Skip to content

Commit 68483a7

Browse files
james-atkinsjames-atkins
committed
nixos/networkd: test systemd-creds in WireGuard
1 parent 42f5ecd commit 68483a7

File tree

1 file changed

+8
-2
lines changed

1 file changed

+8
-2
lines changed

nixos/tests/systemd-networkd.nix

Lines changed: 8 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,11 +1,12 @@
1-
let generateNodeConf = { lib, pkgs, config, privk, pubk, peerId, nodeId, ...}: {
1+
let generateNodeConf = { lib, pkgs, config, privk, pubk, systemdCreds, peerId, nodeId, ...}: {
22
imports = [ common/user-account.nix ];
33
systemd.services.systemd-networkd.environment.SYSTEMD_LOG_LEVEL = "debug";
44
networking.useNetworkd = true;
55
networking.useDHCP = false;
66
networking.firewall.enable = false;
77
virtualisation.vlans = [ 1 ];
88
environment.systemPackages = with pkgs; [ wireguard-tools ];
9+
environment.etc."credstore/network.wireguard.private" = lib.mkIf systemdCreds { text = privk; };
910
systemd.network = {
1011
enable = true;
1112
config = {
@@ -15,11 +16,14 @@ let generateNodeConf = { lib, pkgs, config, privk, pubk, peerId, nodeId, ...}: {
1516
"90-wg0" = {
1617
netdevConfig = { Kind = "wireguard"; Name = "wg0"; };
1718
wireguardConfig = {
19+
# Test storing wireguard private key using systemd credentials.
20+
PrivateKey = lib.mkIf systemdCreds "@network.wireguard.private";
21+
1822
# NOTE: we're storing the wireguard private key in the
1923
# store for this test. Do not do this in the real
2024
# world. Keep in mind the nix store is
2125
# world-readable.
22-
PrivateKeyFile = pkgs.writeText "wg0-priv" privk;
26+
PrivateKeyFile = lib.mkIf (!systemdCreds) (pkgs.writeText "wg0-priv" privk);
2327
ListenPort = 51820;
2428
FirewallMark = 42;
2529
};
@@ -74,6 +78,7 @@ in import ./make-test-python.nix ({pkgs, ... }: {
7478
let localConf = {
7579
privk = "GDiXWlMQKb379XthwX0haAbK6hTdjblllpjGX0heP00=";
7680
pubk = "iRxpqj42nnY0Qz8MAQbSm7bXxXP5hkPqWYIULmvW+EE=";
81+
systemdCreds = false;
7782
nodeId = "1";
7883
peerId = "2";
7984
};
@@ -83,6 +88,7 @@ in import ./make-test-python.nix ({pkgs, ... }: {
8388
let localConf = {
8489
privk = "eHxSI2jwX/P4AOI0r8YppPw0+4NZnjOxfbS5mt06K2k=";
8590
pubk = "27s0OvaBBdHoJYkH9osZpjpgSOVNw+RaKfboT/Sfq0g=";
91+
systemdCreds = true;
8692
nodeId = "2";
8793
peerId = "1";
8894
};

0 commit comments

Comments
 (0)