From 3d49ebff29894fe58de97a07a02035bd6d9a2752 Mon Sep 17 00:00:00 2001 From: Matthew Salerno Date: Mon, 18 Sep 2023 11:49:58 -0400 Subject: [PATCH] Added manual IP assignment tests --- tests/acls/manual-ipv4.nix | 65 +++++++++++++++++++++++++++++++++ tests/acls/manual-ipv6-auto.nix | 65 +++++++++++++++++++++++++++++++++ tests/acls/manual-ipv6.nix | 65 +++++++++++++++++++++++++++++++++ tests/manual-ipv4.nix | 53 +++++++++++++++++++++++++++ tests/manual-ipv6-auto.nix | 53 +++++++++++++++++++++++++++ tests/manual-ipv6.nix | 53 +++++++++++++++++++++++++++ 6 files changed, 354 insertions(+) create mode 100644 tests/acls/manual-ipv4.nix create mode 100644 tests/acls/manual-ipv6-auto.nix create mode 100644 tests/acls/manual-ipv6.nix create mode 100644 tests/manual-ipv4.nix create mode 100644 tests/manual-ipv6-auto.nix create mode 100644 tests/manual-ipv6.nix diff --git a/tests/acls/manual-ipv4.nix b/tests/acls/manual-ipv4.nix new file mode 100644 index 0000000..eb0bd0e --- /dev/null +++ b/tests/acls/manual-ipv4.nix @@ -0,0 +1,65 @@ +{ + version = "v1"; + subnets = [ + { + name = "manual-ipv4"; + endpoints = [ + { + # No match mean match any + port = 51820; + } + ]; + } + ]; + groups = [ + # groups field is expected, but can be empty + ]; + peers = [ + { + name = "node1"; + subnets = { + manual-ipv4 = { + ipAddresses = [ + "10.0.0.1" + ]; + listenPort = 51820; + }; + }; + publicKey = "kdyzqV8cBQtDYeW6R1vUug0Oe+KaytHHDS7JoCp/kTE="; + privateKeyFile = "/etc/wg-key"; + #privateKey = "MIELhEc0I7BseAanhk/+LlY/+Yf7GK232vKWITExnEI="; # path is relative to the machine + endpoints = [ + { + # no match can be any + ip = "node1"; + } + ]; + } + { + name = "node2"; + subnets = { + manual-ipv4 = { + ipAddresses = [ + "10.0.0.2" + ]; + listenPort = 51820; + }; + }; + publicKey = "ztdAXTspQEZUNpxUbUdAhhRWbiL3YYWKSK0ZGdcsMHE="; + privateKeyFile = "/etc/wg-key"; + #privateKey = "yG4mJiduoAvzhUJMslRbZwOp1gowSfC+wgY8B/Mul1M="; + endpoints = [ + { + # no match can be any + ip = "node2"; + } + ]; + } + ]; + connections = [ + { + a = [{type= "subnet"; rule = "is"; value = "manual-ipv4";}]; + b = [{type= "subnet"; rule = "is"; value = "manual-ipv4";}]; + } + ]; +} \ No newline at end of file diff --git a/tests/acls/manual-ipv6-auto.nix b/tests/acls/manual-ipv6-auto.nix new file mode 100644 index 0000000..3e5c7f9 --- /dev/null +++ b/tests/acls/manual-ipv6-auto.nix @@ -0,0 +1,65 @@ +{ + version = "v1"; + subnets = [ + { + name = "manual-ipv6-auto"; + endpoints = [ + { + # No match mean match any + port = 51820; + } + ]; + } + ]; + groups = [ + # groups field is expected, but can be empty + ]; + peers = [ + { + name = "node1"; + subnets = { + manual-ipv6-auto = { + ipAddresses = [ + "auto" + ]; + listenPort = 51820; + }; + }; + publicKey = "kdyzqV8cBQtDYeW6R1vUug0Oe+KaytHHDS7JoCp/kTE="; + privateKeyFile = "/etc/wg-key"; + #privateKey = "MIELhEc0I7BseAanhk/+LlY/+Yf7GK232vKWITExnEI="; # path is relative to the machine + endpoints = [ + { + # no match can be any + ip = "node1"; + } + ]; + } + { + name = "node2"; + subnets = { + manual-ipv6-auto = { + ipAddresses = [ + "auto" + ]; + listenPort = 51820; + }; + }; + publicKey = "ztdAXTspQEZUNpxUbUdAhhRWbiL3YYWKSK0ZGdcsMHE="; + privateKeyFile = "/etc/wg-key"; + #privateKey = "yG4mJiduoAvzhUJMslRbZwOp1gowSfC+wgY8B/Mul1M="; + endpoints = [ + { + # no match can be any + ip = "node2"; + } + ]; + } + ]; + connections = [ + { + a = [{type= "subnet"; rule = "is"; value = "manual-ipv6-auto";}]; + b = [{type= "subnet"; rule = "is"; value = "manual-ipv6-auto";}]; + } + ]; +} \ No newline at end of file diff --git a/tests/acls/manual-ipv6.nix b/tests/acls/manual-ipv6.nix new file mode 100644 index 0000000..b998f93 --- /dev/null +++ b/tests/acls/manual-ipv6.nix @@ -0,0 +1,65 @@ +{ + version = "v1"; + subnets = [ + { + name = "manual-ipv6"; + endpoints = [ + { + # No match mean match any + port = 51820; + } + ]; + } + ]; + groups = [ + # groups field is expected, but can be empty + ]; + peers = [ + { + name = "node1"; + subnets = { + manual-ipv6 = { + ipAddresses = [ + "fc00::1" + ]; + listenPort = 51820; + }; + }; + publicKey = "kdyzqV8cBQtDYeW6R1vUug0Oe+KaytHHDS7JoCp/kTE="; + privateKeyFile = "/etc/wg-key"; + #privateKey = "MIELhEc0I7BseAanhk/+LlY/+Yf7GK232vKWITExnEI="; # path is relative to the machine + endpoints = [ + { + # no match can be any + ip = "node1"; + } + ]; + } + { + name = "node2"; + subnets = { + manual-ipv6 = { + ipAddresses = [ + "fc00::2" + ]; + listenPort = 51820; + }; + }; + publicKey = "ztdAXTspQEZUNpxUbUdAhhRWbiL3YYWKSK0ZGdcsMHE="; + privateKeyFile = "/etc/wg-key"; + #privateKey = "yG4mJiduoAvzhUJMslRbZwOp1gowSfC+wgY8B/Mul1M="; + endpoints = [ + { + # no match can be any + ip = "node2"; + } + ]; + } + ]; + connections = [ + { + a = [{type= "subnet"; rule = "is"; value = "manual-ipv6";}]; + b = [{type= "subnet"; rule = "is"; value = "manual-ipv6";}]; + } + ]; +} \ No newline at end of file diff --git a/tests/manual-ipv4.nix b/tests/manual-ipv4.nix new file mode 100644 index 0000000..969366f --- /dev/null +++ b/tests/manual-ipv4.nix @@ -0,0 +1,53 @@ +/* + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at https://mozilla.org/MPL/2.0/. + */ +(import ./lib.nix) +{ + name = "manual ipv6 connection"; + nodes = { + # `self` here is set by using specialArgs in `lib.nix` + node1 = { self, pkgs, ... }: { + virtualisation.vlans = [ 1 ]; + imports = [ self.nixosModules.default ]; + wirenix = { + enable = true; + keyProviders = ["acl"]; + peerName = "node1"; + aclConfig = import ./acls/manual-ipv4.nix; + }; + environment.etc."wg-key" = { + text = "MIELhEc0I7BseAanhk/+LlY/+Yf7GK232vKWITExnEI="; + }; + networking.firewall.enable = false; + }; + + node2 = { self, pkgs, ... }: { + virtualisation.vlans = [ 1 ]; + imports = [ self.nixosModules.default ]; + wirenix = { + enable = true; + keyProviders = ["acl"]; + peerName = "node2"; + aclConfig = import ./acls/manual-ipv4.nix; + }; + environment.etc."wg-key" = { + text = "yG4mJiduoAvzhUJMslRbZwOp1gowSfC+wgY8B/Mul1M="; + }; + networking.firewall.enable = false; + }; + }; + # This is the test code that will check if our service is running correctly: + testScript = '' + start_all() + node1.wait_for_unit("wireguard-simple-peer-node2") + node2.wait_for_unit("wireguard-simple-peer-node1") + node1.succeed("ping -c 1 node2 >&2") + node1.succeed("wg show >&2") + node2.succeed("ping -c 1 node1 >&2") + node2.succeed("wg show >&2") + node1.succeed("ping -c 1 node2.simple") + node2.succeed("ping -c 1 node1.simple") + ''; +} \ No newline at end of file diff --git a/tests/manual-ipv6-auto.nix b/tests/manual-ipv6-auto.nix new file mode 100644 index 0000000..c3409af --- /dev/null +++ b/tests/manual-ipv6-auto.nix @@ -0,0 +1,53 @@ +/* + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at https://mozilla.org/MPL/2.0/. + */ +(import ./lib.nix) +{ + name = "manual ipv6 connection"; + nodes = { + # `self` here is set by using specialArgs in `lib.nix` + node1 = { self, pkgs, ... }: { + virtualisation.vlans = [ 1 ]; + imports = [ self.nixosModules.default ]; + wirenix = { + enable = true; + keyProviders = ["acl"]; + peerName = "node1"; + aclConfig = import ./acls/manual-ipv6-auto.nix; + }; + environment.etc."wg-key" = { + text = "MIELhEc0I7BseAanhk/+LlY/+Yf7GK232vKWITExnEI="; + }; + networking.firewall.enable = false; + }; + + node2 = { self, pkgs, ... }: { + virtualisation.vlans = [ 1 ]; + imports = [ self.nixosModules.default ]; + wirenix = { + enable = true; + keyProviders = ["acl"]; + peerName = "node2"; + aclConfig = import ./acls/manual-ipv6-auto.nix; + }; + environment.etc."wg-key" = { + text = "yG4mJiduoAvzhUJMslRbZwOp1gowSfC+wgY8B/Mul1M="; + }; + networking.firewall.enable = false; + }; + }; + # This is the test code that will check if our service is running correctly: + testScript = '' + start_all() + node1.wait_for_unit("wireguard-simple-peer-node2") + node2.wait_for_unit("wireguard-simple-peer-node1") + node1.succeed("ping -c 1 node2 >&2") + node1.succeed("wg show >&2") + node2.succeed("ping -c 1 node1 >&2") + node2.succeed("wg show >&2") + node1.succeed("ping -c 1 node2.simple") + node2.succeed("ping -c 1 node1.simple") + ''; +} \ No newline at end of file diff --git a/tests/manual-ipv6.nix b/tests/manual-ipv6.nix new file mode 100644 index 0000000..ffdb687 --- /dev/null +++ b/tests/manual-ipv6.nix @@ -0,0 +1,53 @@ +/* + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at https://mozilla.org/MPL/2.0/. + */ +(import ./lib.nix) +{ + name = "manual ipv6 connection"; + nodes = { + # `self` here is set by using specialArgs in `lib.nix` + node1 = { self, pkgs, ... }: { + virtualisation.vlans = [ 1 ]; + imports = [ self.nixosModules.default ]; + wirenix = { + enable = true; + keyProviders = ["acl"]; + peerName = "node1"; + aclConfig = import ./acls/manual-ipv6.nix; + }; + environment.etc."wg-key" = { + text = "MIELhEc0I7BseAanhk/+LlY/+Yf7GK232vKWITExnEI="; + }; + networking.firewall.enable = false; + }; + + node2 = { self, pkgs, ... }: { + virtualisation.vlans = [ 1 ]; + imports = [ self.nixosModules.default ]; + wirenix = { + enable = true; + keyProviders = ["acl"]; + peerName = "node2"; + aclConfig = import ./acls/manual-ipv6.nix; + }; + environment.etc."wg-key" = { + text = "yG4mJiduoAvzhUJMslRbZwOp1gowSfC+wgY8B/Mul1M="; + }; + networking.firewall.enable = false; + }; + }; + # This is the test code that will check if our service is running correctly: + testScript = '' + start_all() + node1.wait_for_unit("wireguard-simple-peer-node2") + node2.wait_for_unit("wireguard-simple-peer-node1") + node1.succeed("ping -c 1 node2 >&2") + node1.succeed("wg show >&2") + node2.succeed("ping -c 1 node1 >&2") + node2.succeed("wg show >&2") + node1.succeed("ping -c 1 node2.simple") + node2.succeed("ping -c 1 node1.simple") + ''; +} \ No newline at end of file