ryan
/
wirenix
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add disjointed meshes tests

Browse Source
release
Adam Stephens 9 months ago committed by Matthew Salerno
parent dadd5bf720
commit 1236e4e8f2
2 changed files with 168 additions and 0 deletions
Show Stats Download Patch File Download Diff File

90
tests/acls/disjointed-meshes.nix
Unescape Escape View File

@ -0,0 +1,90 @@
{
version = "v1";
subnets = [
{
name = "disjoint1";
endpoints = [
{
# No match mean match any
port = 51820;
}
];
}
{
name = "disjoint2";
endpoints = [
{
# No match mean match any
port = 51821;
}
];
}
];
groups = [
# groups field is expected, but can be empty
];
peers = [
{
name = "node1";
subnets = {
disjoint1 = {
listenPort = 51820;
# empty ipAddresses will auto generate an IPv6 address
};
};
publicKey = "kdyzqV8cBQtDYeW6R1vUug0Oe+KaytHHDS7JoCp/kTE=";
privateKeyFile = "/etc/wg-key";
endpoints = [
{
# no match can be any
ip = "node1";
}
];
}
{
name = "node2";
subnets = {
disjoint1 = {
listenPort = 51820;
};
disjoint2 = {
listenPort = 51821;
};
};
publicKey = "ztdAXTspQEZUNpxUbUdAhhRWbiL3YYWKSK0ZGdcsMHE=";
privateKeyFile = "/etc/wg-key";
endpoints = [
{
# no match can be any
ip = "node2";
}
];
}
{
name = "node3";
subnets = {
disjoint2 = {
listenPort = 51821;
};
};
publicKey = "VR5SILc/2MkWSeGOVAJ/0Ru5H4DFheNvNUiT0fPtgiI=";
privateKeyFile = "/etc/wg-key";
endpoints = [
{
# no match can be any
ip = "node3";
}
];
}
];
connections = [
{
a = [{type= "subnet"; rule = "is"; value = "disjoint1";}];
b = [{type= "subnet"; rule = "is"; value = "disjoint1";}];
}
{
a = [{type= "subnet"; rule = "is"; value = "disjoint2";}];
b = [{type= "subnet"; rule = "is"; value = "disjoint2";}];
}
];
}

78
tests/disjointed-meshes.nix
Unescape Escape View File

@ -0,0 +1,78 @@
/*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at https://mozilla.org/MPL/2.0/.
*/
(import ./lib.nix) ({wnlib}:
{
name = "disjointed-meshes connection";
nodes = {
# `self` here is set by using specialArgs in `lib.nix`
node1 = { self, pkgs, ... }: {
virtualisation.vlans = [ 1 ];
imports = [ self.nixosModules.default ];
wirenix = {
enable = true;
keyProviders = ["acl"];
peerName = "node1";
aclConfig = import ./acls/disjointed-meshes.nix;
};
# Don't do this! This is for testing only!
environment.etc."wg-key" = {
text = "MIELhEc0I7BseAanhk/+LlY/+Yf7GK232vKWITExnEI=";
};
networking.firewall.enable = false;
};
node2 = { self, pkgs, ... }: {
virtualisation.vlans = [ 1 ];
imports = [ self.nixosModules.default ];
wirenix = {
enable = true;
keyProviders = ["acl"];
peerName = "node2";
aclConfig = import ./acls/disjointed-meshes.nix;
};
environment.etc."wg-key" = {
text = "yG4mJiduoAvzhUJMslRbZwOp1gowSfC+wgY8B/Mul1M=";
};
networking.firewall.enable = false;
};
node3 = { self, pkgs, ... }: {
virtualisation.vlans = [ 1 ];
imports = [ self.nixosModules.default ];
wirenix = {
enable = true;
keyProviders = ["acl"];
peerName = "node3";
aclConfig = import ./acls/disjointed-meshes.nix;
};
environment.etc."wg-key" = {
text = "MFsj7nmb2efBFNwON8RxZf+MHbopTY9P3+/xhiqJFlM=";
};
networking.firewall.enable = false;
};
};
# This is the test code that will check if our service is running correctly:
testScript = ''
start_all()
node1.wait_for_unit("wireguard-disjoint1-peer-node2")
node2.wait_for_unit("wireguard-disjoint1-peer-node1")
node2.wait_for_unit("wireguard-disjoint2-peer-node3")
node3.wait_for_unit("wireguard-disjoint2-peer-node2")
node1.succeed("wg show >&2")
node2.succeed("wg show >&2")
node3.succeed("wg show >&2")
node1.succeed("ping -c 1 node2.disjoint1")
node1.fail("ping -c 1 node3.disjoint2")
node2.succeed("ping -c 1 node1.disjoint1")
node2.succeed("ping -c 1 node3.disjoint2")
node3.fail("ping -c 1 node1.disjoint1")
node3.succeed("ping -c 1 node2.disjoint2")
'';
})
Write Preview
Loading…
Cancel
Save