From 098aff91ab19aa785b20602206e725a906e802b5 Mon Sep 17 00:00:00 2001
From: Karolin Varner <karo@cupdev.net>
Date: Fri, 22 Aug 2025 17:09:55 +0200
Subject: [PATCH] fix(integration-test): Don't erase endpoint & allowed ips
 when setting PSK

---
 tests/integration/rp-key-sync.nix | 12 ++++++++++++
 tests/integration/rpsc-test.nix   | 12 ++++++++++++
 2 files changed, 24 insertions(+)

diff --git a/tests/integration/rp-key-sync.nix b/tests/integration/rp-key-sync.nix
index 127d2a4..f4a3087 100644
--- a/tests/integration/rp-key-sync.nix
+++ b/tests/integration/rp-key-sync.nix
@@ -41,6 +41,16 @@ let
           type = lib.types.path;
           description = "Location of the .osk file on the key exchange server";
         };
+
+        endpoint = lib.mkOption {
+          type = lib.types.str;
+          description = "IP address of the peer to connect via.";
+        };
+
+        allowedIps = lib.mkOption {
+          type = lib.types.str;
+          description = "IP addresses on the WireGuard VPN the peer is allowed to use";
+        };
       };
     };
 in
@@ -67,6 +77,8 @@ in
             | ${pkgs.wireguard-tools}/bin/wg \
               set ${instanceCfg.wgInterface} \
               peer ${instanceCfg.peerPubkey} \
+              endpoint ${instanceCfg.endpoint} \
+              allowed-ips ${instanceCfg.allowedIps} \
               preshared-key /dev/stdin
         '';
         serviceConfig = {
diff --git a/tests/integration/rpsc-test.nix b/tests/integration/rpsc-test.nix
index 44e4368..89a4592 100644
--- a/tests/integration/rpsc-test.nix
+++ b/tests/integration/rpsc-test.nix
@@ -207,6 +207,8 @@ in
               rpHost = "peerakeyexchanger";
               peerPubkey = staticConfig.peerB.publicKey;
               remoteKeyPath = keyExchangePathAB;
+              endpoint = "peerB:${builtins.toString wgPort}";
+              allowedIps = "${staticConfig.peerB.innerIp}/24";
             };
           }
           // lib.optionalAttrs multiPeer {
@@ -217,6 +219,8 @@ in
               rpHost = "peerakeyexchanger";
               peerPubkey = staticConfig.peerC.publicKey;
               remoteKeyPath = keyExchangePathAC;
+              endpoint = "peerC:${builtins.toString wgPort}";
+              allowedIps = "${staticConfig.peerC.innerIp}/24";
             };
           };
       };
@@ -255,6 +259,8 @@ in
               rpHost = "peerbkeyexchanger";
               peerPubkey = staticConfig.peerA.publicKey;
               remoteKeyPath = keyExchangePathBA;
+              endpoint = "peerA:${builtins.toString wgPort}";
+              allowedIps = "${staticConfig.peerB.innerIp}/24";
             };
           }
           // lib.optionalAttrs multiPeer {
@@ -265,6 +271,8 @@ in
               rpHost = "peerbkeyexchanger";
               peerPubkey = staticConfig.peerC.publicKey;
               remoteKeyPath = keyExchangePathBC;
+              endpoint = "peerC:${builtins.toString wgPort}";
+              allowedIps = "${staticConfig.peerC.innerIp}/24";
             };
           };
       };
@@ -330,6 +338,8 @@ in
             rpHost = "peerckeyexchanger";
             peerPubkey = staticConfig.peerA.publicKey;
             remoteKeyPath = keyExchangePathCA;
+            endpoint = "peerA:${builtins.toString wgPort}";
+            allowedIps = "${staticConfig.peerA.innerIp}/24";
           };
           CB = {
             create = true;
@@ -338,6 +348,8 @@ in
             rpHost = "peerckeyexchanger";
             peerPubkey = staticConfig.peerB.publicKey;
             remoteKeyPath = keyExchangePathCB;
+            endpoint = "peerB:${builtins.toString wgPort}";
+            allowedIps = "${staticConfig.peerB.innerIp}/24";
           };
         };
       };