| blob | ec2b8d7f2d9d166e6e291d5f00f61338eb72258b |
1 import ../make-test-python.nix ({ pkgs, lib, kernelPackages ? null, nftables ? false, ... }:
2 let
3 wg-snakeoil-keys = import ./snakeoil-keys.nix;
4 peer = import ./make-peer.nix { inherit lib; };
5 commonConfig = {
6 boot.kernelPackages = lib.mkIf (kernelPackages != null) kernelPackages;
7 networking.nftables.enable = nftables;
8 # Make sure iptables doesn't work with nftables enabled
9 boot.blacklistedKernelModules = lib.mkIf nftables [ "nft_compat" ];
10 };
11 in
12 {
13 name = "wg-quick";
14 meta = with pkgs.lib.maintainers; {
15 maintainers = [ d-xo ];
16 };
18 nodes = {
19 peer0 = peer {
20 ip4 = "192.168.0.1";
21 ip6 = "fd00::1";
22 extraConfig = lib.mkMerge [
23 commonConfig
24 {
25 networking.firewall.allowedUDPPorts = [ 23542 ];
26 networking.wg-quick.interfaces.wg0 = {
27 address = [ "10.23.42.1/32" "fc00::1/128" ];
28 listenPort = 23542;
30 inherit (wg-snakeoil-keys.peer0) privateKey;
32 peers = lib.singleton {
33 allowedIPs = [ "10.23.42.2/32" "fc00::2/128" ];
35 inherit (wg-snakeoil-keys.peer1) publicKey;
36 };
38 dns = [ "10.23.42.2" "fc00::2" "wg0" ];
39 };
40 }
41 ];
42 };
44 peer1 = peer {
45 ip4 = "192.168.0.2";
46 ip6 = "fd00::2";
47 extraConfig = lib.mkMerge [
48 commonConfig
49 {
50 networking.useNetworkd = true;
51 networking.wg-quick.interfaces.wg0 = {
52 address = [ "10.23.42.2/32" "fc00::2/128" ];
53 inherit (wg-snakeoil-keys.peer1) privateKey;
55 peers = lib.singleton {
56 allowedIPs = [ "0.0.0.0/0" "::/0" ];
57 endpoint = "192.168.0.1:23542";
58 persistentKeepalive = 25;
60 inherit (wg-snakeoil-keys.peer0) publicKey;
61 };
63 dns = [ "10.23.42.1" "fc00::1" "wg0" ];
64 };
65 }
66 ];
67 };
68 };
70 testScript = ''
71 start_all()
73 peer0.wait_for_unit("wg-quick-wg0.service")
74 peer1.wait_for_unit("wg-quick-wg0.service")
76 peer1.succeed("ping -c5 fc00::1")
77 peer1.succeed("ping -c5 10.23.42.1")
78 '';
79 }
80 )