added manual ip tests and resulting fixes

1 year ago · 45b70c9063
parent 3d49ebff29
commit 45b70c9063
12 changed files with 39 additions and 41 deletions
--- a/configurers/networkd.nix
+++ b/configurers/networkd.nix
@ -19,8 +19,8 @@ let
 in
 with getKeyProviderFuncs keyProviders inputs intermediateConfig localPeerName;
 {
-  networking.extraHosts = concatStringsSep "\n" (concatLists ( concatLists (forEachAttrToList thisPeer.subnetConnections (subnetName: subnetConnection: 
+  networking.hosts = foldl' (mergeAttrs) {} (concatLists ( concatLists (forEachAttrToList thisPeer.subnetConnections (subnetName: subnetConnection: 
-    forEachAttrToList subnetConnection.peerConnections (remotePeerName: peerConnection: forEach peerConnection.ipAddresses (ip: "${asIp ip} ${remotePeerName}.${subnetName}"))
+    forEachAttrToList subnetConnection.peerConnections (remotePeerName: peerConnection: forEach peerConnection.ipAddresses (ip: {"${asIp ip}" = ["${remotePeerName}.${subnetName}"];}))
  )))); 
  systemd.network = { 
    netdevs = forEachAttr' thisPeer.subnetConnections (subnetName: subnetConnection: nameValuePair "50-${shortName subnetName}" { 
--- a/configurers/static.nix
+++ b/configurers/static.nix
@ -18,8 +18,8 @@ let
 in
 with getKeyProviderFuncs keyProviders inputs intermediateConfig localPeerName;
 {
-  networking.extraHosts = concatStringsSep "\n" (concatLists ( concatLists (forEachAttrToList thisPeer.subnetConnections (subnetName: subnetConnection: 
+  networking.hosts = foldl' (mergeAttrs) {} (concatLists ( concatLists (forEachAttrToList thisPeer.subnetConnections (subnetName: subnetConnection: 
-    forEachAttrToList subnetConnection.peerConnections (remotePeerName: peerConnection: forEach peerConnection.ipAddresses (ip: "${asIp ip} ${remotePeerName}.${subnetName}"))
+    forEachAttrToList subnetConnection.peerConnections (remotePeerName: peerConnection: forEach peerConnection.ipAddresses (ip: {"${asIp ip}" = ["${remotePeerName}.${subnetName}"];}))
  )))); 
  networking.wireguard = {
    interfaces = forEachAttr' thisPeer.subnetConnections (subnetName: subnetConnection: nameValuePair "${head (strings.splitString "." subnetName)}"
--- a/flake.nix
+++ b/flake.nix
@ -26,6 +26,9 @@
      simple = import ./tests/simple.nix checkArgs;
      mesh = import ./tests/mesh.nix checkArgs;
      ring = import ./tests/ring.nix checkArgs;
      manual-ipv4 = import ./tests/manual-ipv4.nix checkArgs;
      manual-ipv6 = import ./tests/manual-ipv6.nix checkArgs;
      manual-ipv6-auto = import ./tests/manual-ipv6-auto.nix checkArgs;
    });
  };
 }
--- a/lib.nix
+++ b/lib.nix
@ -133,6 +133,6 @@ rec {
    asIp = cidr: head (filter (item: item != []) (split "/" cidr));
    isIpv6 = ip: match ".*:.*" ip != null;
    isCidr = cidr: match ".*/.*" cidr != null;
-    asCidr' = ifv6: ifv4: ip: if (isCidr ip) then ip else if isIpv6 ip then ip+"/"+ifv6 else ip+"/"+ifv6;
+    asCidr' = ifv6: ifv4: ip: if (isCidr ip) then ip else if isIpv6 ip then ip+"/"+ifv6 else ip+"/"+ifv4;
    asCidr = asCidr' "128" "32";
 }
--- a/tests/acls/manual-ipv4.nix
+++ b/tests/acls/manual-ipv4.nix
@ -2,7 +2,7 @@
  version = "v1";
  subnets = [
    {
-      name = "manual-ipv4";
+      name = "manual";
      endpoints = [
        {
          # No match mean match any
@ -18,7 +18,7 @@
    {
      name = "node1";
      subnets = {
-        manual-ipv4 = {
+        manual = {
          ipAddresses = [
            "10.0.0.1"
          ];
@ -38,7 +38,7 @@
    {
      name = "node2";
      subnets = {
-        manual-ipv4 = {
+        manual = {
          ipAddresses = [
            "10.0.0.2"
          ];
@ -58,8 +58,8 @@
  ];
  connections = [
    {
-      a = [{type= "subnet"; rule = "is"; value = "manual-ipv4";}];
+      a = [{type= "subnet"; rule = "is"; value = "manual";}];
-      b = [{type= "subnet"; rule = "is"; value = "manual-ipv4";}];
+      b = [{type= "subnet"; rule = "is"; value = "manual";}];
    }
  ];
 }
--- a/tests/acls/manual-ipv6-auto.nix
+++ b/tests/acls/manual-ipv6-auto.nix
@ -2,7 +2,7 @@
  version = "v1";
  subnets = [
    {
-      name = "manual-ipv6-auto";
+      name = "manual";
      endpoints = [
        {
          # No match mean match any
@ -18,16 +18,15 @@
    {
      name = "node1";
      subnets = {
-        manual-ipv6-auto = {
+        manual = {
          ipAddresses = [
-            "auto"
+            "auto" # "auto" explicitly generates an ipv6 address, opposed to implicitly via not having an `ipAddresses` property
          ];
          listenPort = 51820;
        };
      };
      publicKey = "kdyzqV8cBQtDYeW6R1vUug0Oe+KaytHHDS7JoCp/kTE=";
      privateKeyFile = "/etc/wg-key";
      #privateKey = "MIELhEc0I7BseAanhk/+LlY/+Yf7GK232vKWITExnEI=";  # path is relative to the machine
      endpoints = [
        {
          # no match can be any
@ -38,7 +37,7 @@
    {
      name = "node2";
      subnets = {
-        manual-ipv6-auto = {
+        manual = {
          ipAddresses = [
            "auto"
          ];
@ -47,7 +46,6 @@
      };
      publicKey = "ztdAXTspQEZUNpxUbUdAhhRWbiL3YYWKSK0ZGdcsMHE=";
      privateKeyFile = "/etc/wg-key";
      #privateKey = "yG4mJiduoAvzhUJMslRbZwOp1gowSfC+wgY8B/Mul1M=";
      endpoints = [
        {
          # no match can be any
@ -58,8 +56,8 @@
  ];
  connections = [
    {
-      a = [{type= "subnet"; rule = "is"; value = "manual-ipv6-auto";}];
+      a = [{type= "subnet"; rule = "is"; value = "manual";}];
-      b = [{type= "subnet"; rule = "is"; value = "manual-ipv6-auto";}];
+      b = [{type= "subnet"; rule = "is"; value = "manual";}];
    }
  ];
 }
--- a/tests/acls/manual-ipv6.nix
+++ b/tests/acls/manual-ipv6.nix
@ -2,7 +2,7 @@
  version = "v1";
  subnets = [
    {
-      name = "manual-ipv6";
+      name = "manual";
      endpoints = [
        {
          # No match mean match any
@ -18,7 +18,7 @@
    {
      name = "node1";
      subnets = {
-        manual-ipv6 = {
+        manual = {
          ipAddresses = [
            "fc00::1"
          ];
@ -27,7 +27,6 @@
      };
      publicKey = "kdyzqV8cBQtDYeW6R1vUug0Oe+KaytHHDS7JoCp/kTE=";
      privateKeyFile = "/etc/wg-key";
      #privateKey = "MIELhEc0I7BseAanhk/+LlY/+Yf7GK232vKWITExnEI=";  # path is relative to the machine
      endpoints = [
        {
          # no match can be any
@ -38,7 +37,7 @@
    {
      name = "node2";
      subnets = {
-        manual-ipv6 = {
+        manual = {
          ipAddresses = [
            "fc00::2"
          ];
@ -47,7 +46,6 @@
      };
      publicKey = "ztdAXTspQEZUNpxUbUdAhhRWbiL3YYWKSK0ZGdcsMHE=";
      privateKeyFile = "/etc/wg-key";
      #privateKey = "yG4mJiduoAvzhUJMslRbZwOp1gowSfC+wgY8B/Mul1M=";
      endpoints = [
        {
          # no match can be any
@ -58,8 +56,8 @@
  ];
  connections = [
    {
-      a = [{type= "subnet"; rule = "is"; value = "manual-ipv6";}];
+      a = [{type= "subnet"; rule = "is"; value = "manual";}];
-      b = [{type= "subnet"; rule = "is"; value = "manual-ipv6";}];
+      b = [{type= "subnet"; rule = "is"; value = "manual";}];
    }
  ];
 }
--- a/tests/acls/simple.nix
+++ b/tests/acls/simple.nix
@ -25,7 +25,6 @@
      };
      publicKey = "kdyzqV8cBQtDYeW6R1vUug0Oe+KaytHHDS7JoCp/kTE=";
      privateKeyFile = "/etc/wg-key";
      #privateKey = "MIELhEc0I7BseAanhk/+LlY/+Yf7GK232vKWITExnEI=";  # path is relative to the machine
      endpoints = [
        {
          # no match can be any
@ -42,7 +41,6 @@
      };
      publicKey = "ztdAXTspQEZUNpxUbUdAhhRWbiL3YYWKSK0ZGdcsMHE=";
      privateKeyFile = "/etc/wg-key";
      #privateKey = "yG4mJiduoAvzhUJMslRbZwOp1gowSfC+wgY8B/Mul1M=";
      endpoints = [
        {
          # no match can be any
--- a/tests/manual-ipv4.nix
+++ b/tests/manual-ipv4.nix
@ -5,7 +5,7 @@
 */
 (import ./lib.nix)
 {
-  name = "manual ipv6 connection";
+  name = "manual ipv4 connection";
  nodes = {
    # `self` here is set by using specialArgs in `lib.nix`
    node1 = { self, pkgs, ... }: {
@ -41,13 +41,13 @@
  # This is the test code that will check if our service is running correctly:
  testScript = ''
    start_all()
-    node1.wait_for_unit("wireguard-simple-peer-node2")
+    node1.wait_for_unit("wireguard-manual-peer-node2")
-    node2.wait_for_unit("wireguard-simple-peer-node1")
+    node2.wait_for_unit("wireguard-manual-peer-node1")
    node1.succeed("ping -c 1 node2 >&2")
    node1.succeed("wg show >&2")
    node2.succeed("ping -c 1 node1 >&2")
    node2.succeed("wg show >&2")
-    node1.succeed("ping -c 1 node2.simple")
+    node1.succeed("ping -c 1 node2.manual")
-    node2.succeed("ping -c 1 node1.simple")
+    node2.succeed("ping -c 1 node1.manual")
  '';
 }
--- a/tests/manual-ipv6-auto.nix
+++ b/tests/manual-ipv6-auto.nix
@ -5,7 +5,7 @@
 */
 (import ./lib.nix)
 {
-  name = "manual ipv6 connection";
+  name = "explicit auto ipv6 connection";
  nodes = {
    # `self` here is set by using specialArgs in `lib.nix`
    node1 = { self, pkgs, ... }: {
@ -41,13 +41,13 @@
  # This is the test code that will check if our service is running correctly:
  testScript = ''
    start_all()
-    node1.wait_for_unit("wireguard-simple-peer-node2")
+    node1.wait_for_unit("wireguard-manual-peer-node2")
-    node2.wait_for_unit("wireguard-simple-peer-node1")
+    node2.wait_for_unit("wireguard-manual-peer-node1")
    node1.succeed("ping -c 1 node2 >&2")
    node1.succeed("wg show >&2")
    node2.succeed("ping -c 1 node1 >&2")
    node2.succeed("wg show >&2")
-    node1.succeed("ping -c 1 node2.simple")
+    node1.succeed("ping -c 1 node2.manual")
-    node2.succeed("ping -c 1 node1.simple")
+    node2.succeed("ping -c 1 node1.manual")
  '';
 }
--- a/tests/manual-ipv6.nix
+++ b/tests/manual-ipv6.nix
@ -41,13 +41,13 @@
  # This is the test code that will check if our service is running correctly:
  testScript = ''
    start_all()
-    node1.wait_for_unit("wireguard-simple-peer-node2")
+    node1.wait_for_unit("wireguard-manual-peer-node2")
-    node2.wait_for_unit("wireguard-simple-peer-node1")
+    node2.wait_for_unit("wireguard-manual-peer-node1")
    node1.succeed("ping -c 1 node2 >&2")
    node1.succeed("wg show >&2")
    node2.succeed("ping -c 1 node1 >&2")
    node2.succeed("wg show >&2")
-    node1.succeed("ping -c 1 node2.simple")
+    node1.succeed("ping -c 1 node2.manual")
-    node2.succeed("ping -c 1 node1.simple")
+    node2.succeed("ping -c 1 node1.manual")
  '';
 }
--- a/tests/simple.nix
+++ b/tests/simple.nix
@ -17,6 +17,7 @@
        peerName = "node1";
        aclConfig = import ./acls/simple.nix;
      };
      # Don't do this! This is for testing only!
      environment.etc."wg-key" = {
        text = "MIELhEc0I7BseAanhk/+LlY/+Yf7GK232vKWITExnEI=";
      };