ryan
/
wirenix
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

added manual ip tests and resulting fixes

Browse Source
release
Matthew Salerno 1 year ago
parent 3d49ebff29
commit 45b70c9063
12 changed files with 39 additions and 41 deletions
Show Stats Download Patch File Download Diff File

4
configurers/networkd.nix
Unescape Escape View File

@ -19,8 +19,8 @@ let
in
with getKeyProviderFuncs keyProviders inputs intermediateConfig localPeerName;
{
networking.extraHosts = concatStringsSep "\n" (concatLists ( concatLists (forEachAttrToList thisPeer.subnetConnections (subnetName: subnetConnection:
forEachAttrToList subnetConnection.peerConnections (remotePeerName: peerConnection: forEach peerConnection.ipAddresses (ip: "${asIp ip} ${remotePeerName}.${subnetName}"))
networking.hosts = foldl' (mergeAttrs) {} (concatLists ( concatLists (forEachAttrToList thisPeer.subnetConnections (subnetName: subnetConnection:
forEachAttrToList subnetConnection.peerConnections (remotePeerName: peerConnection: forEach peerConnection.ipAddresses (ip: {"${asIp ip}" = ["${remotePeerName}.${subnetName}"];}))
))));
systemd.network = {
netdevs = forEachAttr' thisPeer.subnetConnections (subnetName: subnetConnection: nameValuePair "50-${shortName subnetName}" {

4
configurers/static.nix
Unescape Escape View File

@ -18,8 +18,8 @@ let
in
with getKeyProviderFuncs keyProviders inputs intermediateConfig localPeerName;
{
networking.extraHosts = concatStringsSep "\n" (concatLists ( concatLists (forEachAttrToList thisPeer.subnetConnections (subnetName: subnetConnection:
forEachAttrToList subnetConnection.peerConnections (remotePeerName: peerConnection: forEach peerConnection.ipAddresses (ip: "${asIp ip} ${remotePeerName}.${subnetName}"))
networking.hosts = foldl' (mergeAttrs) {} (concatLists ( concatLists (forEachAttrToList thisPeer.subnetConnections (subnetName: subnetConnection:
forEachAttrToList subnetConnection.peerConnections (remotePeerName: peerConnection: forEach peerConnection.ipAddresses (ip: {"${asIp ip}" = ["${remotePeerName}.${subnetName}"];}))
))));
networking.wireguard = {
interfaces = forEachAttr' thisPeer.subnetConnections (subnetName: subnetConnection: nameValuePair "${head (strings.splitString "." subnetName)}"

3
flake.nix
Unescape Escape View File

@ -26,6 +26,9 @@
simple = import ./tests/simple.nix checkArgs;
mesh = import ./tests/mesh.nix checkArgs;
ring = import ./tests/ring.nix checkArgs;
manual-ipv4 = import ./tests/manual-ipv4.nix checkArgs;
manual-ipv6 = import ./tests/manual-ipv6.nix checkArgs;
manual-ipv6-auto = import ./tests/manual-ipv6-auto.nix checkArgs;
});
};
}

2
lib.nix
Unescape Escape View File

@ -133,6 +133,6 @@ rec {
asIp = cidr: head (filter (item: item != []) (split "/" cidr));
isIpv6 = ip: match ".*:.*" ip != null;
isCidr = cidr: match ".*/.*" cidr != null;
asCidr' = ifv6: ifv4: ip: if (isCidr ip) then ip else if isIpv6 ip then ip+"/"+ifv6 else ip+"/"+ifv6;
asCidr' = ifv6: ifv4: ip: if (isCidr ip) then ip else if isIpv6 ip then ip+"/"+ifv6 else ip+"/"+ifv4;
asCidr = asCidr' "128" "32";
}

10
tests/acls/manual-ipv4.nix
Unescape Escape View File

@ -2,7 +2,7 @@
version = "v1";
subnets = [
{
name = "manual-ipv4";
name = "manual";
endpoints = [
{
# No match mean match any
@ -18,7 +18,7 @@
{
name = "node1";
subnets = {
manual-ipv4 = {
manual = {
ipAddresses = [
"10.0.0.1"
];
@ -38,7 +38,7 @@
{
name = "node2";
subnets = {
manual-ipv4 = {
manual = {
ipAddresses = [
"10.0.0.2"
];
@ -58,8 +58,8 @@
];
connections = [
{
a = [{type= "subnet"; rule = "is"; value = "manual-ipv4";}];
b = [{type= "subnet"; rule = "is"; value = "manual-ipv4";}];
a = [{type= "subnet"; rule = "is"; value = "manual";}];
b = [{type= "subnet"; rule = "is"; value = "manual";}];
}
];
}

14
tests/acls/manual-ipv6-auto.nix
Unescape Escape View File

@ -2,7 +2,7 @@
version = "v1";
subnets = [
{
name = "manual-ipv6-auto";
name = "manual";
endpoints = [
{
# No match mean match any
@ -18,16 +18,15 @@
{
name = "node1";
subnets = {
manual-ipv6-auto = {
manual = {
ipAddresses = [
"auto"
"auto" # "auto" explicitly generates an ipv6 address, opposed to implicitly via not having an `ipAddresses` property
];
listenPort = 51820;
};
};
publicKey = "kdyzqV8cBQtDYeW6R1vUug0Oe+KaytHHDS7JoCp/kTE=";
privateKeyFile = "/etc/wg-key";
#privateKey = "MIELhEc0I7BseAanhk/+LlY/+Yf7GK232vKWITExnEI="; # path is relative to the machine
endpoints = [
{
# no match can be any
@ -38,7 +37,7 @@
{
name = "node2";
subnets = {
manual-ipv6-auto = {
manual = {
ipAddresses = [
"auto"
];
@ -47,7 +46,6 @@
};
publicKey = "ztdAXTspQEZUNpxUbUdAhhRWbiL3YYWKSK0ZGdcsMHE=";
privateKeyFile = "/etc/wg-key";
#privateKey = "yG4mJiduoAvzhUJMslRbZwOp1gowSfC+wgY8B/Mul1M=";
endpoints = [
{
# no match can be any
@ -58,8 +56,8 @@
];
connections = [
{
a = [{type= "subnet"; rule = "is"; value = "manual-ipv6-auto";}];
b = [{type= "subnet"; rule = "is"; value = "manual-ipv6-auto";}];
a = [{type= "subnet"; rule = "is"; value = "manual";}];
b = [{type= "subnet"; rule = "is"; value = "manual";}];
}
];
}

12
tests/acls/manual-ipv6.nix
Unescape Escape View File

@ -2,7 +2,7 @@
version = "v1";
subnets = [
{
name = "manual-ipv6";
name = "manual";
endpoints = [
{
# No match mean match any
@ -18,7 +18,7 @@
{
name = "node1";
subnets = {
manual-ipv6 = {
manual = {
ipAddresses = [
"fc00::1"
];
@ -27,7 +27,6 @@
};
publicKey = "kdyzqV8cBQtDYeW6R1vUug0Oe+KaytHHDS7JoCp/kTE=";
privateKeyFile = "/etc/wg-key";
#privateKey = "MIELhEc0I7BseAanhk/+LlY/+Yf7GK232vKWITExnEI="; # path is relative to the machine
endpoints = [
{
# no match can be any
@ -38,7 +37,7 @@
{
name = "node2";
subnets = {
manual-ipv6 = {
manual = {
ipAddresses = [
"fc00::2"
];
@ -47,7 +46,6 @@
};
publicKey = "ztdAXTspQEZUNpxUbUdAhhRWbiL3YYWKSK0ZGdcsMHE=";
privateKeyFile = "/etc/wg-key";
#privateKey = "yG4mJiduoAvzhUJMslRbZwOp1gowSfC+wgY8B/Mul1M=";
endpoints = [
{
# no match can be any
@ -58,8 +56,8 @@
];
connections = [
{
a = [{type= "subnet"; rule = "is"; value = "manual-ipv6";}];
b = [{type= "subnet"; rule = "is"; value = "manual-ipv6";}];
a = [{type= "subnet"; rule = "is"; value = "manual";}];
b = [{type= "subnet"; rule = "is"; value = "manual";}];
}
];
}

2
tests/acls/simple.nix
Unescape Escape View File

@ -25,7 +25,6 @@
};
publicKey = "kdyzqV8cBQtDYeW6R1vUug0Oe+KaytHHDS7JoCp/kTE=";
privateKeyFile = "/etc/wg-key";
#privateKey = "MIELhEc0I7BseAanhk/+LlY/+Yf7GK232vKWITExnEI="; # path is relative to the machine
endpoints = [
{
# no match can be any
@ -42,7 +41,6 @@
};
publicKey = "ztdAXTspQEZUNpxUbUdAhhRWbiL3YYWKSK0ZGdcsMHE=";
privateKeyFile = "/etc/wg-key";
#privateKey = "yG4mJiduoAvzhUJMslRbZwOp1gowSfC+wgY8B/Mul1M=";
endpoints = [
{
# no match can be any

10
tests/manual-ipv4.nix
Unescape Escape View File

@ -5,7 +5,7 @@
*/
(import ./lib.nix)
{
name = "manual ipv6 connection";
name = "manual ipv4 connection";
nodes = {
# `self` here is set by using specialArgs in `lib.nix`
node1 = { self, pkgs, ... }: {
@ -41,13 +41,13 @@
# This is the test code that will check if our service is running correctly:
testScript = ''
start_all()
node1.wait_for_unit("wireguard-simple-peer-node2")
node2.wait_for_unit("wireguard-simple-peer-node1")
node1.wait_for_unit("wireguard-manual-peer-node2")
node2.wait_for_unit("wireguard-manual-peer-node1")
node1.succeed("ping -c 1 node2 >&2")
node1.succeed("wg show >&2")
node2.succeed("ping -c 1 node1 >&2")
node2.succeed("wg show >&2")
node1.succeed("ping -c 1 node2.simple")
node2.succeed("ping -c 1 node1.simple")
node1.succeed("ping -c 1 node2.manual")
node2.succeed("ping -c 1 node1.manual")
'';
}

10
tests/manual-ipv6-auto.nix
Unescape Escape View File

@ -5,7 +5,7 @@
*/
(import ./lib.nix)
{
name = "manual ipv6 connection";
name = "explicit auto ipv6 connection";
nodes = {
# `self` here is set by using specialArgs in `lib.nix`
node1 = { self, pkgs, ... }: {
@ -41,13 +41,13 @@
# This is the test code that will check if our service is running correctly:
testScript = ''
start_all()
node1.wait_for_unit("wireguard-simple-peer-node2")
node2.wait_for_unit("wireguard-simple-peer-node1")
node1.wait_for_unit("wireguard-manual-peer-node2")
node2.wait_for_unit("wireguard-manual-peer-node1")
node1.succeed("ping -c 1 node2 >&2")
node1.succeed("wg show >&2")
node2.succeed("ping -c 1 node1 >&2")
node2.succeed("wg show >&2")
node1.succeed("ping -c 1 node2.simple")
node2.succeed("ping -c 1 node1.simple")
node1.succeed("ping -c 1 node2.manual")
node2.succeed("ping -c 1 node1.manual")
'';
}

8
tests/manual-ipv6.nix
Unescape Escape View File

@ -41,13 +41,13 @@
# This is the test code that will check if our service is running correctly:
testScript = ''
start_all()
node1.wait_for_unit("wireguard-simple-peer-node2")
node2.wait_for_unit("wireguard-simple-peer-node1")
node1.wait_for_unit("wireguard-manual-peer-node2")
node2.wait_for_unit("wireguard-manual-peer-node1")
node1.succeed("ping -c 1 node2 >&2")
node1.succeed("wg show >&2")
node2.succeed("ping -c 1 node1 >&2")
node2.succeed("wg show >&2")
node1.succeed("ping -c 1 node2.simple")
node2.succeed("ping -c 1 node1.simple")
node1.succeed("ping -c 1 node2.manual")
node2.succeed("ping -c 1 node1.manual")
'';
}

1
tests/simple.nix
Unescape Escape View File

@ -17,6 +17,7 @@
peerName = "node1";
aclConfig = import ./acls/simple.nix;
};
# Don't do this! This is for testing only!
environment.etc."wg-key" = {
text = "MIELhEc0I7BseAanhk/+LlY/+Yf7GK232vKWITExnEI=";
};

Write Preview
Loading…
Cancel
Save