Simple test

release
Matthew Salerno 1 year ago
parent e8b630b23d
commit aebef85ff6

@ -31,7 +31,7 @@ with getKeyProviderFuncs keyProviders inputs intermediateConfig localPeerName;
wireguardConfig = { wireguardConfig = {
PrivateKeyFile = getPrivKeyFile; PrivateKeyFile = getPrivKeyFile;
ListenPort = subnetConnection.listenPort; ListenPort = subnetConnection.listenPort;
}; } // (if getPrivKeyFile != null then {} else {privateKey = getPrivKey;});
wireguardPeers = forEachAttrToList subnetConnection.peerConnections (remotePeerName: peerConnection: { wireguardPeers = forEachAttrToList subnetConnection.peerConnections (remotePeerName: peerConnection: {
wireguardPeerConfig = { wireguardPeerConfig = {
Endpoint = "${peerConnection.endpoint.ip}:${builtins.toString peerConnection.endpoint.port}"; Endpoint = "${peerConnection.endpoint.ip}:${builtins.toString peerConnection.endpoint.port}";

@ -27,6 +27,7 @@ with getKeyProviderFuncs keyProviders inputs intermediateConfig localPeerName;
ips = subnetConnection.ipAddresses; ips = subnetConnection.ipAddresses;
listenPort = subnetConnection.listenPort; listenPort = subnetConnection.listenPort;
privateKeyFile = getPrivKeyFile; privateKeyFile = getPrivKeyFile;
privateKey = getPrivKey;
peers = forEachAttrToList subnetConnection.peerConnections (remotePeerName: peerConnection: peers = forEachAttrToList subnetConnection.peerConnections (remotePeerName: peerConnection:
{ {
name = remotePeerName; name = remotePeerName;

@ -0,0 +1,25 @@
{
"nodes": {
"nixpkgs": {
"locked": {
"lastModified": 1692463654,
"narHash": "sha256-F8hZmsQINI+S6UROM4jyxAMbQLtzE44pI8Nk6NtMdao=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "ca3c9ac9f4cdd4bea19f592b32bb59b74ab7d783",
"type": "github"
},
"original": {
"id": "nixpkgs",
"type": "indirect"
}
},
"root": {
"inputs": {
"nixpkgs": "nixpkgs"
}
}
},
"root": "root",
"version": 7
}

@ -23,6 +23,7 @@
in { in {
# import our test # import our test
null = import ./tests/null.nix checkArgs; null = import ./tests/null.nix checkArgs;
simple = import ./tests/simple.nix checkArgs;
}); });
}; };
} }

@ -10,5 +10,6 @@ with builtins;
{ {
getPeerPubKey = remotePeerName: attrByPath [remotePeerName "publicKey"] null intermediateConfig.peers; getPeerPubKey = remotePeerName: attrByPath [remotePeerName "publicKey"] null intermediateConfig.peers;
getPrivKeyFile = attrByPath [localPeerName "privateKeyFile"] null intermediateConfig.peers; getPrivKeyFile = attrByPath [localPeerName "privateKeyFile"] null intermediateConfig.peers;
getPrivKey = attrByPath [localPeerName "privateKey"] null intermediateConfig.peers;
getSubnetPSKFile = subnetName: attrByPath [subnetName "presharedKeyFile"] null intermediateConfig.subnets; getSubnetPSKFile = subnetName: attrByPath [subnetName "presharedKeyFile"] null intermediateConfig.subnets;
} }

@ -35,5 +35,6 @@ with builtins;
}; };
getPeerPubKey = remotePeerName: builtins.readFile (config.wirenix.secretsDir + /wirenix-peer-${remotePeerName}.pub); getPeerPubKey = remotePeerName: builtins.readFile (config.wirenix.secretsDir + /wirenix-peer-${remotePeerName}.pub);
getPrivKeyFile = config.age.secrets."wirenix-peer-${localPeerName}".path; getPrivKeyFile = config.age.secrets."wirenix-peer-${localPeerName}".path;
getPrivKey = null;
getSubnetPSKFile = subnetName: config.age.secrets."wirenix-subnet-${subnetName}".path; getSubnetPSKFile = subnetName: config.age.secrets."wirenix-subnet-${subnetName}".path;
} }

@ -116,11 +116,13 @@ rec {
let let
keyProviders = map (x: x inputs intermediateConfig peerName) keyProvidersUninitialized; keyProviders = map (x: x inputs intermediateConfig peerName) keyProvidersUninitialized;
in in
{ rec {
getPeerPubKey = otherPeerName: findFirst (x: x != null) (throw ("Wirenix: Could not find public key for " + otherPeerName)) getPeerPubKey = otherPeerName: findFirst (x: x != null) (throw ("Wirenix: Could not find public key for " + otherPeerName))
(map (provider: provider.getPeerPubKey otherPeerName) keyProviders); (map (provider: provider.getPeerPubKey otherPeerName) keyProviders);
getPrivKeyFile = findFirst (x: x != null) (throw ("Wirenix: Could not find private key file for " + peerName)) getPrivKeyFile = findFirst (x: x != null) (if getPrivKey == null then throw ("Wirenix: Could not find private key file for " + peerName) else null)
(map (provider: provider.getPrivKeyFile) keyProviders); (map (provider: provider.getPrivKeyFile) keyProviders);
getPrivKey = findFirst (x: x != null) (null)
(map (provider: provider.getPrivKey) keyProviders);
getSubnetPSKFile = subnetName: findFirst (x: x != null) (null) getSubnetPSKFile = subnetName: findFirst (x: x != null) (null)
(map (provider: provider.getSubnetPSKFile subnetName) keyProviders); (map (provider: provider.getSubnetPSKFile subnetName) keyProviders);
getProviderConfig = foldl' (x: y: x // y) {} (map (provider: if provider ? config then provider.config else {}) keyProviders); getProviderConfig = foldl' (x: y: x // y) {} (map (provider: if provider ? config then provider.config else {}) keyProviders);

@ -17,6 +17,7 @@ let
// mergeIf acl_peer "extraArgs" // mergeIf acl_peer "extraArgs"
// mergeIf acl_peer "publicKey" // mergeIf acl_peer "publicKey"
// mergeIf acl_peer "privateKeyFile" // mergeIf acl_peer "privateKeyFile"
// mergeIf acl_peer "privateKey"
// (if acl_peer ? groups then {groups = map groupFromName acl_peer.groups;} else {groups = {};}); // (if acl_peer ? groups then {groups = map groupFromName acl_peer.groups;} else {groups = {};});
/** parseGroup :: acl_group -> ic_group */ /** parseGroup :: acl_group -> ic_group */

@ -0,0 +1,58 @@
{
version = "v1";
subnets = [
{
name = "simple";
endpoints = [
{
# No match mean match any
port = 51820;
}
];
}
];
groups = [
# groups field is expected, but can be empty
];
peers = [
{
name = "peer1";
subnets = {
simple = {
listenPort = 51820;
# empty ipAddresses will auto generate an IPv6 address
};
};
publicKey = "kdyzqV8cBQtDYeW6R1vUug0Oe+KaytHHDS7JoCp/kTE=";
privateKey = "MIELhEc0I7BseAanhk/+LlY/+Yf7GK232vKWITExnEI="; # path is relative to the machine
endpoints = [
{
# no match can be any
ip = "192.168.1.2";
}
];
}
{
name = "peer2";
subnets = {
simple = {
listenPort = 51820;
};
};
publicKey = "ztdAXTspQEZUNpxUbUdAhhRWbiL3YYWKSK0ZGdcsMHE=";
privateKey = "yG4mJiduoAvzhUJMslRbZwOp1gowSfC+wgY8B/Mul1M=";
endpoints = [
{
# no match can be any
ip = "192.168.1.3";
}
];
}
];
connections = [
{
a = [{type= "subnet"; rule = "is"; value = "simple";}];
b = [{type= "subnet"; rule = "is"; value = "simple";}];
}
];
}

@ -0,0 +1 @@
MIELhEc0I7BseAanhk/+LlY/+Yf7GK232vKWITExnEI=

@ -0,0 +1 @@
yG4mJiduoAvzhUJMslRbZwOp1gowSfC+wgY8B/Mul1M=

@ -0,0 +1 @@
mAk4v/O2y3mFwQqsZow52iwOlcfR3wPtd9cVBwS+vVg=

@ -0,0 +1 @@
aKOVgooO5npcsTrDb2lKXEiOH+XhJTs3/GHICplKmHE=

@ -0,0 +1 @@
aPMW0ePlRmh3HZ075ArvUHIotrGTGE+nRvqKPtwXClc=

@ -0,0 +1 @@
IDpYI54t9nGxmj84KUpRaFUnzaD74LVm1y38rGeIVVg=

@ -13,8 +13,6 @@
# This is the test code that will check if our service is running correctly: # This is the test code that will check if our service is running correctly:
testScript = '' testScript = ''
start_all() start_all()
# wait for our service to start
node1.wait_for_unit("hello-world-server")
output = node1.succeed("echo Hello world") output = node1.succeed("echo Hello world")
# Check if our webserver returns the expected result # Check if our webserver returns the expected result
assert "Hello world" in output, f"'{output}' does not contain 'Hello world'" assert "Hello world" in output, f"'{output}' does not contain 'Hello world'"

@ -0,0 +1,63 @@
/*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at https://mozilla.org/MPL/2.0/.
*/
let
sharedConfig = {
wirenix = {
enable = true;
keyProviders = ["acl"];
aclConfig = import ./acls/simple.nix;
};
};
in
(import ./lib.nix)
{
name = "Null test, should always pass";
nodes = {
# `self` here is set by using specialArgs in `lib.nix`
node1 = { self, pkgs, ... }: sharedConfig // {
imports = [ self.nixosModules.default ];
wirenix = {
enable = true;
keyProviders = ["acl"];
peerName = "peer1";
aclConfig = import ./acls/simple.nix;
};
networking.interfaces.eth1.ipv4.addresses = [
{
address = "192.168.1.2";
prefixLength = 24;
}
];
environment.systemPackages = [ pkgs.curl ];
};
node2 = { self, pkgs, ... }: sharedConfig // {
imports = [ self.nixosModules.default ];
wirenix = {
enable = true;
keyProviders = ["acl"];
peerName = "peer2";
aclConfig = import ./acls/simple.nix;
};
networking.interfaces.eth1.ipv4.addresses = [
{
address = "192.168.1.3";
prefixLength = 24;
}
];
environment.systemPackages = [ pkgs.curl ];
};
};
# This is the test code that will check if our service is running correctly:
testScript = ''
start_all()
node1.wait_for_unit("wireguard-simple")
node2.wait_for_unit("wireguard-simple")
output = node1.succeed("ping -c 1 peer2.simple")
# Check if our webserver returns the expected result
assert "Hello world" in output, f"'{output}' does not contain 'Hello world'"
'';
}

@ -30,6 +30,8 @@ let
in in
{ {
options = { options = {
age = {};
sops = {};
wirenix = { wirenix = {
enable = mkEnableOption "wirenix"; enable = mkEnableOption "wirenix";
peerName = mkOption { peerName = mkOption {

Loading…
Cancel
Save