Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 06bcd9a3c41a
Choose a base ref
...
head repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 8f0182304678
Choose a head ref
  • 2 commits
  • 7 files changed
  • 2 contributors

Commits on Apr 29, 2020

  1. nixos/wireguard: test against multiple kernel versions 

    When testing WireGuard updates, I usually run the VM-tests with
different kernels to make sure we're not introducing accidental
regressions for e.g. older kernels.

I figured that we should automate this process to ensure continuously
that WireGuard works fine on several kernels.

For now I decided to test the latest LTS version (5.4) and
the latest kernel (currently 5.6). We can add more kernels in the
future, however this seems to significantly slow down evaluation and
time.

The list can be customized by running a command like this:

   nix-build nixos/tests/wireguard --arg kernelVersionsToTest '["4.19"]'

The `kernelPackages` argument in the tests is null by default to make
sure that it's still possible to invoke the test-files directly. In that
case the default kernel of NixOS (currently 5.4) is used.
    @Ma27
    Ma27 committed Apr 29, 2020

    Verified

    This commit was signed with the committer’s verified signature. The key has expired.
    veehaitch Vincent Haupert
    GPG key ID: A8B605E96F82B4E4
    Expired
    Verified
    Learn about vigilant mode
    Copy the full SHA
    41bd6d2 View commit details

Commits on May 28, 2020

  1. Merge pull request #86055 from Ma27/wireguard-kernel-versions

    @Mic92
    Mic92 authored May 28, 2020

    Verified

    This commit was signed with the committer’s verified signature. The key has expired.
    veehaitch Vincent Haupert
    GPG key ID: A8B605E96F82B4E4
    Expired
    Verified
    Learn about vigilant mode
    Copy the full SHA
    8f01823 View commit details
3 changes: 0 additions & 3 deletions nixos/tests/all-tests.nix
View file
Original file line number Diff line number Diff line change
@@ -341,10 +341,7 @@ in
vault = handleTest ./vault.nix {};
victoriametrics = handleTest ./victoriametrics.nix {};
virtualbox = handleTestOn ["x86_64-linux"] ./virtualbox.nix {};
wg-quick = handleTest ./wireguard/wg-quick.nix {};
wireguard = handleTest ./wireguard {};
wireguard-generated = handleTest ./wireguard/generated.nix {};
wireguard-namespaces = handleTest ./wireguard/namespaces.nix {};
wordpress = handleTest ./wordpress.nix {};
xandikos = handleTest ./xandikos.nix {};
xautolock = handleTest ./xautolock.nix {};
74 changes: 74 additions & 0 deletions nixos/tests/wireguard/basic.nix
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,74 @@
{ kernelPackages ? null }:
import ../make-test-python.nix ({ pkgs, lib, ...} :
let
wg-snakeoil-keys = import ./snakeoil-keys.nix;
peer = (import ./make-peer.nix) { inherit lib; };
in
{
name = "wireguard";
meta = with pkgs.stdenv.lib.maintainers; {
maintainers = [ ma27 ];
};

nodes = {
peer0 = peer {
ip4 = "192.168.0.1";
ip6 = "fd00::1";
extraConfig = {
boot = lib.mkIf (kernelPackages != null) { inherit kernelPackages; };
networking.firewall.allowedUDPPorts = [ 23542 ];
networking.wireguard.interfaces.wg0 = {
ips = [ "10.23.42.1/32" "fc00::1/128" ];
listenPort = 23542;

inherit (wg-snakeoil-keys.peer0) privateKey;

peers = lib.singleton {
allowedIPs = [ "10.23.42.2/32" "fc00::2/128" ];

inherit (wg-snakeoil-keys.peer1) publicKey;
};
};
};
};

peer1 = peer {
ip4 = "192.168.0.2";
ip6 = "fd00::2";
extraConfig = {
boot = lib.mkIf (kernelPackages != null) { inherit kernelPackages; };
networking.wireguard.interfaces.wg0 = {
ips = [ "10.23.42.2/32" "fc00::2/128" ];
listenPort = 23542;
allowedIPsAsRoutes = false;

inherit (wg-snakeoil-keys.peer1) privateKey;

peers = lib.singleton {
allowedIPs = [ "0.0.0.0/0" "::/0" ];
endpoint = "192.168.0.1:23542";
persistentKeepalive = 25;

inherit (wg-snakeoil-keys.peer0) publicKey;
};

postSetup = let inherit (pkgs) iproute; in ''
${iproute}/bin/ip route replace 10.23.42.1/32 dev wg0
${iproute}/bin/ip route replace fc00::1/128 dev wg0
'';
};
};
};
};

testScript = ''
start_all()
peer0.wait_for_unit("wireguard-wg0.service")
peer1.wait_for_unit("wireguard-wg0.service")
peer1.succeed("ping -c5 fc00::1")
peer1.succeed("ping -c5 10.23.42.1")
'';
}
)
96 changes: 26 additions & 70 deletions nixos/tests/wireguard/default.nix
View file
Original file line number Diff line number Diff line change
@@ -1,71 +1,27 @@
import ../make-test-python.nix ({ pkgs, lib, ...} :
let
wg-snakeoil-keys = import ./snakeoil-keys.nix;
peer = (import ./make-peer.nix) { inherit lib; };
in
{
name = "wireguard";
meta = with pkgs.stdenv.lib.maintainers; {
maintainers = [ ma27 ];
};

nodes = {
peer0 = peer {
ip4 = "192.168.0.1";
ip6 = "fd00::1";
extraConfig = {
networking.firewall.allowedUDPPorts = [ 23542 ];
networking.wireguard.interfaces.wg0 = {
ips = [ "10.23.42.1/32" "fc00::1/128" ];
listenPort = 23542;

inherit (wg-snakeoil-keys.peer0) privateKey;

peers = lib.singleton {
allowedIPs = [ "10.23.42.2/32" "fc00::2/128" ];

inherit (wg-snakeoil-keys.peer1) publicKey;
};
};
};
};

peer1 = peer {
ip4 = "192.168.0.2";
ip6 = "fd00::2";
extraConfig = {
networking.wireguard.interfaces.wg0 = {
ips = [ "10.23.42.2/32" "fc00::2/128" ];
listenPort = 23542;
allowedIPsAsRoutes = false;

inherit (wg-snakeoil-keys.peer1) privateKey;

peers = lib.singleton {
allowedIPs = [ "0.0.0.0/0" "::/0" ];
endpoint = "192.168.0.1:23542";
persistentKeepalive = 25;

inherit (wg-snakeoil-keys.peer0) publicKey;
};

postSetup = let inherit (pkgs) iproute; in ''
${iproute}/bin/ip route replace 10.23.42.1/32 dev wg0
${iproute}/bin/ip route replace fc00::1/128 dev wg0
'';
};
};
};
};

testScript = ''
start_all()
peer0.wait_for_unit("wireguard-wg0.service")
peer1.wait_for_unit("wireguard-wg0.service")
peer1.succeed("ping -c5 fc00::1")
peer1.succeed("ping -c5 10.23.42.1")
'';
}
{ system ? builtins.currentSystem
, config ? { }
, pkgs ? import ../../.. { inherit system config; }
, kernelVersionsToTest ? [ "5.4" "latest" ]
}:

with pkgs.lib;

let
tests = let callTest = p: flip (import p) { inherit system pkgs; }; in {
basic = callTest ./basic.nix;
namespaces = callTest ./namespaces.nix;
wg-quick = callTest ./wg-quick.nix;
generated = callTest ./generated.nix;
};
in

listToAttrs (
flip concatMap kernelVersionsToTest (version:
let
v' = replaceStrings [ "." ] [ "_" ] version;
in
flip mapAttrsToList tests (name: test:
nameValuePair "wireguard-${name}-linux-${v'}" (test { kernelPackages = pkgs."linuxPackages_${v'}"; })
)
)
)
5 changes: 4 additions & 1 deletion nixos/tests/wireguard/generated.nix
View file
Original file line number Diff line number Diff line change
@@ -1,11 +1,13 @@
import ../make-test-python.nix ({ pkgs, ...} : {
{ kernelPackages ? null }:
import ../make-test-python.nix ({ pkgs, lib, ... } : {
name = "wireguard-generated";
meta = with pkgs.stdenv.lib.maintainers; {
maintainers = [ ma27 grahamc ];
};

nodes = {
peer1 = {
boot = lib.mkIf (kernelPackages != null) { inherit kernelPackages; };
networking.firewall.allowedUDPPorts = [ 12345 ];
networking.wireguard.interfaces.wg0 = {
ips = [ "10.10.10.1/24" ];
@@ -17,6 +19,7 @@ import ../make-test-python.nix ({ pkgs, ...} : {
};

peer2 = {
boot = lib.mkIf (kernelPackages != null) { inherit kernelPackages; };
networking.firewall.allowedUDPPorts = [ 12345 ];
networking.wireguard.interfaces.wg0 = {
ips = [ "10.10.10.2/24" ];
8 changes: 7 additions & 1 deletion nixos/tests/wireguard/namespaces.nix
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,5 @@
{ kernelPackages ? null }:

let
listenPort = 12345;
socketNamespace = "foo";
@@ -13,7 +15,7 @@ let

in

import ../make-test-python.nix ({ pkgs, ...} : {
import ../make-test-python.nix ({ pkgs, lib, ... } : {
name = "wireguard-with-namespaces";
meta = with pkgs.stdenv.lib.maintainers; {
maintainers = [ asymmetric ];
@@ -23,6 +25,7 @@ import ../make-test-python.nix ({ pkgs, ...} : {
# interface should be created in the socketNamespace
# and not moved from there
peer0 = pkgs.lib.attrsets.recursiveUpdate node {
boot = lib.mkIf (kernelPackages != null) { inherit kernelPackages; };
networking.wireguard.interfaces.wg0 = {
preSetup = ''
ip netns add ${socketNamespace}
@@ -33,6 +36,7 @@ import ../make-test-python.nix ({ pkgs, ...} : {
# interface should be created in the init namespace
# and moved to the interfaceNamespace
peer1 = pkgs.lib.attrsets.recursiveUpdate node {
boot = lib.mkIf (kernelPackages != null) { inherit kernelPackages; };
networking.wireguard.interfaces.wg0 = {
preSetup = ''
ip netns add ${interfaceNamespace}
@@ -43,6 +47,7 @@ import ../make-test-python.nix ({ pkgs, ...} : {
# interface should be created in the socketNamespace
# and moved to the interfaceNamespace
peer2 = pkgs.lib.attrsets.recursiveUpdate node {
boot = lib.mkIf (kernelPackages != null) { inherit kernelPackages; };
networking.wireguard.interfaces.wg0 = {
preSetup = ''
ip netns add ${socketNamespace}
@@ -54,6 +59,7 @@ import ../make-test-python.nix ({ pkgs, ...} : {
# interface should be created in the socketNamespace
# and moved to the init namespace
peer3 = pkgs.lib.attrsets.recursiveUpdate node {
boot = lib.mkIf (kernelPackages != null) { inherit kernelPackages; };
networking.wireguard.interfaces.wg0 = {
preSetup = ''
ip netns add ${socketNamespace}
4 changes: 4 additions & 0 deletions nixos/tests/wireguard/wg-quick.nix
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,5 @@
{ kernelPackages ? null }:

import ../make-test-python.nix ({ pkgs, lib, ... }:
let
wg-snakeoil-keys = import ./snakeoil-keys.nix;
@@ -14,6 +16,7 @@ import ../make-test-python.nix ({ pkgs, lib, ... }:
ip4 = "192.168.0.1";
ip6 = "fd00::1";
extraConfig = {
boot = lib.mkIf (kernelPackages != null) { inherit kernelPackages; };
networking.firewall.allowedUDPPorts = [ 23542 ];
networking.wg-quick.interfaces.wg0 = {
address = [ "10.23.42.1/32" "fc00::1/128" ];
@@ -34,6 +37,7 @@ import ../make-test-python.nix ({ pkgs, lib, ... }:
ip4 = "192.168.0.2";
ip6 = "fd00::2";
extraConfig = {
boot = lib.mkIf (kernelPackages != null) { inherit kernelPackages; };
networking.wg-quick.interfaces.wg0 = {
address = [ "10.23.42.2/32" "fc00::2/128" ];
inherit (wg-snakeoil-keys.peer1) privateKey;
4 changes: 1 addition & 3 deletions pkgs/tools/networking/wireguard-tools/default.nix
View file
Original file line number Diff line number Diff line change
@@ -49,9 +49,7 @@ stdenv.mkDerivation rec {

passthru = {
updateScript = ./update.sh;
tests = {
inherit (nixosTests) wireguard wg-quick wireguard-generated wireguard-namespaces;
};
tests = nixosTests.wireguard;
};

meta = {