From 45b70c90636eee57d49ebac348e345912be226da Mon Sep 17 00:00:00 2001 From: Matthew Salerno Date: Mon, 18 Sep 2023 16:04:49 -0400 Subject: [PATCH] added manual ip tests and resulting fixes --- configurers/networkd.nix | 4 ++-- configurers/static.nix | 4 ++-- flake.nix | 3 +++ lib.nix | 2 +- tests/acls/manual-ipv4.nix | 10 +++++----- tests/acls/manual-ipv6-auto.nix | 14 ++++++-------- tests/acls/manual-ipv6.nix | 12 +++++------- tests/acls/simple.nix | 2 -- tests/manual-ipv4.nix | 10 +++++----- tests/manual-ipv6-auto.nix | 10 +++++----- tests/manual-ipv6.nix | 8 ++++---- tests/simple.nix | 1 + 12 files changed, 39 insertions(+), 41 deletions(-) diff --git a/configurers/networkd.nix b/configurers/networkd.nix index 8284585..c7a42cb 100644 --- a/configurers/networkd.nix +++ b/configurers/networkd.nix @@ -19,8 +19,8 @@ let in with getKeyProviderFuncs keyProviders inputs intermediateConfig localPeerName; { - networking.extraHosts = concatStringsSep "\n" (concatLists ( concatLists (forEachAttrToList thisPeer.subnetConnections (subnetName: subnetConnection: - forEachAttrToList subnetConnection.peerConnections (remotePeerName: peerConnection: forEach peerConnection.ipAddresses (ip: "${asIp ip} ${remotePeerName}.${subnetName}")) + networking.hosts = foldl' (mergeAttrs) {} (concatLists ( concatLists (forEachAttrToList thisPeer.subnetConnections (subnetName: subnetConnection: + forEachAttrToList subnetConnection.peerConnections (remotePeerName: peerConnection: forEach peerConnection.ipAddresses (ip: {"${asIp ip}" = ["${remotePeerName}.${subnetName}"];})) )))); systemd.network = { netdevs = forEachAttr' thisPeer.subnetConnections (subnetName: subnetConnection: nameValuePair "50-${shortName subnetName}" { diff --git a/configurers/static.nix b/configurers/static.nix index 8a303fb..af7797e 100644 --- a/configurers/static.nix +++ b/configurers/static.nix @@ -18,8 +18,8 @@ let in with getKeyProviderFuncs keyProviders inputs intermediateConfig localPeerName; { - networking.extraHosts = concatStringsSep "\n" (concatLists ( concatLists (forEachAttrToList thisPeer.subnetConnections (subnetName: subnetConnection: - forEachAttrToList subnetConnection.peerConnections (remotePeerName: peerConnection: forEach peerConnection.ipAddresses (ip: "${asIp ip} ${remotePeerName}.${subnetName}")) + networking.hosts = foldl' (mergeAttrs) {} (concatLists ( concatLists (forEachAttrToList thisPeer.subnetConnections (subnetName: subnetConnection: + forEachAttrToList subnetConnection.peerConnections (remotePeerName: peerConnection: forEach peerConnection.ipAddresses (ip: {"${asIp ip}" = ["${remotePeerName}.${subnetName}"];})) )))); networking.wireguard = { interfaces = forEachAttr' thisPeer.subnetConnections (subnetName: subnetConnection: nameValuePair "${head (strings.splitString "." subnetName)}" diff --git a/flake.nix b/flake.nix index 6ed6050..45f32f6 100644 --- a/flake.nix +++ b/flake.nix @@ -26,6 +26,9 @@ simple = import ./tests/simple.nix checkArgs; mesh = import ./tests/mesh.nix checkArgs; ring = import ./tests/ring.nix checkArgs; + manual-ipv4 = import ./tests/manual-ipv4.nix checkArgs; + manual-ipv6 = import ./tests/manual-ipv6.nix checkArgs; + manual-ipv6-auto = import ./tests/manual-ipv6-auto.nix checkArgs; }); }; } diff --git a/lib.nix b/lib.nix index 6b2e2d0..24fd9d5 100644 --- a/lib.nix +++ b/lib.nix @@ -133,6 +133,6 @@ rec { asIp = cidr: head (filter (item: item != []) (split "/" cidr)); isIpv6 = ip: match ".*:.*" ip != null; isCidr = cidr: match ".*/.*" cidr != null; - asCidr' = ifv6: ifv4: ip: if (isCidr ip) then ip else if isIpv6 ip then ip+"/"+ifv6 else ip+"/"+ifv6; + asCidr' = ifv6: ifv4: ip: if (isCidr ip) then ip else if isIpv6 ip then ip+"/"+ifv6 else ip+"/"+ifv4; asCidr = asCidr' "128" "32"; } \ No newline at end of file diff --git a/tests/acls/manual-ipv4.nix b/tests/acls/manual-ipv4.nix index eb0bd0e..aaf602b 100644 --- a/tests/acls/manual-ipv4.nix +++ b/tests/acls/manual-ipv4.nix @@ -2,7 +2,7 @@ version = "v1"; subnets = [ { - name = "manual-ipv4"; + name = "manual"; endpoints = [ { # No match mean match any @@ -18,7 +18,7 @@ { name = "node1"; subnets = { - manual-ipv4 = { + manual = { ipAddresses = [ "10.0.0.1" ]; @@ -38,7 +38,7 @@ { name = "node2"; subnets = { - manual-ipv4 = { + manual = { ipAddresses = [ "10.0.0.2" ]; @@ -58,8 +58,8 @@ ]; connections = [ { - a = [{type= "subnet"; rule = "is"; value = "manual-ipv4";}]; - b = [{type= "subnet"; rule = "is"; value = "manual-ipv4";}]; + a = [{type= "subnet"; rule = "is"; value = "manual";}]; + b = [{type= "subnet"; rule = "is"; value = "manual";}]; } ]; } \ No newline at end of file diff --git a/tests/acls/manual-ipv6-auto.nix b/tests/acls/manual-ipv6-auto.nix index 3e5c7f9..fac873b 100644 --- a/tests/acls/manual-ipv6-auto.nix +++ b/tests/acls/manual-ipv6-auto.nix @@ -2,7 +2,7 @@ version = "v1"; subnets = [ { - name = "manual-ipv6-auto"; + name = "manual"; endpoints = [ { # No match mean match any @@ -18,16 +18,15 @@ { name = "node1"; subnets = { - manual-ipv6-auto = { + manual = { ipAddresses = [ - "auto" + "auto" # "auto" explicitly generates an ipv6 address, opposed to implicitly via not having an `ipAddresses` property ]; listenPort = 51820; }; }; publicKey = "kdyzqV8cBQtDYeW6R1vUug0Oe+KaytHHDS7JoCp/kTE="; privateKeyFile = "/etc/wg-key"; - #privateKey = "MIELhEc0I7BseAanhk/+LlY/+Yf7GK232vKWITExnEI="; # path is relative to the machine endpoints = [ { # no match can be any @@ -38,7 +37,7 @@ { name = "node2"; subnets = { - manual-ipv6-auto = { + manual = { ipAddresses = [ "auto" ]; @@ -47,7 +46,6 @@ }; publicKey = "ztdAXTspQEZUNpxUbUdAhhRWbiL3YYWKSK0ZGdcsMHE="; privateKeyFile = "/etc/wg-key"; - #privateKey = "yG4mJiduoAvzhUJMslRbZwOp1gowSfC+wgY8B/Mul1M="; endpoints = [ { # no match can be any @@ -58,8 +56,8 @@ ]; connections = [ { - a = [{type= "subnet"; rule = "is"; value = "manual-ipv6-auto";}]; - b = [{type= "subnet"; rule = "is"; value = "manual-ipv6-auto";}]; + a = [{type= "subnet"; rule = "is"; value = "manual";}]; + b = [{type= "subnet"; rule = "is"; value = "manual";}]; } ]; } \ No newline at end of file diff --git a/tests/acls/manual-ipv6.nix b/tests/acls/manual-ipv6.nix index b998f93..7c2e556 100644 --- a/tests/acls/manual-ipv6.nix +++ b/tests/acls/manual-ipv6.nix @@ -2,7 +2,7 @@ version = "v1"; subnets = [ { - name = "manual-ipv6"; + name = "manual"; endpoints = [ { # No match mean match any @@ -18,7 +18,7 @@ { name = "node1"; subnets = { - manual-ipv6 = { + manual = { ipAddresses = [ "fc00::1" ]; @@ -27,7 +27,6 @@ }; publicKey = "kdyzqV8cBQtDYeW6R1vUug0Oe+KaytHHDS7JoCp/kTE="; privateKeyFile = "/etc/wg-key"; - #privateKey = "MIELhEc0I7BseAanhk/+LlY/+Yf7GK232vKWITExnEI="; # path is relative to the machine endpoints = [ { # no match can be any @@ -38,7 +37,7 @@ { name = "node2"; subnets = { - manual-ipv6 = { + manual = { ipAddresses = [ "fc00::2" ]; @@ -47,7 +46,6 @@ }; publicKey = "ztdAXTspQEZUNpxUbUdAhhRWbiL3YYWKSK0ZGdcsMHE="; privateKeyFile = "/etc/wg-key"; - #privateKey = "yG4mJiduoAvzhUJMslRbZwOp1gowSfC+wgY8B/Mul1M="; endpoints = [ { # no match can be any @@ -58,8 +56,8 @@ ]; connections = [ { - a = [{type= "subnet"; rule = "is"; value = "manual-ipv6";}]; - b = [{type= "subnet"; rule = "is"; value = "manual-ipv6";}]; + a = [{type= "subnet"; rule = "is"; value = "manual";}]; + b = [{type= "subnet"; rule = "is"; value = "manual";}]; } ]; } \ No newline at end of file diff --git a/tests/acls/simple.nix b/tests/acls/simple.nix index 0436bbf..90db8a6 100644 --- a/tests/acls/simple.nix +++ b/tests/acls/simple.nix @@ -25,7 +25,6 @@ }; publicKey = "kdyzqV8cBQtDYeW6R1vUug0Oe+KaytHHDS7JoCp/kTE="; privateKeyFile = "/etc/wg-key"; - #privateKey = "MIELhEc0I7BseAanhk/+LlY/+Yf7GK232vKWITExnEI="; # path is relative to the machine endpoints = [ { # no match can be any @@ -42,7 +41,6 @@ }; publicKey = "ztdAXTspQEZUNpxUbUdAhhRWbiL3YYWKSK0ZGdcsMHE="; privateKeyFile = "/etc/wg-key"; - #privateKey = "yG4mJiduoAvzhUJMslRbZwOp1gowSfC+wgY8B/Mul1M="; endpoints = [ { # no match can be any diff --git a/tests/manual-ipv4.nix b/tests/manual-ipv4.nix index 969366f..a2241bf 100644 --- a/tests/manual-ipv4.nix +++ b/tests/manual-ipv4.nix @@ -5,7 +5,7 @@ */ (import ./lib.nix) { - name = "manual ipv6 connection"; + name = "manual ipv4 connection"; nodes = { # `self` here is set by using specialArgs in `lib.nix` node1 = { self, pkgs, ... }: { @@ -41,13 +41,13 @@ # This is the test code that will check if our service is running correctly: testScript = '' start_all() - node1.wait_for_unit("wireguard-simple-peer-node2") - node2.wait_for_unit("wireguard-simple-peer-node1") + node1.wait_for_unit("wireguard-manual-peer-node2") + node2.wait_for_unit("wireguard-manual-peer-node1") node1.succeed("ping -c 1 node2 >&2") node1.succeed("wg show >&2") node2.succeed("ping -c 1 node1 >&2") node2.succeed("wg show >&2") - node1.succeed("ping -c 1 node2.simple") - node2.succeed("ping -c 1 node1.simple") + node1.succeed("ping -c 1 node2.manual") + node2.succeed("ping -c 1 node1.manual") ''; } \ No newline at end of file diff --git a/tests/manual-ipv6-auto.nix b/tests/manual-ipv6-auto.nix index c3409af..896f945 100644 --- a/tests/manual-ipv6-auto.nix +++ b/tests/manual-ipv6-auto.nix @@ -5,7 +5,7 @@ */ (import ./lib.nix) { - name = "manual ipv6 connection"; + name = "explicit auto ipv6 connection"; nodes = { # `self` here is set by using specialArgs in `lib.nix` node1 = { self, pkgs, ... }: { @@ -41,13 +41,13 @@ # This is the test code that will check if our service is running correctly: testScript = '' start_all() - node1.wait_for_unit("wireguard-simple-peer-node2") - node2.wait_for_unit("wireguard-simple-peer-node1") + node1.wait_for_unit("wireguard-manual-peer-node2") + node2.wait_for_unit("wireguard-manual-peer-node1") node1.succeed("ping -c 1 node2 >&2") node1.succeed("wg show >&2") node2.succeed("ping -c 1 node1 >&2") node2.succeed("wg show >&2") - node1.succeed("ping -c 1 node2.simple") - node2.succeed("ping -c 1 node1.simple") + node1.succeed("ping -c 1 node2.manual") + node2.succeed("ping -c 1 node1.manual") ''; } \ No newline at end of file diff --git a/tests/manual-ipv6.nix b/tests/manual-ipv6.nix index ffdb687..45ea048 100644 --- a/tests/manual-ipv6.nix +++ b/tests/manual-ipv6.nix @@ -41,13 +41,13 @@ # This is the test code that will check if our service is running correctly: testScript = '' start_all() - node1.wait_for_unit("wireguard-simple-peer-node2") - node2.wait_for_unit("wireguard-simple-peer-node1") + node1.wait_for_unit("wireguard-manual-peer-node2") + node2.wait_for_unit("wireguard-manual-peer-node1") node1.succeed("ping -c 1 node2 >&2") node1.succeed("wg show >&2") node2.succeed("ping -c 1 node1 >&2") node2.succeed("wg show >&2") - node1.succeed("ping -c 1 node2.simple") - node2.succeed("ping -c 1 node1.simple") + node1.succeed("ping -c 1 node2.manual") + node2.succeed("ping -c 1 node1.manual") ''; } \ No newline at end of file diff --git a/tests/simple.nix b/tests/simple.nix index 6ede5f3..687d909 100644 --- a/tests/simple.nix +++ b/tests/simple.nix @@ -17,6 +17,7 @@ peerName = "node1"; aclConfig = import ./acls/simple.nix; }; + # Don't do this! This is for testing only! environment.etc."wg-key" = { text = "MIELhEc0I7BseAanhk/+LlY/+Yf7GK232vKWITExnEI="; };