fix(integration-test): Don't erase endpoint & allowed ips when setting PSK

2025-12-12 07:40:30 -08:00 · 2025-08-22 17:09:55 +02:00
parent d5162d7b9a
commit 098aff91ab
2 changed files with 24 additions and 0 deletions
--- a/tests/integration/rp-key-sync.nix
+++ b/tests/integration/rp-key-sync.nix
@@ -41,6 +41,16 @@ let
          type = lib.types.path;
          description = "Location of the .osk file on the key exchange server";
        };
+
+        endpoint = lib.mkOption {
+          type = lib.types.str;
+          description = "IP address of the peer to connect via.";
+        };
+
+        allowedIps = lib.mkOption {
+          type = lib.types.str;
+          description = "IP addresses on the WireGuard VPN the peer is allowed to use";
+        };
      };
    };
 in
@@ -67,6 +77,8 @@ in
            | ${pkgs.wireguard-tools}/bin/wg \
              set ${instanceCfg.wgInterface} \
              peer ${instanceCfg.peerPubkey} \
+              endpoint ${instanceCfg.endpoint} \
+              allowed-ips ${instanceCfg.allowedIps} \
              preshared-key /dev/stdin
        '';
        serviceConfig = {
--- a/tests/integration/rpsc-test.nix
+++ b/tests/integration/rpsc-test.nix
@@ -207,6 +207,8 @@ in
              rpHost = "peerakeyexchanger";
              peerPubkey = staticConfig.peerB.publicKey;
              remoteKeyPath = keyExchangePathAB;
+              endpoint = "peerB:${builtins.toString wgPort}";
+              allowedIps = "${staticConfig.peerB.innerIp}/24";
            };
          }
          // lib.optionalAttrs multiPeer {
@@ -217,6 +219,8 @@ in
              rpHost = "peerakeyexchanger";
              peerPubkey = staticConfig.peerC.publicKey;
              remoteKeyPath = keyExchangePathAC;
+              endpoint = "peerC:${builtins.toString wgPort}";
+              allowedIps = "${staticConfig.peerC.innerIp}/24";
            };
          };
      };
@@ -255,6 +259,8 @@ in
              rpHost = "peerbkeyexchanger";
              peerPubkey = staticConfig.peerA.publicKey;
              remoteKeyPath = keyExchangePathBA;
+              endpoint = "peerA:${builtins.toString wgPort}";
+              allowedIps = "${staticConfig.peerB.innerIp}/24";
            };
          }
          // lib.optionalAttrs multiPeer {
@@ -265,6 +271,8 @@ in
              rpHost = "peerbkeyexchanger";
              peerPubkey = staticConfig.peerC.publicKey;
              remoteKeyPath = keyExchangePathBC;
+              endpoint = "peerC:${builtins.toString wgPort}";
+              allowedIps = "${staticConfig.peerC.innerIp}/24";
            };
          };
      };
@@ -330,6 +338,8 @@ in
            rpHost = "peerckeyexchanger";
            peerPubkey = staticConfig.peerA.publicKey;
            remoteKeyPath = keyExchangePathCA;
+            endpoint = "peerA:${builtins.toString wgPort}";
+            allowedIps = "${staticConfig.peerA.innerIp}/24";
          };
          CB = {
            create = true;
@@ -338,6 +348,8 @@ in
            rpHost = "peerckeyexchanger";
            peerPubkey = staticConfig.peerB.publicKey;
            remoteKeyPath = keyExchangePathCB;
+            endpoint = "peerB:${builtins.toString wgPort}";
+            allowedIps = "${staticConfig.peerB.innerIp}/24";
          };
        };
      };