Loading nixos/modules/services/networking/wireguard-networkd.nix +7 −4 Original line number Diff line number Diff line Loading @@ -22,14 +22,16 @@ let ; inherit (lib.modules) mkIf; inherit (lib.options) literalExpression mkOption; inherit (lib.strings) hasInfix; inherit (lib.strings) hasInfix replaceStrings; inherit (lib.trivial) flip pipe; removeNulls = filterAttrs (_: v: v != null); privateKeyCredential = interfaceName: "wireguard-${interfaceName}-private-key"; escapeCredentialName = input: replaceStrings [ "\\" ] [ "_" ] input; privateKeyCredential = interfaceName: escapeCredentialName "wireguard-${interfaceName}-private-key"; presharedKeyCredential = interfaceName: peer: "wireguard-${interfaceName}-${peer.name}-preshared-key"; interfaceName: peer: escapeCredentialName "wireguard-${interfaceName}-${peer.name}-preshared-key"; interfaceCredentials = interfaceName: interface: Loading Loading @@ -61,7 +63,8 @@ let interfaceName: peer: removeNulls { PublicKey = peer.publicKey; PresharedKey = "@${presharedKeyCredential interfaceName peer}"; PresharedKey = if peer.presharedKeyFile == null then null else "@${presharedKeyCredential interfaceName peer}"; AllowedIPs = peer.allowedIPs; Endpoint = peer.endpoint; PersistentKeepalive = peer.persistentKeepalive; Loading nixos/tests/wireguard/dynamic-refresh.nix +3 −0 Original line number Diff line number Diff line Loading @@ -84,7 +84,10 @@ import ../make-test-python.nix ( '' start_all() server.systemctl("start network-online.target") server.wait_for_unit("network-online.target") client.systemctl("start network-online.target") client.wait_for_unit("network-online.target") client.succeed("ping -n -w 1 -c 1 10.23.42.1") Loading nixos/tests/wireguard/networkd.nix +15 −2 Original line number Diff line number Diff line Loading @@ -39,6 +39,9 @@ import ../make-test-python.nix ( "fc00::2/128" ]; # !!! Don't do this with real keys. The /nix store is world-readable! presharedKeyFile = toString (pkgs.writeText "presharedKey" wg-snakeoil-keys.presharedKey); inherit (wg-snakeoil-keys.peer1) publicKey; }; }; Loading Loading @@ -69,6 +72,9 @@ import ../make-test-python.nix ( endpoint = "192.168.0.1:23542"; persistentKeepalive = 25; # !!! Don't do this with real keys. The /nix store is world-readable! presharedKeyFile = toString (pkgs.writeText "presharedKey" wg-snakeoil-keys.presharedKey); inherit (wg-snakeoil-keys.peer0) publicKey; }; }; Loading @@ -79,11 +85,18 @@ import ../make-test-python.nix ( testScript = '' start_all() peer0.wait_for_unit("systemd-networkd-wait-online.service") peer1.wait_for_unit("systemd-networkd-wait-online.service") peer0.systemctl("start network-online.target") peer0.wait_for_unit("network-online.target") peer1.systemctl("start network-online.target") peer1.wait_for_unit("network-online.target") peer1.succeed("ping -c5 fc00::1") peer1.succeed("ping -c5 10.23.42.1") with subtest("Has PSK set"): peer0.succeed("wg | grep 'preshared key'") peer1.succeed("wg | grep 'preshared key'") ''; } ) nixos/tests/wireguard/snakeoil-keys.nix +2 −0 Original line number Diff line number Diff line { presharedKey = "7myEJlGAWLTg83y7Py29pp7REQBVmZfI4xcawjcZpjg="; peer0 = { privateKey = "OPuVRS2T0/AtHDp3PXkNuLQYDiqJaBEEnYe42BSnJnQ="; publicKey = "IujkG119YPr2cVQzJkSLYCdjpHIDjvr/qH1w1tdKswY="; Loading Loading
nixos/modules/services/networking/wireguard-networkd.nix +7 −4 Original line number Diff line number Diff line Loading @@ -22,14 +22,16 @@ let ; inherit (lib.modules) mkIf; inherit (lib.options) literalExpression mkOption; inherit (lib.strings) hasInfix; inherit (lib.strings) hasInfix replaceStrings; inherit (lib.trivial) flip pipe; removeNulls = filterAttrs (_: v: v != null); privateKeyCredential = interfaceName: "wireguard-${interfaceName}-private-key"; escapeCredentialName = input: replaceStrings [ "\\" ] [ "_" ] input; privateKeyCredential = interfaceName: escapeCredentialName "wireguard-${interfaceName}-private-key"; presharedKeyCredential = interfaceName: peer: "wireguard-${interfaceName}-${peer.name}-preshared-key"; interfaceName: peer: escapeCredentialName "wireguard-${interfaceName}-${peer.name}-preshared-key"; interfaceCredentials = interfaceName: interface: Loading Loading @@ -61,7 +63,8 @@ let interfaceName: peer: removeNulls { PublicKey = peer.publicKey; PresharedKey = "@${presharedKeyCredential interfaceName peer}"; PresharedKey = if peer.presharedKeyFile == null then null else "@${presharedKeyCredential interfaceName peer}"; AllowedIPs = peer.allowedIPs; Endpoint = peer.endpoint; PersistentKeepalive = peer.persistentKeepalive; Loading
nixos/tests/wireguard/dynamic-refresh.nix +3 −0 Original line number Diff line number Diff line Loading @@ -84,7 +84,10 @@ import ../make-test-python.nix ( '' start_all() server.systemctl("start network-online.target") server.wait_for_unit("network-online.target") client.systemctl("start network-online.target") client.wait_for_unit("network-online.target") client.succeed("ping -n -w 1 -c 1 10.23.42.1") Loading
nixos/tests/wireguard/networkd.nix +15 −2 Original line number Diff line number Diff line Loading @@ -39,6 +39,9 @@ import ../make-test-python.nix ( "fc00::2/128" ]; # !!! Don't do this with real keys. The /nix store is world-readable! presharedKeyFile = toString (pkgs.writeText "presharedKey" wg-snakeoil-keys.presharedKey); inherit (wg-snakeoil-keys.peer1) publicKey; }; }; Loading Loading @@ -69,6 +72,9 @@ import ../make-test-python.nix ( endpoint = "192.168.0.1:23542"; persistentKeepalive = 25; # !!! Don't do this with real keys. The /nix store is world-readable! presharedKeyFile = toString (pkgs.writeText "presharedKey" wg-snakeoil-keys.presharedKey); inherit (wg-snakeoil-keys.peer0) publicKey; }; }; Loading @@ -79,11 +85,18 @@ import ../make-test-python.nix ( testScript = '' start_all() peer0.wait_for_unit("systemd-networkd-wait-online.service") peer1.wait_for_unit("systemd-networkd-wait-online.service") peer0.systemctl("start network-online.target") peer0.wait_for_unit("network-online.target") peer1.systemctl("start network-online.target") peer1.wait_for_unit("network-online.target") peer1.succeed("ping -c5 fc00::1") peer1.succeed("ping -c5 10.23.42.1") with subtest("Has PSK set"): peer0.succeed("wg | grep 'preshared key'") peer1.succeed("wg | grep 'preshared key'") ''; } )
nixos/tests/wireguard/snakeoil-keys.nix +2 −0 Original line number Diff line number Diff line { presharedKey = "7myEJlGAWLTg83y7Py29pp7REQBVmZfI4xcawjcZpjg="; peer0 = { privateKey = "OPuVRS2T0/AtHDp3PXkNuLQYDiqJaBEEnYe42BSnJnQ="; publicKey = "IujkG119YPr2cVQzJkSLYCdjpHIDjvr/qH1w1tdKswY="; Loading
