diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index f3b36e5fa13f..796c626f3dde 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -341,10 +341,7 @@ in vault = handleTest ./vault.nix {}; victoriametrics = handleTest ./victoriametrics.nix {}; virtualbox = handleTestOn ["x86_64-linux"] ./virtualbox.nix {}; - wg-quick = handleTest ./wireguard/wg-quick.nix {}; wireguard = handleTest ./wireguard {}; - wireguard-generated = handleTest ./wireguard/generated.nix {}; - wireguard-namespaces = handleTest ./wireguard/namespaces.nix {}; wordpress = handleTest ./wordpress.nix {}; xandikos = handleTest ./xandikos.nix {}; xautolock = handleTest ./xautolock.nix {}; diff --git a/nixos/tests/wireguard/basic.nix b/nixos/tests/wireguard/basic.nix new file mode 100644 index 000000000000..25d706ae2e52 --- /dev/null +++ b/nixos/tests/wireguard/basic.nix @@ -0,0 +1,74 @@ +{ kernelPackages ? null }: +import ../make-test-python.nix ({ pkgs, lib, ...} : + let + wg-snakeoil-keys = import ./snakeoil-keys.nix; + peer = (import ./make-peer.nix) { inherit lib; }; + in + { + name = "wireguard"; + meta = with pkgs.stdenv.lib.maintainers; { + maintainers = [ ma27 ]; + }; + + nodes = { + peer0 = peer { + ip4 = "192.168.0.1"; + ip6 = "fd00::1"; + extraConfig = { + boot = lib.mkIf (kernelPackages != null) { inherit kernelPackages; }; + networking.firewall.allowedUDPPorts = [ 23542 ]; + networking.wireguard.interfaces.wg0 = { + ips = [ "10.23.42.1/32" "fc00::1/128" ]; + listenPort = 23542; + + inherit (wg-snakeoil-keys.peer0) privateKey; + + peers = lib.singleton { + allowedIPs = [ "10.23.42.2/32" "fc00::2/128" ]; + + inherit (wg-snakeoil-keys.peer1) publicKey; + }; + }; + }; + }; + + peer1 = peer { + ip4 = "192.168.0.2"; + ip6 = "fd00::2"; + extraConfig = { + boot = lib.mkIf (kernelPackages != null) { inherit kernelPackages; }; + networking.wireguard.interfaces.wg0 = { + ips = [ "10.23.42.2/32" "fc00::2/128" ]; + listenPort = 23542; + allowedIPsAsRoutes = false; + + inherit (wg-snakeoil-keys.peer1) privateKey; + + peers = lib.singleton { + allowedIPs = [ "0.0.0.0/0" "::/0" ]; + endpoint = "192.168.0.1:23542"; + persistentKeepalive = 25; + + inherit (wg-snakeoil-keys.peer0) publicKey; + }; + + postSetup = let inherit (pkgs) iproute; in '' + ${iproute}/bin/ip route replace 10.23.42.1/32 dev wg0 + ${iproute}/bin/ip route replace fc00::1/128 dev wg0 + ''; + }; + }; + }; + }; + + testScript = '' + start_all() + + peer0.wait_for_unit("wireguard-wg0.service") + peer1.wait_for_unit("wireguard-wg0.service") + + peer1.succeed("ping -c5 fc00::1") + peer1.succeed("ping -c5 10.23.42.1") + ''; + } +) diff --git a/nixos/tests/wireguard/default.nix b/nixos/tests/wireguard/default.nix index e3bc31c600f9..dedb321ff2ef 100644 --- a/nixos/tests/wireguard/default.nix +++ b/nixos/tests/wireguard/default.nix @@ -1,71 +1,27 @@ -import ../make-test-python.nix ({ pkgs, lib, ...} : - let - wg-snakeoil-keys = import ./snakeoil-keys.nix; - peer = (import ./make-peer.nix) { inherit lib; }; - in - { - name = "wireguard"; - meta = with pkgs.stdenv.lib.maintainers; { - maintainers = [ ma27 ]; - }; +{ system ? builtins.currentSystem +, config ? { } +, pkgs ? import ../../.. { inherit system config; } +, kernelVersionsToTest ? [ "5.4" "latest" ] +}: - nodes = { - peer0 = peer { - ip4 = "192.168.0.1"; - ip6 = "fd00::1"; - extraConfig = { - networking.firewall.allowedUDPPorts = [ 23542 ]; - networking.wireguard.interfaces.wg0 = { - ips = [ "10.23.42.1/32" "fc00::1/128" ]; - listenPort = 23542; +with pkgs.lib; - inherit (wg-snakeoil-keys.peer0) privateKey; +let + tests = let callTest = p: flip (import p) { inherit system pkgs; }; in { + basic = callTest ./basic.nix; + namespaces = callTest ./namespaces.nix; + wg-quick = callTest ./wg-quick.nix; + generated = callTest ./generated.nix; + }; +in - peers = lib.singleton { - allowedIPs = [ "10.23.42.2/32" "fc00::2/128" ]; - - inherit (wg-snakeoil-keys.peer1) publicKey; - }; - }; - }; - }; - - peer1 = peer { - ip4 = "192.168.0.2"; - ip6 = "fd00::2"; - extraConfig = { - networking.wireguard.interfaces.wg0 = { - ips = [ "10.23.42.2/32" "fc00::2/128" ]; - listenPort = 23542; - allowedIPsAsRoutes = false; - - inherit (wg-snakeoil-keys.peer1) privateKey; - - peers = lib.singleton { - allowedIPs = [ "0.0.0.0/0" "::/0" ]; - endpoint = "192.168.0.1:23542"; - persistentKeepalive = 25; - - inherit (wg-snakeoil-keys.peer0) publicKey; - }; - - postSetup = let inherit (pkgs) iproute; in '' - ${iproute}/bin/ip route replace 10.23.42.1/32 dev wg0 - ${iproute}/bin/ip route replace fc00::1/128 dev wg0 - ''; - }; - }; - }; - }; - - testScript = '' - start_all() - - peer0.wait_for_unit("wireguard-wg0.service") - peer1.wait_for_unit("wireguard-wg0.service") - - peer1.succeed("ping -c5 fc00::1") - peer1.succeed("ping -c5 10.23.42.1") - ''; - } +listToAttrs ( + flip concatMap kernelVersionsToTest (version: + let + v' = replaceStrings [ "." ] [ "_" ] version; + in + flip mapAttrsToList tests (name: test: + nameValuePair "wireguard-${name}-linux-${v'}" (test { kernelPackages = pkgs."linuxPackages_${v'}"; }) + ) + ) ) diff --git a/nixos/tests/wireguard/generated.nix b/nixos/tests/wireguard/generated.nix index a29afd2d4666..cdf15483265c 100644 --- a/nixos/tests/wireguard/generated.nix +++ b/nixos/tests/wireguard/generated.nix @@ -1,4 +1,5 @@ -import ../make-test-python.nix ({ pkgs, ...} : { +{ kernelPackages ? null }: +import ../make-test-python.nix ({ pkgs, lib, ... } : { name = "wireguard-generated"; meta = with pkgs.stdenv.lib.maintainers; { maintainers = [ ma27 grahamc ]; @@ -6,6 +7,7 @@ import ../make-test-python.nix ({ pkgs, ...} : { nodes = { peer1 = { + boot = lib.mkIf (kernelPackages != null) { inherit kernelPackages; }; networking.firewall.allowedUDPPorts = [ 12345 ]; networking.wireguard.interfaces.wg0 = { ips = [ "10.10.10.1/24" ]; @@ -17,6 +19,7 @@ import ../make-test-python.nix ({ pkgs, ...} : { }; peer2 = { + boot = lib.mkIf (kernelPackages != null) { inherit kernelPackages; }; networking.firewall.allowedUDPPorts = [ 12345 ]; networking.wireguard.interfaces.wg0 = { ips = [ "10.10.10.2/24" ]; diff --git a/nixos/tests/wireguard/namespaces.nix b/nixos/tests/wireguard/namespaces.nix index c8a4e3bb52a1..c47175ceafc8 100644 --- a/nixos/tests/wireguard/namespaces.nix +++ b/nixos/tests/wireguard/namespaces.nix @@ -1,3 +1,5 @@ +{ kernelPackages ? null }: + let listenPort = 12345; socketNamespace = "foo"; @@ -13,7 +15,7 @@ let in -import ../make-test-python.nix ({ pkgs, ...} : { +import ../make-test-python.nix ({ pkgs, lib, ... } : { name = "wireguard-with-namespaces"; meta = with pkgs.stdenv.lib.maintainers; { maintainers = [ asymmetric ]; @@ -23,6 +25,7 @@ import ../make-test-python.nix ({ pkgs, ...} : { # interface should be created in the socketNamespace # and not moved from there peer0 = pkgs.lib.attrsets.recursiveUpdate node { + boot = lib.mkIf (kernelPackages != null) { inherit kernelPackages; }; networking.wireguard.interfaces.wg0 = { preSetup = '' ip netns add ${socketNamespace} @@ -33,6 +36,7 @@ import ../make-test-python.nix ({ pkgs, ...} : { # interface should be created in the init namespace # and moved to the interfaceNamespace peer1 = pkgs.lib.attrsets.recursiveUpdate node { + boot = lib.mkIf (kernelPackages != null) { inherit kernelPackages; }; networking.wireguard.interfaces.wg0 = { preSetup = '' ip netns add ${interfaceNamespace} @@ -43,6 +47,7 @@ import ../make-test-python.nix ({ pkgs, ...} : { # interface should be created in the socketNamespace # and moved to the interfaceNamespace peer2 = pkgs.lib.attrsets.recursiveUpdate node { + boot = lib.mkIf (kernelPackages != null) { inherit kernelPackages; }; networking.wireguard.interfaces.wg0 = { preSetup = '' ip netns add ${socketNamespace} @@ -54,6 +59,7 @@ import ../make-test-python.nix ({ pkgs, ...} : { # interface should be created in the socketNamespace # and moved to the init namespace peer3 = pkgs.lib.attrsets.recursiveUpdate node { + boot = lib.mkIf (kernelPackages != null) { inherit kernelPackages; }; networking.wireguard.interfaces.wg0 = { preSetup = '' ip netns add ${socketNamespace} diff --git a/nixos/tests/wireguard/wg-quick.nix b/nixos/tests/wireguard/wg-quick.nix index 7354dd01a34a..5472d21cd1ec 100644 --- a/nixos/tests/wireguard/wg-quick.nix +++ b/nixos/tests/wireguard/wg-quick.nix @@ -1,3 +1,5 @@ +{ kernelPackages ? null }: + import ../make-test-python.nix ({ pkgs, lib, ... }: let wg-snakeoil-keys = import ./snakeoil-keys.nix; @@ -14,6 +16,7 @@ import ../make-test-python.nix ({ pkgs, lib, ... }: ip4 = "192.168.0.1"; ip6 = "fd00::1"; extraConfig = { + boot = lib.mkIf (kernelPackages != null) { inherit kernelPackages; }; networking.firewall.allowedUDPPorts = [ 23542 ]; networking.wg-quick.interfaces.wg0 = { address = [ "10.23.42.1/32" "fc00::1/128" ]; @@ -34,6 +37,7 @@ import ../make-test-python.nix ({ pkgs, lib, ... }: ip4 = "192.168.0.2"; ip6 = "fd00::2"; extraConfig = { + boot = lib.mkIf (kernelPackages != null) { inherit kernelPackages; }; networking.wg-quick.interfaces.wg0 = { address = [ "10.23.42.2/32" "fc00::2/128" ]; inherit (wg-snakeoil-keys.peer1) privateKey; diff --git a/pkgs/tools/networking/wireguard-tools/default.nix b/pkgs/tools/networking/wireguard-tools/default.nix index 632ef2803c2f..6cd3682c3f27 100644 --- a/pkgs/tools/networking/wireguard-tools/default.nix +++ b/pkgs/tools/networking/wireguard-tools/default.nix @@ -49,9 +49,7 @@ stdenv.mkDerivation rec { passthru = { updateScript = ./update.sh; - tests = { - inherit (nixosTests) wireguard wg-quick wireguard-generated wireguard-namespaces; - }; + tests = nixosTests.wireguard; }; meta = {