ryan
/
wirenix
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

make tests better

Browse Source
release
Matthew Salerno 1 year ago
parent d61f6edaa9
commit 4307607c64
12 changed files with 64 additions and 21 deletions
Show Stats Download Patch File Download Diff File

5
configurers/networkd.nix
Unescape Escape View File

@ -29,9 +29,10 @@ with getKeyProviderFuncs keyProviders inputs intermediateConfig localPeerName;
Name = "${shortName subnetName}";
};
wireguardConfig = {
PrivateKeyFile = getPrivKeyFile;
ListenPort = subnetConnection.listenPort;
} // (if getPrivKeyFile != null then {} else {privateKey = getPrivKey;});
# *PLEASE* do not use getPrivKeyfor anything but testing
PrivateKeyFile = getPrivKeyFile;
};
wireguardPeers = forEachAttrToList subnetConnection.peerConnections (remotePeerName: peerConnection: {
wireguardPeerConfig = {
Endpoint = "${peerConnection.endpoint.ip}:${builtins.toString peerConnection.endpoint.port}";

1
configurers/static.nix
Unescape Escape View File

@ -27,7 +27,6 @@ with getKeyProviderFuncs keyProviders inputs intermediateConfig localPeerName;
ips = subnetConnection.ipAddresses;
listenPort = subnetConnection.listenPort;
privateKeyFile = getPrivKeyFile;
privateKey = getPrivKey;
peers = forEachAttrToList subnetConnection.peerConnections (remotePeerName: peerConnection:
{
name = remotePeerName;

1
key-providers/acl.nix
Unescape Escape View File

@ -10,6 +10,5 @@ with builtins;
{
getPeerPubKey = remotePeerName: attrByPath [remotePeerName "publicKey"] null intermediateConfig.peers;
getPrivKeyFile = attrByPath [localPeerName "privateKeyFile"] null intermediateConfig.peers;
getPrivKey = attrByPath [localPeerName "privateKey"] null intermediateConfig.peers;
getSubnetPSKFile = subnetName: attrByPath [subnetName "presharedKeyFile"] null intermediateConfig.subnets;
}

1
key-providers/agenix-rekey.nix
Unescape Escape View File

@ -35,6 +35,5 @@ with builtins;
};
getPeerPubKey = remotePeerName: builtins.readFile (config.wirenix.secretsDir + /wirenix-peer-${remotePeerName}.pub);
getPrivKeyFile = config.age.secrets."wirenix-peer-${localPeerName}".path;
getPrivKey = null;
getSubnetPSKFile = subnetName: config.age.secrets."wirenix-subnet-${subnetName}".path;
}

4
lib.nix
Unescape Escape View File

@ -116,13 +116,11 @@ rec {
let
keyProviders = map (x: x inputs intermediateConfig peerName) keyProvidersUninitialized;
in
rec {
{
getPeerPubKey = otherPeerName: findFirst (x: x != null) (throw ("Wirenix: Could not find public key for " + otherPeerName))
(map (provider: provider.getPeerPubKey otherPeerName) keyProviders);
getPrivKeyFile = findFirst (x: x != null) (if getPrivKey == null then throw ("Wirenix: Could not find private key file for " + peerName) else null)
(map (provider: provider.getPrivKeyFile) keyProviders);
getPrivKey = findFirst (x: x != null) (null)
(map (provider: provider.getPrivKey) keyProviders);
getSubnetPSKFile = subnetName: findFirst (x: x != null) (null)
(map (provider: provider.getSubnetPSKFile subnetName) keyProviders);
getProviderConfig = foldl' (x: y: x // y) {} (map (provider: if provider ? config then provider.config else {}) keyProviders);

8
tests/acls/mesh.nix
Unescape Escape View File

@ -24,7 +24,7 @@
};
};
publicKey = "kdyzqV8cBQtDYeW6R1vUug0Oe+KaytHHDS7JoCp/kTE=";
privateKey = "MIELhEc0I7BseAanhk/+LlY/+Yf7GK232vKWITExnEI="; # path is relative to the machine
privateKeyFile = "/etc/wg-key";
endpoints = [
{
# no match can be any
@ -40,7 +40,7 @@
};
};
publicKey = "ztdAXTspQEZUNpxUbUdAhhRWbiL3YYWKSK0ZGdcsMHE=";
privateKey = "yG4mJiduoAvzhUJMslRbZwOp1gowSfC+wgY8B/Mul1M=";
privateKeyFile = "/etc/wg-key";
endpoints = [
{
# no match can be any
@ -57,7 +57,7 @@
};
};
publicKey = "43tP6JgckdTFrnbYuy8a42jdNt3+wwVcb4+ae5U4ez4=";
privateKey = "yPcTvQOK9eVXQjLNapOsv2iAkbOeSzCCxlrWPMe1o0g="; # path is relative to the machine
privateKeyFile = "/etc/wg-key";
endpoints = [
{
# no match can be any
@ -73,7 +73,7 @@
};
};
publicKey = "g6+Tq9aeVfm5CXPIwZDqoTxGmsQ/TlLtxcxVn2aSiVA=";
privateKey = "CLREBQ+oGXsGxhlQc3ufSoBd7MNFoM6KmMnNyuQ9S0E=";
privateKeyFile = "/etc/wg-key";
endpoints = [
{
# no match can be any

8
tests/acls/ring.nix
Unescape Escape View File

@ -24,7 +24,7 @@
};
};
publicKey = "kdyzqV8cBQtDYeW6R1vUug0Oe+KaytHHDS7JoCp/kTE=";
privateKey = "MIELhEc0I7BseAanhk/+LlY/+Yf7GK232vKWITExnEI="; # path is relative to the machine
privateKeyFile = "/etc/wg-key";
endpoints = [
{
# no match can be any
@ -40,7 +40,7 @@
};
};
publicKey = "ztdAXTspQEZUNpxUbUdAhhRWbiL3YYWKSK0ZGdcsMHE=";
privateKey = "yG4mJiduoAvzhUJMslRbZwOp1gowSfC+wgY8B/Mul1M=";
privateKeyFile = "/etc/wg-key";
endpoints = [
{
# no match can be any
@ -57,7 +57,7 @@
};
};
publicKey = "43tP6JgckdTFrnbYuy8a42jdNt3+wwVcb4+ae5U4ez4=";
privateKey = "yPcTvQOK9eVXQjLNapOsv2iAkbOeSzCCxlrWPMe1o0g="; # path is relative to the machine
privateKeyFile = "/etc/wg-key";
endpoints = [
{
# no match can be any
@ -73,7 +73,7 @@
};
};
publicKey = "g6+Tq9aeVfm5CXPIwZDqoTxGmsQ/TlLtxcxVn2aSiVA=";
privateKey = "CLREBQ+oGXsGxhlQc3ufSoBd7MNFoM6KmMnNyuQ9S0E=";
privateKeyFile = "/etc/wg-key";
endpoints = [
{
# no match can be any

6
tests/acls/simple.nix
Unescape Escape View File

@ -24,7 +24,8 @@
};
};
publicKey = "kdyzqV8cBQtDYeW6R1vUug0Oe+KaytHHDS7JoCp/kTE=";
privateKey = "MIELhEc0I7BseAanhk/+LlY/+Yf7GK232vKWITExnEI="; # path is relative to the machine
privateKeyFile = "/etc/wg-key";
#privateKey = "MIELhEc0I7BseAanhk/+LlY/+Yf7GK232vKWITExnEI="; # path is relative to the machine
endpoints = [
{
# no match can be any
@ -40,7 +41,8 @@
};
};
publicKey = "ztdAXTspQEZUNpxUbUdAhhRWbiL3YYWKSK0ZGdcsMHE=";
privateKey = "yG4mJiduoAvzhUJMslRbZwOp1gowSfC+wgY8B/Mul1M=";
privateKeyFile = "/etc/wg-key";
#privateKey = "yG4mJiduoAvzhUJMslRbZwOp1gowSfC+wgY8B/Mul1M=";
endpoints = [
{
# no match can be any

31
tests/mesh.nix
Unescape Escape View File

@ -15,6 +15,9 @@
enable = true;
aclConfig = import ./acls/mesh.nix;
};
environment.etc."wg-key" = {
text = "MIELhEc0I7BseAanhk/+LlY/+Yf7GK232vKWITExnEI=";
};
networking.firewall.enable = false;
};
@ -26,30 +29,51 @@
keyProviders = ["acl"];
aclConfig = import ./acls/mesh.nix;
};
environment.etc."wg-key" = {
text = "yG4mJiduoAvzhUJMslRbZwOp1gowSfC+wgY8B/Mul1M=";
};
networking.firewall.enable = false;
};
node3 = { self, pkgs, ... }: {
virtualisation.vlans = [ 1 ];
imports = [ self.nixosModules.default ];
systemd.network.enable = true;
wirenix = {
enable = true;
configurer = "networkd";
keyProviders = ["acl"];
peerName = "node3";
aclConfig = import ./acls/mesh.nix;
};
environment.etc."wg-key" = {
text = "yPcTvQOK9eVXQjLNapOsv2iAkbOeSzCCxlrWPMe1o0g=";
mode = "0640";
user = "root";
group = "systemd-network";
};
environment.systemPackages = [pkgs.wireguard-tools];
networking.firewall.enable = false;
};
node4 = { self, pkgs, ... }: {
virtualisation.vlans = [ 1 ];
imports = [ self.nixosModules.default ];
systemd.network.enable = true;
wirenix = {
enable = true;
configurer = "networkd";
keyProviders = ["acl"];
peerName = "node4";
aclConfig = import ./acls/mesh.nix;
};
environment.etc."wg-key" = {
text = "CLREBQ+oGXsGxhlQc3ufSoBd7MNFoM6KmMnNyuQ9S0E=";
mode = "0640";
user = "root";
group = "systemd-network";
};
environment.systemPackages = [pkgs.wireguard-tools];
networking.firewall.enable = false;
};
};
@ -63,8 +87,11 @@
"node4": node4
}
for local_name, local_node in nodes.items():
for remote_node in set(nodes.keys()) - set([local_name]):
local_node.wait_for_unit(f"wireguard-mesh-peer-{remote_node}")
if local_name == "node1" or local_name == "node2":
for remote_node in set(nodes.keys()) - set([local_name]):
local_node.wait_for_unit(f"wireguard-mesh-peer-{remote_node}")
node3.wait_for_unit("systemd-networkd-wait-online")
node4.wait_for_unit("systemd-networkd-wait-online")
for local_name, local_node in nodes.items():
local_node.succeed("wg show >&2")
for remote_name in set(nodes.keys()) - set([local_name]):

2
tests/null.nix
Unescape Escape View File

@ -4,7 +4,7 @@
* file, You can obtain one at https://mozilla.org/MPL/2.0/.
*/
(import ./lib.nix) {
name = "Null test, should always pass";
name = "null test";
nodes = {
# `self` here is set by using specialArgs in `lib.nix`
node1 = { self, pkgs, ... }: {

12
tests/ring.nix
Unescape Escape View File

@ -15,6 +15,9 @@
enable = true;
aclConfig = import ./acls/ring.nix;
};
environment.etc."wg-key" = {
text = "MIELhEc0I7BseAanhk/+LlY/+Yf7GK232vKWITExnEI=";
};
networking.firewall.enable = false;
};
@ -26,6 +29,9 @@
keyProviders = ["acl"];
aclConfig = import ./acls/ring.nix;
};
environment.etc."wg-key" = {
text = "yG4mJiduoAvzhUJMslRbZwOp1gowSfC+wgY8B/Mul1M=";
};
networking.firewall.enable = false;
};
@ -38,6 +44,9 @@
peerName = "node3";
aclConfig = import ./acls/ring.nix;
};
environment.etc."wg-key" = {
text = "yPcTvQOK9eVXQjLNapOsv2iAkbOeSzCCxlrWPMe1o0g=";
};
networking.firewall.enable = false;
};
@ -50,6 +59,9 @@
peerName = "node4";
aclConfig = import ./acls/ring.nix;
};
environment.etc."wg-key" = {
text = "CLREBQ+oGXsGxhlQc3ufSoBd7MNFoM6KmMnNyuQ9S0E=";
};
networking.firewall.enable = false;
};
};

6
tests/simple.nix
Unescape Escape View File

@ -17,6 +17,9 @@
peerName = "node1";
aclConfig = import ./acls/simple.nix;
};
environment.etc."wg-key" = {
text = "MIELhEc0I7BseAanhk/+LlY/+Yf7GK232vKWITExnEI=";
};
networking.firewall.enable = false;
};
@ -29,6 +32,9 @@
peerName = "node2";
aclConfig = import ./acls/simple.nix;
};
environment.etc."wg-key" = {
text = "yG4mJiduoAvzhUJMslRbZwOp1gowSfC+wgY8B/Mul1M=";
};
networking.firewall.enable = false;
};
};

Write Preview
Loading…
Cancel
Save