From d5fcc01f9c1a7fa21635cd0619963f178c502ebe Mon Sep 17 00:00:00 2001
From: Matthew Salerno <m@salernosection.com>
Date: Sat, 19 Aug 2023 21:43:42 -0400
Subject: [PATCH] mesh test

---
 flake.nix             |  1 +
 tests/acls/mesh.nix   | 91 +++++++++++++++++++++++++++++++++++++++++++
 tests/acls/simple.nix |  8 ++--
 tests/keys/testKey1   |  1 -
 tests/keys/testKey2   |  1 -
 tests/keys/testKey3   |  1 -
 tests/keys/testKey4   |  1 -
 tests/keys/testKey5   |  1 -
 tests/keys/testKey6   |  1 -
 tests/mesh.nix        | 74 +++++++++++++++++++++++++++++++++++
 tests/simple.nix      | 50 ++++++++----------------
 11 files changed, 187 insertions(+), 43 deletions(-)
 create mode 100644 tests/acls/mesh.nix
 delete mode 100644 tests/keys/testKey1
 delete mode 100644 tests/keys/testKey2
 delete mode 100644 tests/keys/testKey3
 delete mode 100644 tests/keys/testKey4
 delete mode 100644 tests/keys/testKey5
 delete mode 100644 tests/keys/testKey6
 create mode 100644 tests/mesh.nix

diff --git a/flake.nix b/flake.nix
index 5a1a736..e2399b9 100644
--- a/flake.nix
+++ b/flake.nix
@@ -24,6 +24,7 @@
       # import our test
       null = import ./tests/null.nix checkArgs;
       simple = import ./tests/simple.nix checkArgs;
+      mesh = import ./tests/mesh.nix checkArgs;
     });
   };
 }
diff --git a/tests/acls/mesh.nix b/tests/acls/mesh.nix
new file mode 100644
index 0000000..61c960c
--- /dev/null
+++ b/tests/acls/mesh.nix
@@ -0,0 +1,91 @@
+{
+  version = "v1";
+  subnets = [
+    {
+      name = "mesh";
+      endpoints = [
+        {
+          # No match mean match any
+          port = 51820;
+        }
+      ];
+    }
+  ];
+  groups = [
+    # groups field is expected, but can be empty
+  ];
+  peers = [
+    {
+      name = "node1";
+      subnets = {
+        mesh = {
+          listenPort = 51820;
+          # empty ipAddresses will auto generate an IPv6 address
+        };
+      };
+      publicKey = "kdyzqV8cBQtDYeW6R1vUug0Oe+KaytHHDS7JoCp/kTE=";
+      privateKey = "MIELhEc0I7BseAanhk/+LlY/+Yf7GK232vKWITExnEI=";  # path is relative to the machine
+      endpoints = [
+        {
+          # no match can be any
+          ip = "node1";
+        }
+      ];
+    }
+    {
+      name = "node2";
+      subnets = {
+        mesh = {
+          listenPort = 51820;
+        };
+      };
+      publicKey = "ztdAXTspQEZUNpxUbUdAhhRWbiL3YYWKSK0ZGdcsMHE=";
+      privateKey = "yG4mJiduoAvzhUJMslRbZwOp1gowSfC+wgY8B/Mul1M=";
+      endpoints = [
+        {
+          # no match can be any
+          ip = "node2";
+        }
+      ];
+    }
+    {
+      name = "node3";
+      subnets = {
+        mesh = {
+          listenPort = 51820;
+          # empty ipAddresses will auto generate an IPv6 address
+        };
+      };
+      publicKey = "43tP6JgckdTFrnbYuy8a42jdNt3+wwVcb4+ae5U4ez4=";
+      privateKey = "yPcTvQOK9eVXQjLNapOsv2iAkbOeSzCCxlrWPMe1o0g=";  # path is relative to the machine
+      endpoints = [
+        {
+          # no match can be any
+          ip = "node3";
+        }
+      ];
+    }
+    {
+      name = "node4";
+      subnets = {
+        mesh = {
+          listenPort = 51820;
+        };
+      };
+      publicKey = "g6+Tq9aeVfm5CXPIwZDqoTxGmsQ/TlLtxcxVn2aSiVA=";
+      privateKey = "CLREBQ+oGXsGxhlQc3ufSoBd7MNFoM6KmMnNyuQ9S0E=";
+      endpoints = [
+        {
+          # no match can be any
+          ip = "node4";
+        }
+      ];
+    }
+  ];
+  connections = [
+    {
+      a = [{type= "subnet"; rule = "is"; value = "mesh";}];
+      b = [{type= "subnet"; rule = "is"; value = "mesh";}];
+    }
+  ];
+}
\ No newline at end of file
diff --git a/tests/acls/simple.nix b/tests/acls/simple.nix
index dea9af1..097eb9c 100644
--- a/tests/acls/simple.nix
+++ b/tests/acls/simple.nix
@@ -16,7 +16,7 @@
   ];
   peers = [
     {
-      name = "peer1";
+      name = "node1";
       subnets = {
         simple = {
           listenPort = 51820;
@@ -28,12 +28,12 @@
       endpoints = [
         {
           # no match can be any
-          ip = "192.168.1.2";
+          ip = "node1";
         }
       ];
     }
     {
-      name = "peer2";
+      name = "node2";
       subnets = {
         simple = {
           listenPort = 51820;
@@ -44,7 +44,7 @@
       endpoints = [
         {
           # no match can be any
-          ip = "192.168.1.3";
+          ip = "node2";
         }
       ];
     }
diff --git a/tests/keys/testKey1 b/tests/keys/testKey1
deleted file mode 100644
index 394449c..0000000
--- a/tests/keys/testKey1
+++ /dev/null
@@ -1 +0,0 @@
-MIELhEc0I7BseAanhk/+LlY/+Yf7GK232vKWITExnEI=
\ No newline at end of file
diff --git a/tests/keys/testKey2 b/tests/keys/testKey2
deleted file mode 100644
index 3cc7d1f..0000000
--- a/tests/keys/testKey2
+++ /dev/null
@@ -1 +0,0 @@
-yG4mJiduoAvzhUJMslRbZwOp1gowSfC+wgY8B/Mul1M=
\ No newline at end of file
diff --git a/tests/keys/testKey3 b/tests/keys/testKey3
deleted file mode 100644
index 803572c..0000000
--- a/tests/keys/testKey3
+++ /dev/null
@@ -1 +0,0 @@
-mAk4v/O2y3mFwQqsZow52iwOlcfR3wPtd9cVBwS+vVg=
\ No newline at end of file
diff --git a/tests/keys/testKey4 b/tests/keys/testKey4
deleted file mode 100644
index 5b8cd8d..0000000
--- a/tests/keys/testKey4
+++ /dev/null
@@ -1 +0,0 @@
-aKOVgooO5npcsTrDb2lKXEiOH+XhJTs3/GHICplKmHE=
\ No newline at end of file
diff --git a/tests/keys/testKey5 b/tests/keys/testKey5
deleted file mode 100644
index a68d299..0000000
--- a/tests/keys/testKey5
+++ /dev/null
@@ -1 +0,0 @@
-aPMW0ePlRmh3HZ075ArvUHIotrGTGE+nRvqKPtwXClc=
\ No newline at end of file
diff --git a/tests/keys/testKey6 b/tests/keys/testKey6
deleted file mode 100644
index ec44c3e..0000000
--- a/tests/keys/testKey6
+++ /dev/null
@@ -1 +0,0 @@
-IDpYI54t9nGxmj84KUpRaFUnzaD74LVm1y38rGeIVVg=
\ No newline at end of file
diff --git a/tests/mesh.nix b/tests/mesh.nix
new file mode 100644
index 0000000..b161af8
--- /dev/null
+++ b/tests/mesh.nix
@@ -0,0 +1,74 @@
+/*
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at https://mozilla.org/MPL/2.0/.
+ */
+(import ./lib.nix)
+{
+  name = "mesh connection";
+  nodes = {
+    # `self` here is set by using specialArgs in `lib.nix`
+    node1 = { self, pkgs, ... }: {
+      virtualisation.vlans = [ 1 ];
+      imports = [ self.nixosModules.default ];      
+      wirenix = {
+        enable = true;
+        aclConfig = import ./acls/mesh.nix;
+      };
+      networking.firewall.enable = false;
+    };
+    
+    node2 = { self, pkgs, ... }: {
+      virtualisation.vlans = [ 1 ];
+      imports = [ self.nixosModules.default ];      
+      wirenix = {
+        enable = true;
+        keyProviders = ["acl"];
+        aclConfig = import ./acls/mesh.nix;
+      };
+      networking.firewall.enable = false;
+    };
+    
+    node3 = { self, pkgs, ... }: {
+      virtualisation.vlans = [ 1 ];
+      imports = [ self.nixosModules.default ];      
+      wirenix = {
+        enable = true;
+        keyProviders = ["acl"];
+        peerName = "node3";
+        aclConfig = import ./acls/mesh.nix;
+      };
+      networking.firewall.enable = false;
+    };
+    
+    node4 = { self, pkgs, ... }: {
+      virtualisation.vlans = [ 1 ];
+      imports = [ self.nixosModules.default ];      
+      wirenix = {
+        enable = true;
+        keyProviders = ["acl"];
+        peerName = "node4";
+        aclConfig = import ./acls/mesh.nix;
+      };
+      networking.firewall.enable = false;
+    };
+  };
+  # This is the test code that will check if our service is running correctly:
+  testScript = ''
+    start_all()
+    nodes = {
+      "node1": node1,
+      "node2": node2,
+      "node3": node3,
+      "node4": node4
+    }
+    for local_name, local_node in nodes.items():
+      for remote_node in set(nodes.keys()) - set([local_name]):
+        local_node.wait_for_unit(f"wireguard-mesh-peer-{remote_node}")
+    for local_name, local_node in nodes.items():
+      local_node.succeed("wg show >&2")
+      for remote_name in set(nodes.keys()) - set([local_name]):
+        local_node.succeed(f"ping -c 1 {remote_name} >&2")
+        local_node.succeed(f"ping -c 1 {remote_name}.mesh >&2")
+  '';
+}
\ No newline at end of file
diff --git a/tests/simple.nix b/tests/simple.nix
index 3f6b818..6c9ca9e 100644
--- a/tests/simple.nix
+++ b/tests/simple.nix
@@ -3,61 +3,45 @@
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at https://mozilla.org/MPL/2.0/.
  */
-let 
-  sharedConfig = {
-    wirenix = {
-      enable = true;
-      keyProviders = ["acl"];
-      aclConfig = import ./acls/simple.nix;
-    };
-  };
-in
 (import ./lib.nix)
 {
-  name = "Null test, should always pass";
+  name = "simple connection";
   nodes = {
     # `self` here is set by using specialArgs in `lib.nix`
-    node1 = { self, pkgs, ... }: sharedConfig // {
+    node1 = { self, pkgs, ... }: {
+      virtualisation.vlans = [ 1 ];
       imports = [ self.nixosModules.default ];      
       wirenix = {
         enable = true;
         keyProviders = ["acl"];
-        peerName = "peer1";
+        peerName = "node1";
         aclConfig = import ./acls/simple.nix;
       };
-      networking.interfaces.eth1.ipv4.addresses = [
-        {
-          address = "192.168.1.2";
-          prefixLength = 24;
-        }
-      ];
-      environment.systemPackages = [ pkgs.curl ];
+      networking.firewall.enable = false;
     };
     
-    node2 = { self, pkgs, ... }: sharedConfig // {
+    node2 = { self, pkgs, ... }: {
+      virtualisation.vlans = [ 1 ];
       imports = [ self.nixosModules.default ];      
       wirenix = {
         enable = true;
         keyProviders = ["acl"];
-        peerName = "peer2";
+        peerName = "node2";
         aclConfig = import ./acls/simple.nix;
       };
-      networking.interfaces.eth1.ipv4.addresses = [
-        {
-          address = "192.168.1.3";
-          prefixLength = 24;
-        }
-      ];
-      environment.systemPackages = [ pkgs.curl ];
+      networking.firewall.enable = false;
     };
   };
   # This is the test code that will check if our service is running correctly:
   testScript = ''
     start_all()
-    node1.wait_for_unit("wireguard-simple")
-    node2.wait_for_unit("wireguard-simple")
-    output = node1.succeed("ping -c 1 peer2.simple")
-    # Check if our webserver returns the expected result
-    assert "Hello world" in output, f"'{output}' does not contain 'Hello world'"
+    node1.wait_for_unit("wireguard-simple-peer-node2")
+    node2.wait_for_unit("wireguard-simple-peer-node1")
+    node1.succeed("ping -c 1 node2 >&2")
+    node1.succeed("wg show >&2")
+    node2.succeed("ping -c 1 node1 >&2")
+    node2.succeed("wg show >&2")
+    node1.succeed("ping -c 1 node2.simple")
+    node2.succeed("ping -c 1 node1.simple")
   '';
 }
\ No newline at end of file