Merge pull request 'wireguard/test: move test to service directory' (#5507) from dave into main

Reviewed-on: https://git.clan.lol/clan/clan-core/pulls/5507
2025-10-16 07:55:53 +00:00
parent 617e4b0ce1 6b7530f27d
commit b7013dc795
50 changed files with 110 additions and 116 deletions
--- a/checks/flake-module.nix
+++ b/checks/flake-module.nix
@@ -92,7 +92,6 @@ in
            nixos-test-extra-python-packages = self.clanLib.test.containerTest ./test-extra-python-packages nixosTestArgs;
            service-dummy-test = import ./service-dummy-test nixosTestArgs;
            wireguard = import ./wireguard nixosTestArgs;
            service-dummy-test-from-flake = import ./service-dummy-test-from-flake nixosTestArgs;
          };
--- a/checks/wireguard/default.nix
+++ b/checks/wireguard/default.nix
@@ -1,115 +0,0 @@
 {
  pkgs,
  nixosLib,
  clan-core,
  lib,
  ...
 }:
 nixosLib.runTest (
  { ... }:
  let
    machines = [
      "controller1"
      "controller2"
      "peer1"
      "peer2"
      "peer3"
    ];
  in
  {
    imports = [
      clan-core.modules.nixosTest.clanTest
    ];
    hostPkgs = pkgs;
    name = "wireguard";
    clan = {
      directory = ./.;
      modules."@clan/wireguard" = import ../../clanServices/wireguard/default.nix;
      inventory = {
        machines = lib.genAttrs machines (_: { });
        instances = {
          /*
                          wg-test-one
            ┌───────────────────────────────┐
            │            ◄─────────────     │
            │ controller2              controller1
            │    ▲       ─────────────►    ▲     ▲
            │    │ │ │ │                 │ │   │ │
            │    │ │ │ │                 │ │   │ │
            │    │ │ │ │                 │ │   │ │
            │    │ │ │ └───────────────┐ │ │   │ │
            │    │ │ └──────────────┐  │ │ │   │ │
            │      ▼                │  ▼ ▼     ▼
            └─► peer2               │  peer1  peer3
                                    │          ▲
                                    └──────────┘
          */
          wg-test-one = {
            module.name = "@clan/wireguard";
            module.input = "self";
            roles.controller.machines."controller1".settings = {
              endpoint = "192.168.1.1";
            };
            roles.controller.machines."controller2".settings = {
              endpoint = "192.168.1.2";
            };
            roles.peer.machines = {
              peer1.settings.controller = "controller1";
              peer2.settings.controller = "controller2";
              peer3.settings.controller = "controller1";
            };
          };
          # TODO: Will this actually work with conflicting ports? Can we re-use interfaces?
          #wg-test-two = {
          #  module.name = "@clan/wireguard";
          #  roles.controller.machines."controller1".settings = {
          #    endpoint = "192.168.1.1";
          #    port = 51922;
          #  };
          #  roles.peer.machines = {
          #    peer1 = { };
          #  };
          #};
        };
      };
    };
    testScript = ''
      start_all()
      # Show all addresses
      machines = [peer1, peer2, peer3, controller1, controller2]
      for m in machines:
          m.systemctl("start network-online.target")
      for m in machines:
          m.wait_for_unit("network-online.target")
          m.wait_for_unit("systemd-networkd.service")
      print("\n\n" + "="*60)
      print("STARTING PING TESTS")
      print("="*60)
      for m1 in machines:
          for m2 in machines:
              if m1 != m2:
                  print(f"\n--- Pinging from {m1.name} to {m2.name}.wg-test-one ---")
                  m1.wait_until_succeeds(f"ping -c1 {m2.name}.wg-test-one >&2")
    '';
  }
 )
--- a/clanServices/wireguard/flake-module.nix
+++ b/clanServices/wireguard/flake-module.nix
@@ -4,4 +4,12 @@ let
 in
 {
  clan.modules.wireguard = module;
  perSystem =
    { ... }:
    {
      clan.nixosTests.service-wireguard = {
        imports = [ ./tests/vm/default.nix ];
        clan.modules."@clan/wireguard" = module;
      };
    };
 }
--- a/clanServices/wireguard/tests/vm/default.nix
+++ b/clanServices/wireguard/tests/vm/default.nix
@@ -0,0 +1,102 @@
 {
  lib,
  ...
 }:
 let
  machines = [
    "controller1"
    "controller2"
    "peer1"
    "peer2"
    "peer3"
  ];
 in
 {
  name = "service-wireguard";
  clan = {
    directory = ./.;
    inventory = {
      machines = lib.genAttrs machines (_: { });
      instances = {
        /*
                        wg-test-one
          ┌───────────────────────────────┐
          │            ◄─────────────     │
          │ controller2              controller1
          │    ▲       ─────────────►    ▲     ▲
          │    │ │ │ │                 │ │   │ │
          │    │ │ │ │                 │ │   │ │
          │    │ │ │ │                 │ │   │ │
          │    │ │ │ └───────────────┐ │ │   │ │
          │    │ │ └──────────────┐  │ │ │   │ │
          │      ▼                │  ▼ ▼     ▼
          └─► peer2               │  peer1  peer3
                                  │          ▲
                                  └──────────┘
        */
        wg-test-one = {
          module.name = "@clan/wireguard";
          module.input = "self";
          roles.controller.machines."controller1".settings = {
            endpoint = "192.168.1.1";
          };
          roles.controller.machines."controller2".settings = {
            endpoint = "192.168.1.2";
          };
          roles.peer.machines = {
            peer1.settings.controller = "controller1";
            peer2.settings.controller = "controller2";
            peer3.settings.controller = "controller1";
          };
        };
        # TODO: Will this actually work with conflicting ports? Can we re-use interfaces?
        #wg-test-two = {
        #  module.name = "@clan/wireguard";
        #  roles.controller.machines."controller1".settings = {
        #    endpoint = "192.168.1.1";
        #    port = 51922;
        #  };
        #  roles.peer.machines = {
        #    peer1 = { };
        #  };
        #};
      };
    };
  };
  testScript = ''
    start_all()
    # Show all addresses
    machines = [peer1, peer2, peer3, controller1, controller2]
    for m in machines:
        m.systemctl("start network-online.target")
    for m in machines:
        m.wait_for_unit("network-online.target")
        m.wait_for_unit("systemd-networkd.service")
    print("\n\n" + "="*60)
    print("STARTING PING TESTS")
    print("="*60)
    for m1 in machines:
        for m2 in machines:
            if m1 != m2:
                print(f"\n--- Pinging from {m1.name} to {m2.name}.wg-test-one ---")
                m1.wait_until_succeeds(f"ping -c1 {m2.name}.wg-test-one >&2")
  '';
 }
--- a/clanServices/wireguard/tests/vm/sops/machines/controller1/key.json
+++ b/clanServices/wireguard/tests/vm/sops/machines/controller1/key.json
--- a/clanServices/wireguard/tests/vm/sops/machines/controller2/key.json
+++ b/clanServices/wireguard/tests/vm/sops/machines/controller2/key.json
--- a/clanServices/wireguard/tests/vm/sops/machines/peer1/key.json
+++ b/clanServices/wireguard/tests/vm/sops/machines/peer1/key.json
--- a/clanServices/wireguard/tests/vm/sops/machines/peer2/key.json
+++ b/clanServices/wireguard/tests/vm/sops/machines/peer2/key.json
--- a/clanServices/wireguard/tests/vm/sops/machines/peer3/key.json
+++ b/clanServices/wireguard/tests/vm/sops/machines/peer3/key.json
--- a/clanServices/wireguard/tests/vm/sops/secrets/controller1-age.key/secret
+++ b/clanServices/wireguard/tests/vm/sops/secrets/controller1-age.key/secret
--- a/clanServices/wireguard/tests/vm/sops/secrets/controller1-age.key/users/admin
+++ b/clanServices/wireguard/tests/vm/sops/secrets/controller1-age.key/users/admin
--- a/clanServices/wireguard/tests/vm/sops/secrets/controller2-age.key/secret
+++ b/clanServices/wireguard/tests/vm/sops/secrets/controller2-age.key/secret
--- a/clanServices/wireguard/tests/vm/sops/secrets/controller2-age.key/users/admin
+++ b/clanServices/wireguard/tests/vm/sops/secrets/controller2-age.key/users/admin
--- a/clanServices/wireguard/tests/vm/sops/secrets/peer1-age.key/secret
+++ b/clanServices/wireguard/tests/vm/sops/secrets/peer1-age.key/secret
--- a/clanServices/wireguard/tests/vm/sops/secrets/peer1-age.key/users/admin
+++ b/clanServices/wireguard/tests/vm/sops/secrets/peer1-age.key/users/admin
--- a/clanServices/wireguard/tests/vm/sops/secrets/peer2-age.key/secret
+++ b/clanServices/wireguard/tests/vm/sops/secrets/peer2-age.key/secret
--- a/clanServices/wireguard/tests/vm/sops/secrets/peer2-age.key/users/admin
+++ b/clanServices/wireguard/tests/vm/sops/secrets/peer2-age.key/users/admin
--- a/clanServices/wireguard/tests/vm/sops/secrets/peer3-age.key/secret
+++ b/clanServices/wireguard/tests/vm/sops/secrets/peer3-age.key/secret
--- a/clanServices/wireguard/tests/vm/sops/secrets/peer3-age.key/users/admin
+++ b/clanServices/wireguard/tests/vm/sops/secrets/peer3-age.key/users/admin
--- a/clanServices/wireguard/tests/vm/sops/users/admin/key.json
+++ b/clanServices/wireguard/tests/vm/sops/users/admin/key.json
--- a/clanServices/wireguard/tests/vm/vars/per-machine/controller1/wireguard-keys-wg-test-one/privatekey/machines/controller1
+++ b/clanServices/wireguard/tests/vm/vars/per-machine/controller1/wireguard-keys-wg-test-one/privatekey/machines/controller1
--- a/clanServices/wireguard/tests/vm/vars/per-machine/controller1/wireguard-keys-wg-test-one/privatekey/secret
+++ b/clanServices/wireguard/tests/vm/vars/per-machine/controller1/wireguard-keys-wg-test-one/privatekey/secret
--- a/clanServices/wireguard/tests/vm/vars/per-machine/controller1/wireguard-keys-wg-test-one/privatekey/users/admin
+++ b/clanServices/wireguard/tests/vm/vars/per-machine/controller1/wireguard-keys-wg-test-one/privatekey/users/admin
--- a/clanServices/wireguard/tests/vm/vars/per-machine/controller1/wireguard-keys-wg-test-one/publickey/value
+++ b/clanServices/wireguard/tests/vm/vars/per-machine/controller1/wireguard-keys-wg-test-one/publickey/value
--- a/clanServices/wireguard/tests/vm/vars/per-machine/controller1/wireguard-network-wg-test-one/.validation-hash
+++ b/clanServices/wireguard/tests/vm/vars/per-machine/controller1/wireguard-network-wg-test-one/.validation-hash
--- a/clanServices/wireguard/tests/vm/vars/per-machine/controller1/wireguard-network-wg-test-one/prefix/value
+++ b/clanServices/wireguard/tests/vm/vars/per-machine/controller1/wireguard-network-wg-test-one/prefix/value
--- a/clanServices/wireguard/tests/vm/vars/per-machine/controller2/wireguard-keys-wg-test-one/privatekey/machines/controller2
+++ b/clanServices/wireguard/tests/vm/vars/per-machine/controller2/wireguard-keys-wg-test-one/privatekey/machines/controller2
--- a/clanServices/wireguard/tests/vm/vars/per-machine/controller2/wireguard-keys-wg-test-one/privatekey/secret
+++ b/clanServices/wireguard/tests/vm/vars/per-machine/controller2/wireguard-keys-wg-test-one/privatekey/secret
--- a/clanServices/wireguard/tests/vm/vars/per-machine/controller2/wireguard-keys-wg-test-one/privatekey/users/admin
+++ b/clanServices/wireguard/tests/vm/vars/per-machine/controller2/wireguard-keys-wg-test-one/privatekey/users/admin
--- a/clanServices/wireguard/tests/vm/vars/per-machine/controller2/wireguard-keys-wg-test-one/publickey/value
+++ b/clanServices/wireguard/tests/vm/vars/per-machine/controller2/wireguard-keys-wg-test-one/publickey/value
--- a/clanServices/wireguard/tests/vm/vars/per-machine/controller2/wireguard-network-wg-test-one/.validation-hash
+++ b/clanServices/wireguard/tests/vm/vars/per-machine/controller2/wireguard-network-wg-test-one/.validation-hash
--- a/clanServices/wireguard/tests/vm/vars/per-machine/controller2/wireguard-network-wg-test-one/prefix/value
+++ b/clanServices/wireguard/tests/vm/vars/per-machine/controller2/wireguard-network-wg-test-one/prefix/value
--- a/clanServices/wireguard/tests/vm/vars/per-machine/peer1/wireguard-keys-wg-test-one/privatekey/machines/peer1
+++ b/clanServices/wireguard/tests/vm/vars/per-machine/peer1/wireguard-keys-wg-test-one/privatekey/machines/peer1
--- a/clanServices/wireguard/tests/vm/vars/per-machine/peer1/wireguard-keys-wg-test-one/privatekey/secret
+++ b/clanServices/wireguard/tests/vm/vars/per-machine/peer1/wireguard-keys-wg-test-one/privatekey/secret
--- a/clanServices/wireguard/tests/vm/vars/per-machine/peer1/wireguard-keys-wg-test-one/privatekey/users/admin
+++ b/clanServices/wireguard/tests/vm/vars/per-machine/peer1/wireguard-keys-wg-test-one/privatekey/users/admin
--- a/clanServices/wireguard/tests/vm/vars/per-machine/peer1/wireguard-keys-wg-test-one/publickey/value
+++ b/clanServices/wireguard/tests/vm/vars/per-machine/peer1/wireguard-keys-wg-test-one/publickey/value
--- a/clanServices/wireguard/tests/vm/vars/per-machine/peer1/wireguard-network-wg-test-one/.validation-hash
+++ b/clanServices/wireguard/tests/vm/vars/per-machine/peer1/wireguard-network-wg-test-one/.validation-hash
--- a/clanServices/wireguard/tests/vm/vars/per-machine/peer1/wireguard-network-wg-test-one/suffix/value
+++ b/clanServices/wireguard/tests/vm/vars/per-machine/peer1/wireguard-network-wg-test-one/suffix/value
--- a/clanServices/wireguard/tests/vm/vars/per-machine/peer2/wireguard-keys-wg-test-one/privatekey/machines/peer2
+++ b/clanServices/wireguard/tests/vm/vars/per-machine/peer2/wireguard-keys-wg-test-one/privatekey/machines/peer2
--- a/clanServices/wireguard/tests/vm/vars/per-machine/peer2/wireguard-keys-wg-test-one/privatekey/secret
+++ b/clanServices/wireguard/tests/vm/vars/per-machine/peer2/wireguard-keys-wg-test-one/privatekey/secret
--- a/clanServices/wireguard/tests/vm/vars/per-machine/peer2/wireguard-keys-wg-test-one/privatekey/users/admin
+++ b/clanServices/wireguard/tests/vm/vars/per-machine/peer2/wireguard-keys-wg-test-one/privatekey/users/admin
--- a/clanServices/wireguard/tests/vm/vars/per-machine/peer2/wireguard-keys-wg-test-one/publickey/value
+++ b/clanServices/wireguard/tests/vm/vars/per-machine/peer2/wireguard-keys-wg-test-one/publickey/value
--- a/clanServices/wireguard/tests/vm/vars/per-machine/peer2/wireguard-network-wg-test-one/.validation-hash
+++ b/clanServices/wireguard/tests/vm/vars/per-machine/peer2/wireguard-network-wg-test-one/.validation-hash
--- a/clanServices/wireguard/tests/vm/vars/per-machine/peer2/wireguard-network-wg-test-one/suffix/value
+++ b/clanServices/wireguard/tests/vm/vars/per-machine/peer2/wireguard-network-wg-test-one/suffix/value
--- a/clanServices/wireguard/tests/vm/vars/per-machine/peer3/wireguard-keys-wg-test-one/privatekey/machines/peer3
+++ b/clanServices/wireguard/tests/vm/vars/per-machine/peer3/wireguard-keys-wg-test-one/privatekey/machines/peer3
--- a/clanServices/wireguard/tests/vm/vars/per-machine/peer3/wireguard-keys-wg-test-one/privatekey/secret
+++ b/clanServices/wireguard/tests/vm/vars/per-machine/peer3/wireguard-keys-wg-test-one/privatekey/secret
--- a/clanServices/wireguard/tests/vm/vars/per-machine/peer3/wireguard-keys-wg-test-one/privatekey/users/admin
+++ b/clanServices/wireguard/tests/vm/vars/per-machine/peer3/wireguard-keys-wg-test-one/privatekey/users/admin
--- a/clanServices/wireguard/tests/vm/vars/per-machine/peer3/wireguard-keys-wg-test-one/publickey/value
+++ b/clanServices/wireguard/tests/vm/vars/per-machine/peer3/wireguard-keys-wg-test-one/publickey/value
--- a/clanServices/wireguard/tests/vm/vars/per-machine/peer3/wireguard-network-wg-test-one/.validation-hash
+++ b/clanServices/wireguard/tests/vm/vars/per-machine/peer3/wireguard-network-wg-test-one/.validation-hash
--- a/clanServices/wireguard/tests/vm/vars/per-machine/peer3/wireguard-network-wg-test-one/suffix/value
+++ b/clanServices/wireguard/tests/vm/vars/per-machine/peer3/wireguard-network-wg-test-one/suffix/value