nixos/tests/wireguard: test for pre shared keys working with networkd

2025-06-12 04:35:41 +03:00 · 2024-12-28 01:41:03 +01:00 · 2024-12-28 01:41:03 +01:00 · 61d11b7ea4
commit 61d11b7ea4
parent c1eb3b68f8
2 changed files with 12 additions and 0 deletions
--- a/nixos/tests/wireguard/networkd.nix
+++ b/nixos/tests/wireguard/networkd.nix
@ -39,6 +39,9 @@ import ../make-test-python.nix (
                "fc00::2/128"
              ];

+              # !!! Don't do this with real keys. The /nix store is world-readable!
+              presharedKeyFile = toString (pkgs.writeText "presharedKey" wg-snakeoil-keys.presharedKey);
+
              inherit (wg-snakeoil-keys.peer1) publicKey;
            };
          };
@ -69,6 +72,9 @@ import ../make-test-python.nix (
              endpoint = "192.168.0.1:23542";
              persistentKeepalive = 25;

+              # !!! Don't do this with real keys. The /nix store is world-readable!
+              presharedKeyFile = toString (pkgs.writeText "presharedKey" wg-snakeoil-keys.presharedKey);
+
              inherit (wg-snakeoil-keys.peer0) publicKey;
            };
          };
@ -87,6 +93,10 @@ import ../make-test-python.nix (

      peer1.succeed("ping -c5 fc00::1")
      peer1.succeed("ping -c5 10.23.42.1")
+
+      with subtest("Has PSK set"):
+        peer0.succeed("wg | grep 'preshared key'")
+        peer1.succeed("wg | grep 'preshared key'")
    '';
  }
 )
--- a/nixos/tests/wireguard/snakeoil-keys.nix
+++ b/nixos/tests/wireguard/snakeoil-keys.nix
@ -1,4 +1,6 @@
 {
+  presharedKey = "7myEJlGAWLTg83y7Py29pp7REQBVmZfI4xcawjcZpjg=";
+
  peer0 = {
    privateKey = "OPuVRS2T0/AtHDp3PXkNuLQYDiqJaBEEnYe42BSnJnQ=";
    publicKey = "IujkG119YPr2cVQzJkSLYCdjpHIDjvr/qH1w1tdKswY=";