoil-keys.peer1) publicKey;
36               };
38               dns = [ "10.23.42.2" "fc00::2" "wg0" ];
39             };
40           }
41         ];
42       };
44       peer1 = peer {
45         ip4 = "192.168.0.2";
46         ip6 = "fd00::2";
47         extraConfig = lib.mkMerge [
48           commonConfig
49           {
50             networking.useNetworkd = true;
51             networking.wg-quick.interfaces.wg0 = {
52               address = [ "10.23.42.2/32" "fc00::2/128" ];
53               inherit (wg-snakeoil-keys.peer1) privateKey;
55               peers = lib.singleton {
56                 allowedIPs = [ "0.0.0.0/0" "::/0" ];
57                 endpoint = "192.168.0.1:23542";
58                 persistentKeepalive = 25;
60                 inherit (wg-snakeoil-keys.peer0) publicKey;
61               };
63               dns = [ "10.23.42.1" "fc00::1" "wg0" ];
64             };
65           }
66         ];
67       };
68     };
70     testScript = ''
71       start_all()
73       peer0.wait_for_unit("wg-quick-wg0.service")
74       peer1.wait_for_unit("wg-quick-wg0.service")
76       peer1.succeed("ping -c5 fc00::1")
77       peer1.succeed("ping -c5 10.23.42.1")
78     '';
79   }