From c2690b6544838e149819eeafd0be842b0aab1e48 Mon Sep 17 00:00:00 2001 From: Janik H Date: Thu, 30 Mar 2023 12:36:38 +0200 Subject: [PATCH 1/4] alice-lg: init at 6.0.0 --- pkgs/servers/alice-lg/default.nix | 84 +++++++++++++++++++++++++++++++ pkgs/top-level/all-packages.nix | 2 + 2 files changed, 86 insertions(+) create mode 100644 pkgs/servers/alice-lg/default.nix diff --git a/pkgs/servers/alice-lg/default.nix b/pkgs/servers/alice-lg/default.nix new file mode 100644 index 000000000000..2e77d6917d6c --- /dev/null +++ b/pkgs/servers/alice-lg/default.nix @@ -0,0 +1,84 @@ +{ lib +, fetchFromGitHub +, buildGoModule +, fetchYarnDeps +, stdenv +, yarn +, nodejs +, git +, fixup_yarn_lock +}: + +buildGoModule rec { + pname = "alice-lg"; + version = "6.0.0"; + + src = fetchFromGitHub { + owner = "alice-lg"; + repo = "alice-lg"; + rev = version; + hash = "sha256-BdhbHAFqyQc8UbVm6eakbVmLS5QgXhr06oxoc6vYtsM="; + }; + + vendorSha256 = "sha256-SNF46uUTRCaa9qeGCfkHBjyo4BWOlpRaTDq+Uha08y8="; + + passthru.ui = stdenv.mkDerivation { + pname = "alice-lg-ui"; + src = "${src}/ui"; + inherit version; + + yarnOfflineCache = fetchYarnDeps { + yarnLock = src + "/ui/yarn.lock"; + hash = "sha256-NeK9IM8E2IH09SVH9lMlV3taCmqwlroo4xzmv4Q01jI="; + }; + + nativeBuildInputs = [ nodejs yarn git ]; + configurePhase = '' + runHook preConfigure + + # Yarn and bundler wants a real home directory to write cache, config, etc to + export HOME=$NIX_BUILD_TOP/fake_home + + # Make yarn install packages from our offline cache, not the registry + yarn config --offline set yarn-offline-mirror $yarnOfflineCache + + # Fixup "resolved"-entries in yarn.lock to match our offline cache + ${fixup_yarn_lock}/bin/fixup_yarn_lock yarn.lock + + yarn install --offline --frozen-lockfile --ignore-scripts --no-progress --non-interactive + patchShebangs node_modules/ + runHook postConfigure + ''; + + buildPhase = '' + runHook preBuild + + ./node_modules/.bin/react-scripts build + + runHook postBuild + ''; + + installPhase = '' + runHook preInstall + + mv build $out + + runHook postInstall + ''; + }; + + preBuild = '' + cp -R ${passthru.ui}/ ui/build/ + ''; + + subPackages = [ "cmd/alice-lg" ]; + doCheck = false; + + meta = with lib; { + homepage = "https://github.com/alice-lg/alice-lg"; + description = "A looking-glass for BGP sessions"; + changelog = "https://github.com/alice-lg/alice-lg/blob/main/CHANGELOG.md"; + license = licenses.bsd3; + maintainers = with maintainers; [ janik ]; + }; +} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 9271fa9495cc..4efa38117039 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -1405,6 +1405,8 @@ with pkgs; albert = libsForQt5.callPackage ../applications/misc/albert { }; + alice-lg = callPackage ../servers/alice-lg{ }; + alice-tools = callPackage ../tools/games/alice-tools { withGUI = false; }; From 8ed86700a2d33243b390b8ed14b8d3c8457c0308 Mon Sep 17 00:00:00 2001 From: Janik H Date: Tue, 11 Apr 2023 17:55:16 +0200 Subject: [PATCH 2/4] nixos/alice-lg: init --- .../manual/release-notes/rl-2305.section.md | 2 + nixos/modules/module-list.nix | 1 + .../modules/services/networking/alice-lg.nix | 101 ++++++++++++++++++ nixos/tests/alice-lg.nix | 44 ++++++++ nixos/tests/all-tests.nix | 1 + 5 files changed, 149 insertions(+) create mode 100644 nixos/modules/services/networking/alice-lg.nix create mode 100644 nixos/tests/alice-lg.nix diff --git a/nixos/doc/manual/release-notes/rl-2305.section.md b/nixos/doc/manual/release-notes/rl-2305.section.md index e23f1b562e71..7e35f6284195 100644 --- a/nixos/doc/manual/release-notes/rl-2305.section.md +++ b/nixos/doc/manual/release-notes/rl-2305.section.md @@ -77,6 +77,8 @@ In addition to numerous new and upgraded packages, this release has the followin - [photoprism](https://photoprism.app/), a AI-Powered Photos App for the Decentralized Web. Available as [services.photoprism](options.html#opt-services.photoprism.enable). +- [alice-lg](github.com/alice-lg/alice-lg), a looking-glass for BGP sessions. Available as [services.alice-lg](#opt-services.alice-lg.enable). + - [peroxide](https://github.com/ljanyst/peroxide), a fork of the official [ProtonMail bridge](https://github.com/ProtonMail/proton-bridge) that aims to be similar to [Hydroxide](https://github.com/emersion/hydroxide). Available as [services.peroxide](#opt-services.peroxide.enable). - [autosuspend](https://github.com/languitar/autosuspend), a python daemon that suspends a system if certain conditions are met, or not met. diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index abd88d285a99..7db8bfd465db 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -788,6 +788,7 @@ ./services/network-filesystems/yandex-disk.nix ./services/networking/3proxy.nix ./services/networking/adguardhome.nix + ./services/networking/alice-lg.nix ./services/networking/amuled.nix ./services/networking/antennas.nix ./services/networking/aria2.nix diff --git a/nixos/modules/services/networking/alice-lg.nix b/nixos/modules/services/networking/alice-lg.nix new file mode 100644 index 000000000000..06b9ac89f12f --- /dev/null +++ b/nixos/modules/services/networking/alice-lg.nix @@ -0,0 +1,101 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.services.alice-lg; + settingsFormat = pkgs.formats.ini { }; +in +{ + options = { + services.alice-lg = { + enable = mkEnableOption (lib.mdDoc "Alice Looking Glass"); + + package = mkPackageOptionMD pkgs "alice-lg" { }; + + settings = mkOption { + type = settingsFormat.type; + default = { }; + description = lib.mdDoc '' + alice-lg configuration, for configuration options see the example on [github](https://github.com/alice-lg/alice-lg/blob/main/etc/alice-lg/alice.example.conf) + ''; + example = literalExpression '' + { + server = { + # configures the built-in webserver and provides global application settings + listen_http = "127.0.0.1:7340"; + enable_prefix_lookup = true; + asn = 9033; + store_backend = postgres; + routes_store_refresh_parallelism = 5; + neighbors_store_refresh_parallelism = 10000; + routes_store_refresh_interval = 5; + neighbors_store_refresh_interval = 5; + }; + postgres = { + url = "postgres://postgres:postgres@localhost:5432/alice"; + min_connections = 2; + max_connections = 128; + }; + pagination = { + routes_filtered_page_size = 250; + routes_accepted_page_size = 250; + routes_not_exported_page_size = 250; + }; + } + ''; + }; + }; + }; + + config = lib.mkIf cfg.enable { + environment = { + etc."alice-lg/alice.conf".source = settingsFormat.generate "alice-lg.conf" cfg.settings; + }; + systemd.services = { + alice-lg = { + wants = [ "network.target" ]; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + description = "Alice Looking Glass"; + serviceConfig = { + DynamicUser = true; + Type = "simple"; + Restart = "on-failure"; + RestartSec = 15; + ExecStart = "${cfg.package}/bin/alice-lg"; + StateDirectoryMode = "0700"; + UMask = "0007"; + CapabilityBoundingSet = ""; + NoNewPrivileges = true; + ProtectSystem = "strict"; + PrivateTmp = true; + PrivateDevices = true; + PrivateUsers = true; + ProtectHostname = true; + ProtectClock = true; + ProtectKernelTunables = true; + ProtectKernelModules = true; + ProtectKernelLogs = true; + ProtectControlGroups = true; + RestrictAddressFamilies = [ "AF_INET AF_INET6" ]; + LockPersonality = true; + MemoryDenyWriteExecute = true; + RestrictRealtime = true; + RestrictSUIDSGID = true; + PrivateMounts = true; + SystemCallArchitectures = "native"; + SystemCallFilter = "~@clock @privileged @cpu-emulation @debug @keyring @module @mount @obsolete @raw-io @reboot @setuid @swap"; + BindReadOnlyPaths = [ + "-/etc/resolv.conf" + "-/etc/nsswitch.conf" + "-/etc/ssl/certs" + "-/etc/static/ssl/certs" + "-/etc/hosts" + "-/etc/localtime" + ]; + }; + }; + }; + }; +} diff --git a/nixos/tests/alice-lg.nix b/nixos/tests/alice-lg.nix new file mode 100644 index 000000000000..640e60030a04 --- /dev/null +++ b/nixos/tests/alice-lg.nix @@ -0,0 +1,44 @@ +# This test does a basic functionality check for alice-lg + +{ system ? builtins.currentSystem +, pkgs ? import ../.. { inherit system; config = { }; } +}: + +let + inherit (import ../lib/testing-python.nix { inherit system pkgs; }) makeTest; + inherit (pkgs.lib) optionalString; +in +makeTest { + name = "birdwatcher"; + nodes = { + host1 = { + environment.systemPackages = with pkgs; [ jq ]; + services.alice-lg = { + enable = true; + settings = { + server = { + listen_http = "[::]:7340"; + enable_prefix_lookup = true; + asn = 1; + routes_store_refresh_parallelism = 5; + neighbors_store_refresh_parallelism = 10000; + routes_store_refresh_interval = 5; + neighbors_store_refresh_interval = 5; + }; + housekeeping = { + interval = 5; + force_release_memory = true; + }; + }; + }; + }; + }; + + testScript = '' + start_all() + + host1.wait_for_unit("alice-lg.service") + host1.wait_for_open_port(7340) + host1.succeed("curl http://[::]:7340 | grep 'Alice BGP Looking Glass'") + ''; +} diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index 3167a865fc9d..234a3ba4ca51 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -75,6 +75,7 @@ in { airsonic = handleTest ./airsonic.nix {}; akkoma = handleTestOn [ "x86_64-linux" "aarch64-linux" ] ./akkoma.nix {}; akkoma-confined = handleTestOn [ "x86_64-linux" "aarch64-linux" ] ./akkoma.nix { confined = true; }; + alice-lg = handleTest ./alice-lg.nix {}; allTerminfo = handleTest ./all-terminfo.nix {}; alps = handleTest ./alps.nix {}; amazon-init-shell = handleTest ./amazon-init-shell.nix {}; From 55bd75e98fdb899eb9a9e5929efb2c9097c20d7b Mon Sep 17 00:00:00 2001 From: Janik H Date: Thu, 30 Mar 2023 12:17:08 +0200 Subject: [PATCH 3/4] birdwatcher: init at 2.2.4 --- pkgs/servers/birdwatcher/default.nix | 28 ++++++++++++++++++++++++++++ pkgs/top-level/all-packages.nix | 2 ++ 2 files changed, 30 insertions(+) create mode 100644 pkgs/servers/birdwatcher/default.nix diff --git a/pkgs/servers/birdwatcher/default.nix b/pkgs/servers/birdwatcher/default.nix new file mode 100644 index 000000000000..32f451c07562 --- /dev/null +++ b/pkgs/servers/birdwatcher/default.nix @@ -0,0 +1,28 @@ +{ lib +, fetchFromGitHub +, buildGoModule +}: + +buildGoModule rec { + pname = "birdwatcher"; + version = "2.2.4"; + + vendorSha256 = "sha256-NTD2pnA/GeTn4tXtIFJ227qjRtvBFCjWYZv59Rumc74="; + + src = fetchFromGitHub { + owner = "alice-lg"; + repo = "birdwatcher"; + rev = version; + hash = "sha256-nsmwq7aUcozpp3av38S9wTKv0kiGfmyglQgse9MWSl4="; + }; + + deleteVendor = true; + + meta = with lib; { + homepage = "https://github.com/alice-lg/birdwatcher"; + description = "A small HTTP server meant to provide an API defined by Barry O'Donovan's birds-eye to the BIRD internet routing daemon"; + changelog = "https://github.com/alice-lg/birdwatcher/blob/master/CHANGELOG"; + license = licenses.bsd3; + maintainers = with maintainers; [ janik ]; + }; +} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 4efa38117039..67dc8c71e0f6 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -24677,6 +24677,8 @@ with pkgs; bird-lg = callPackage ../servers/bird-lg { }; + birdwatcher = callPackage ../servers/birdwatcher { }; + bloat = callPackage ../servers/bloat { }; bosun = callPackage ../servers/monitoring/bosun { }; From 40136a1f7f3c6f2484b5455f911c7c35743b7df2 Mon Sep 17 00:00:00 2001 From: Janik H Date: Wed, 12 Apr 2023 09:20:16 +0200 Subject: [PATCH 4/4] nixos/birdwatcher: init --- .../manual/release-notes/rl-2305.section.md | 2 + nixos/modules/module-list.nix | 1 + .../services/networking/birdwatcher.nix | 129 ++++++++++++++++++ nixos/tests/all-tests.nix | 1 + nixos/tests/birdwatcher.nix | 94 +++++++++++++ 5 files changed, 227 insertions(+) create mode 100644 nixos/modules/services/networking/birdwatcher.nix create mode 100644 nixos/tests/birdwatcher.nix diff --git a/nixos/doc/manual/release-notes/rl-2305.section.md b/nixos/doc/manual/release-notes/rl-2305.section.md index 7e35f6284195..fe935d7283c4 100644 --- a/nixos/doc/manual/release-notes/rl-2305.section.md +++ b/nixos/doc/manual/release-notes/rl-2305.section.md @@ -79,6 +79,8 @@ In addition to numerous new and upgraded packages, this release has the followin - [alice-lg](github.com/alice-lg/alice-lg), a looking-glass for BGP sessions. Available as [services.alice-lg](#opt-services.alice-lg.enable). +- [birdwatcher](github.com/alice-lg/birdwatcher), a small HTTP server meant to provide an API defined by Barry O'Donovan's birds-eye to the BIRD internet routing daemon. Available as [services.birdwatcher](#opt-services.birdwatcher.enable). + - [peroxide](https://github.com/ljanyst/peroxide), a fork of the official [ProtonMail bridge](https://github.com/ProtonMail/proton-bridge) that aims to be similar to [Hydroxide](https://github.com/emersion/hydroxide). Available as [services.peroxide](#opt-services.peroxide.enable). - [autosuspend](https://github.com/languitar/autosuspend), a python daemon that suspends a system if certain conditions are met, or not met. diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 7db8bfd465db..1f0597f28144 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -803,6 +803,7 @@ ./services/networking/bind.nix ./services/networking/bird-lg.nix ./services/networking/bird.nix + ./services/networking/birdwatcher.nix ./services/networking/bitcoind.nix ./services/networking/bitlbee.nix ./services/networking/blockbook-frontend.nix diff --git a/nixos/modules/services/networking/birdwatcher.nix b/nixos/modules/services/networking/birdwatcher.nix new file mode 100644 index 000000000000..a129b7a2b4cf --- /dev/null +++ b/nixos/modules/services/networking/birdwatcher.nix @@ -0,0 +1,129 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.services.birdwatcher; +in +{ + options = { + services.birdwatcher = { + package = mkOption { + type = types.package; + default = pkgs.birdwatcher; + defaultText = literalExpression "pkgs.birdwatcher"; + description = lib.mdDoc "The Birdwatcher package to use."; + }; + enable = mkEnableOption (lib.mdDoc "Birdwatcher"); + flags = mkOption { + default = [ ]; + type = types.listOf types.str; + example = [ "-worker-pool-size 16" "-6" ]; + description = lib.mdDoc '' + Flags to append to the program call + ''; + }; + + settings = mkOption { + type = types.lines; + default = { }; + description = lib.mdDoc '' + birdwatcher configuration, for configuration options see the example on [github](https://github.com/alice-lg/birdwatcher/blob/master/etc/birdwatcher/birdwatcher.conf) + ''; + example = literalExpression '' + [server] + allow_from = [] + allow_uncached = false + modules_enabled = ["status", + "protocols", + "protocols_bgp", + "protocols_short", + "routes_protocol", + "routes_peer", + "routes_table", + "routes_table_filtered", + "routes_table_peer", + "routes_filtered", + "routes_prefixed", + "routes_noexport", + "routes_pipe_filtered_count", + "routes_pipe_filtered" + ] + + [status] + reconfig_timestamp_source = "bird" + reconfig_timestamp_match = "# created: (.*)" + + filter_fields = [] + + [bird] + listen = "0.0.0.0:29184" + config = "/etc/bird/bird2.conf" + birdc = "''${pkgs.bird}/bin/birdc" + ttl = 5 # time to live (in minutes) for caching of cli output + + [parser] + filter_fields = [] + + [cache] + use_redis = false # if not using redis cache, activate housekeeping to save memory! + + [housekeeping] + interval = 5 + force_release_memory = true + ''; + }; + }; + }; + + config = + let flagsStr = escapeShellArgs cfg.flags; + in lib.mkIf cfg.enable { + environment.etc."birdwatcher/birdwatcher.conf".source = pkgs.writeTextFile { + name = "birdwatcher.conf"; + text = cfg.settings; + }; + systemd.services = { + birdwatcher = { + wants = [ "network.target" ]; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + description = "Birdwatcher"; + serviceConfig = { + Type = "simple"; + Restart = "on-failure"; + RestartSec = 15; + ExecStart = "${cfg.package}/bin/birdwatcher"; + StateDirectoryMode = "0700"; + UMask = "0117"; + NoNewPrivileges = true; + ProtectSystem = "strict"; + PrivateTmp = true; + PrivateDevices = true; + ProtectHostname = true; + ProtectClock = true; + ProtectKernelTunables = true; + ProtectKernelModules = true; + ProtectKernelLogs = true; + ProtectControlGroups = true; + RestrictAddressFamilies = [ "AF_UNIX AF_INET AF_INET6" ]; + LockPersonality = true; + MemoryDenyWriteExecute = true; + RestrictRealtime = true; + RestrictSUIDSGID = true; + PrivateMounts = true; + SystemCallArchitectures = "native"; + SystemCallFilter = "~@clock @privileged @cpu-emulation @debug @keyring @module @mount @obsolete @raw-io @reboot @setuid @swap"; + BindReadOnlyPaths = [ + "-/etc/resolv.conf" + "-/etc/nsswitch.conf" + "-/etc/ssl/certs" + "-/etc/static/ssl/certs" + "-/etc/hosts" + "-/etc/localtime" + ]; + }; + }; + }; + }; +} diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index 234a3ba4ca51..e2ccad520ca4 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -97,6 +97,7 @@ in { binary-cache = handleTest ./binary-cache.nix {}; bind = handleTest ./bind.nix {}; bird = handleTest ./bird.nix {}; + birdwatcher = handleTest ./birdwatcher.nix {}; bitcoind = handleTest ./bitcoind.nix {}; bittorrent = handleTest ./bittorrent.nix {}; blockbook-frontend = handleTest ./blockbook-frontend.nix {}; diff --git a/nixos/tests/birdwatcher.nix b/nixos/tests/birdwatcher.nix new file mode 100644 index 000000000000..5c41b4d0e4f3 --- /dev/null +++ b/nixos/tests/birdwatcher.nix @@ -0,0 +1,94 @@ +# This test does a basic functionality check for birdwatcher + +{ system ? builtins.currentSystem +, pkgs ? import ../.. { inherit system; config = { }; } +}: + +let + inherit (import ../lib/testing-python.nix { inherit system pkgs; }) makeTest; + inherit (pkgs.lib) optionalString; +in +makeTest { + name = "birdwatcher"; + nodes = { + host1 = { + environment.systemPackages = with pkgs; [ jq ]; + services.bird2 = { + enable = true; + config = '' + log syslog all; + + debug protocols all; + + router id 10.0.0.1; + + protocol device { + } + + protocol kernel kernel4 { + ipv4 { + import none; + export all; + }; + } + + protocol kernel kernel6 { + ipv6 { + import none; + export all; + }; + } + ''; + }; + services.birdwatcher = { + enable = true; + settings = '' + [server] + allow_from = [] + allow_uncached = false + modules_enabled = ["status", + "protocols", + "protocols_bgp", + "protocols_short", + "routes_protocol", + "routes_peer", + "routes_table", + "routes_table_filtered", + "routes_table_peer", + "routes_filtered", + "routes_prefixed", + "routes_noexport", + "routes_pipe_filtered_count", + "routes_pipe_filtered" + ] + [status] + reconfig_timestamp_source = "bird" + reconfig_timestamp_match = "# created: (.*)" + filter_fields = [] + [bird] + listen = "0.0.0.0:29184" + config = "/etc/bird/bird2.conf" + birdc = "${pkgs.bird}/bin/birdc" + ttl = 5 # time to live (in minutes) for caching of cli output + [parser] + filter_fields = [] + [cache] + use_redis = false # if not using redis cache, activate housekeeping to save memory! + [housekeeping] + interval = 5 + force_release_memory = true + ''; + }; + }; + }; + + testScript = '' + start_all() + + host1.wait_for_unit("bird2.service") + host1.wait_for_unit("birdwatcher.service") + host1.wait_for_open_port(29184) + host1.succeed("curl http://[::]:29184/status | jq -r .status.message | grep 'Daemon is up and running'") + host1.succeed("curl http://[::]:29184/protocols | jq -r .protocols.device1.state | grep 'up'") + ''; +}