From 61d11b7ea4e6f0dbc237a1d5e5a7e1957ae774aa Mon Sep 17 00:00:00 2001 From: networkException Date: Sat, 28 Dec 2024 01:41:03 +0100 Subject: [PATCH] nixos/tests/wireguard: test for pre shared keys working with networkd --- nixos/tests/wireguard/networkd.nix | 10 ++++++++++ nixos/tests/wireguard/snakeoil-keys.nix | 2 ++ 2 files changed, 12 insertions(+) diff --git a/nixos/tests/wireguard/networkd.nix b/nixos/tests/wireguard/networkd.nix index 17d164ff77f2..20305bc2ab12 100644 --- a/nixos/tests/wireguard/networkd.nix +++ b/nixos/tests/wireguard/networkd.nix @@ -39,6 +39,9 @@ import ../make-test-python.nix ( "fc00::2/128" ]; + # !!! Don't do this with real keys. The /nix store is world-readable! + presharedKeyFile = toString (pkgs.writeText "presharedKey" wg-snakeoil-keys.presharedKey); + inherit (wg-snakeoil-keys.peer1) publicKey; }; }; @@ -69,6 +72,9 @@ import ../make-test-python.nix ( endpoint = "192.168.0.1:23542"; persistentKeepalive = 25; + # !!! Don't do this with real keys. The /nix store is world-readable! + presharedKeyFile = toString (pkgs.writeText "presharedKey" wg-snakeoil-keys.presharedKey); + inherit (wg-snakeoil-keys.peer0) publicKey; }; }; @@ -87,6 +93,10 @@ import ../make-test-python.nix ( peer1.succeed("ping -c5 fc00::1") peer1.succeed("ping -c5 10.23.42.1") + + with subtest("Has PSK set"): + peer0.succeed("wg | grep 'preshared key'") + peer1.succeed("wg | grep 'preshared key'") ''; } ) diff --git a/nixos/tests/wireguard/snakeoil-keys.nix b/nixos/tests/wireguard/snakeoil-keys.nix index c979f0e0c8a9..2b51abe53f1e 100644 --- a/nixos/tests/wireguard/snakeoil-keys.nix +++ b/nixos/tests/wireguard/snakeoil-keys.nix @@ -1,4 +1,6 @@ { + presharedKey = "7myEJlGAWLTg83y7Py29pp7REQBVmZfI4xcawjcZpjg="; + peer0 = { privateKey = "OPuVRS2T0/AtHDp3PXkNuLQYDiqJaBEEnYe42BSnJnQ="; publicKey = "IujkG119YPr2cVQzJkSLYCdjpHIDjvr/qH1w1tdKswY=";