Merge pull request #226830 from Janik-Haag/birdwatcher

+4

nixos/doc/manual/release-notes/rl-2305.section.md

··· 124 124 125 125 - [photoprism](https://photoprism.app/), a AI-Powered Photos App for the Decentralized Web. Available as [services.photoprism](options.html#opt-services.photoprism.enable). 126 126 127 + - [alice-lg](github.com/alice-lg/alice-lg), a looking-glass for BGP sessions. Available as [services.alice-lg](#opt-services.alice-lg.enable). 128 + 129 + - [birdwatcher](github.com/alice-lg/birdwatcher), a small HTTP server meant to provide an API defined by Barry O'Donovan's birds-eye to the BIRD internet routing daemon. Available as [services.birdwatcher](#opt-services.birdwatcher.enable). 130 + 127 131 - [peroxide](https://github.com/ljanyst/peroxide), a fork of the official [ProtonMail bridge](https://github.com/ProtonMail/proton-bridge) that aims to be similar to [Hydroxide](https://github.com/emersion/hydroxide). Available as [services.peroxide](#opt-services.peroxide.enable). 128 132 129 133 - [autosuspend](https://github.com/languitar/autosuspend), a python daemon that suspends a system if certain conditions are met, or not met.

+2

nixos/modules/module-list.nix

··· 805 805 ./services/network-filesystems/yandex-disk.nix 806 806 ./services/networking/3proxy.nix 807 807 ./services/networking/adguardhome.nix 808 + ./services/networking/alice-lg.nix 808 809 ./services/networking/amuled.nix 809 810 ./services/networking/antennas.nix 810 811 ./services/networking/aria2.nix ··· 819 820 ./services/networking/bind.nix 820 821 ./services/networking/bird-lg.nix 821 822 ./services/networking/bird.nix 823 + ./services/networking/birdwatcher.nix 822 824 ./services/networking/bitcoind.nix 823 825 ./services/networking/bitlbee.nix 824 826 ./services/networking/blockbook-frontend.nix

+101

nixos/modules/services/networking/alice-lg.nix

··· 1 + { config, lib, pkgs, ... }: 2 + 3 + with lib; 4 + 5 + let 6 + cfg = config.services.alice-lg; 7 + settingsFormat = pkgs.formats.ini { }; 8 + in 9 + { 10 + options = { 11 + services.alice-lg = { 12 + enable = mkEnableOption (lib.mdDoc "Alice Looking Glass"); 13 + 14 + package = mkPackageOptionMD pkgs "alice-lg" { }; 15 + 16 + settings = mkOption { 17 + type = settingsFormat.type; 18 + default = { }; 19 + description = lib.mdDoc '' 20 + alice-lg configuration, for configuration options see the example on [github](https://github.com/alice-lg/alice-lg/blob/main/etc/alice-lg/alice.example.conf) 21 + ''; 22 + example = literalExpression '' 23 + { 24 + server = { 25 + # configures the built-in webserver and provides global application settings 26 + listen_http = "127.0.0.1:7340"; 27 + enable_prefix_lookup = true; 28 + asn = 9033; 29 + store_backend = postgres; 30 + routes_store_refresh_parallelism = 5; 31 + neighbors_store_refresh_parallelism = 10000; 32 + routes_store_refresh_interval = 5; 33 + neighbors_store_refresh_interval = 5; 34 + }; 35 + postgres = { 36 + url = "postgres://postgres:postgres@localhost:5432/alice"; 37 + min_connections = 2; 38 + max_connections = 128; 39 + }; 40 + pagination = { 41 + routes_filtered_page_size = 250; 42 + routes_accepted_page_size = 250; 43 + routes_not_exported_page_size = 250; 44 + }; 45 + } 46 + ''; 47 + }; 48 + }; 49 + }; 50 + 51 + config = lib.mkIf cfg.enable { 52 + environment = { 53 + etc."alice-lg/alice.conf".source = settingsFormat.generate "alice-lg.conf" cfg.settings; 54 + }; 55 + systemd.services = { 56 + alice-lg = { 57 + wants = [ "network.target" ]; 58 + after = [ "network.target" ]; 59 + wantedBy = [ "multi-user.target" ]; 60 + description = "Alice Looking Glass"; 61 + serviceConfig = { 62 + DynamicUser = true; 63 + Type = "simple"; 64 + Restart = "on-failure"; 65 + RestartSec = 15; 66 + ExecStart = "${cfg.package}/bin/alice-lg"; 67 + StateDirectoryMode = "0700"; 68 + UMask = "0007"; 69 + CapabilityBoundingSet = ""; 70 + NoNewPrivileges = true; 71 + ProtectSystem = "strict"; 72 + PrivateTmp = true; 73 + PrivateDevices = true; 74 + PrivateUsers = true; 75 + ProtectHostname = true; 76 + ProtectClock = true; 77 + ProtectKernelTunables = true; 78 + ProtectKernelModules = true; 79 + ProtectKernelLogs = true; 80 + ProtectControlGroups = true; 81 + RestrictAddressFamilies = [ "AF_INET AF_INET6" ]; 82 + LockPersonality = true; 83 + MemoryDenyWriteExecute = true; 84 + RestrictRealtime = true; 85 + RestrictSUIDSGID = true; 86 + PrivateMounts = true; 87 + SystemCallArchitectures = "native"; 88 + SystemCallFilter = "~@clock @privileged @cpu-emulation @debug @keyring @module @mount @obsolete @raw-io @reboot @setuid @swap"; 89 + BindReadOnlyPaths = [ 90 + "-/etc/resolv.conf" 91 + "-/etc/nsswitch.conf" 92 + "-/etc/ssl/certs" 93 + "-/etc/static/ssl/certs" 94 + "-/etc/hosts" 95 + "-/etc/localtime" 96 + ]; 97 + }; 98 + }; 99 + }; 100 + }; 101 + }

+129

nixos/modules/services/networking/birdwatcher.nix

··· 1 + { config, lib, pkgs, ... }: 2 + 3 + with lib; 4 + 5 + let 6 + cfg = config.services.birdwatcher; 7 + in 8 + { 9 + options = { 10 + services.birdwatcher = { 11 + package = mkOption { 12 + type = types.package; 13 + default = pkgs.birdwatcher; 14 + defaultText = literalExpression "pkgs.birdwatcher"; 15 + description = lib.mdDoc "The Birdwatcher package to use."; 16 + }; 17 + enable = mkEnableOption (lib.mdDoc "Birdwatcher"); 18 + flags = mkOption { 19 + default = [ ]; 20 + type = types.listOf types.str; 21 + example = [ "-worker-pool-size 16" "-6" ]; 22 + description = lib.mdDoc '' 23 + Flags to append to the program call 24 + ''; 25 + }; 26 + 27 + settings = mkOption { 28 + type = types.lines; 29 + default = { }; 30 + description = lib.mdDoc '' 31 + birdwatcher configuration, for configuration options see the example on [github](https://github.com/alice-lg/birdwatcher/blob/master/etc/birdwatcher/birdwatcher.conf) 32 + ''; 33 + example = literalExpression '' 34 + [server] 35 + allow_from = [] 36 + allow_uncached = false 37 + modules_enabled = ["status", 38 + "protocols", 39 + "protocols_bgp", 40 + "protocols_short", 41 + "routes_protocol", 42 + "routes_peer", 43 + "routes_table", 44 + "routes_table_filtered", 45 + "routes_table_peer", 46 + "routes_filtered", 47 + "routes_prefixed", 48 + "routes_noexport", 49 + "routes_pipe_filtered_count", 50 + "routes_pipe_filtered" 51 + ] 52 + 53 + [status] 54 + reconfig_timestamp_source = "bird" 55 + reconfig_timestamp_match = "# created: (.*)" 56 + 57 + filter_fields = [] 58 + 59 + [bird] 60 + listen = "0.0.0.0:29184" 61 + config = "/etc/bird/bird2.conf" 62 + birdc = "''${pkgs.bird}/bin/birdc" 63 + ttl = 5 # time to live (in minutes) for caching of cli output 64 + 65 + [parser] 66 + filter_fields = [] 67 + 68 + [cache] 69 + use_redis = false # if not using redis cache, activate housekeeping to save memory! 70 + 71 + [housekeeping] 72 + interval = 5 73 + force_release_memory = true 74 + ''; 75 + }; 76 + }; 77 + }; 78 + 79 + config = 80 + let flagsStr = escapeShellArgs cfg.flags; 81 + in lib.mkIf cfg.enable { 82 + environment.etc."birdwatcher/birdwatcher.conf".source = pkgs.writeTextFile { 83 + name = "birdwatcher.conf"; 84 + text = cfg.settings; 85 + }; 86 + systemd.services = { 87 + birdwatcher = { 88 + wants = [ "network.target" ]; 89 + after = [ "network.target" ]; 90 + wantedBy = [ "multi-user.target" ]; 91 + description = "Birdwatcher"; 92 + serviceConfig = { 93 + Type = "simple"; 94 + Restart = "on-failure"; 95 + RestartSec = 15; 96 + ExecStart = "${cfg.package}/bin/birdwatcher"; 97 + StateDirectoryMode = "0700"; 98 + UMask = "0117"; 99 + NoNewPrivileges = true; 100 + ProtectSystem = "strict"; 101 + PrivateTmp = true; 102 + PrivateDevices = true; 103 + ProtectHostname = true; 104 + ProtectClock = true; 105 + ProtectKernelTunables = true; 106 + ProtectKernelModules = true; 107 + ProtectKernelLogs = true; 108 + ProtectControlGroups = true; 109 + RestrictAddressFamilies = [ "AF_UNIX AF_INET AF_INET6" ]; 110 + LockPersonality = true; 111 + MemoryDenyWriteExecute = true; 112 + RestrictRealtime = true; 113 + RestrictSUIDSGID = true; 114 + PrivateMounts = true; 115 + SystemCallArchitectures = "native"; 116 + SystemCallFilter = "~@clock @privileged @cpu-emulation @debug @keyring @module @mount @obsolete @raw-io @reboot @setuid @swap"; 117 + BindReadOnlyPaths = [ 118 + "-/etc/resolv.conf" 119 + "-/etc/nsswitch.conf" 120 + "-/etc/ssl/certs" 121 + "-/etc/static/ssl/certs" 122 + "-/etc/hosts" 123 + "-/etc/localtime" 124 + ]; 125 + }; 126 + }; 127 + }; 128 + }; 129 + }

+44

nixos/tests/alice-lg.nix

··· 1 + # This test does a basic functionality check for alice-lg 2 + 3 + { system ? builtins.currentSystem 4 + , pkgs ? import ../.. { inherit system; config = { }; } 5 + }: 6 + 7 + let 8 + inherit (import ../lib/testing-python.nix { inherit system pkgs; }) makeTest; 9 + inherit (pkgs.lib) optionalString; 10 + in 11 + makeTest { 12 + name = "birdwatcher"; 13 + nodes = { 14 + host1 = { 15 + environment.systemPackages = with pkgs; [ jq ]; 16 + services.alice-lg = { 17 + enable = true; 18 + settings = { 19 + server = { 20 + listen_http = "[::]:7340"; 21 + enable_prefix_lookup = true; 22 + asn = 1; 23 + routes_store_refresh_parallelism = 5; 24 + neighbors_store_refresh_parallelism = 10000; 25 + routes_store_refresh_interval = 5; 26 + neighbors_store_refresh_interval = 5; 27 + }; 28 + housekeeping = { 29 + interval = 5; 30 + force_release_memory = true; 31 + }; 32 + }; 33 + }; 34 + }; 35 + }; 36 + 37 + testScript = '' 38 + start_all() 39 + 40 + host1.wait_for_unit("alice-lg.service") 41 + host1.wait_for_open_port(7340) 42 + host1.succeed("curl http://[::]:7340 | grep 'Alice BGP Looking Glass'") 43 + ''; 44 + }

+2

nixos/tests/all-tests.nix

··· 102 102 airsonic = handleTest ./airsonic.nix {}; 103 103 akkoma = handleTestOn [ "x86_64-linux" "aarch64-linux" ] ./akkoma.nix {}; 104 104 akkoma-confined = handleTestOn [ "x86_64-linux" "aarch64-linux" ] ./akkoma.nix { confined = true; }; 105 + alice-lg = handleTest ./alice-lg.nix {}; 105 106 allTerminfo = handleTest ./all-terminfo.nix {}; 106 107 alps = handleTest ./alps.nix {}; 107 108 amazon-init-shell = handleTest ./amazon-init-shell.nix {}; ··· 123 124 binary-cache = handleTest ./binary-cache.nix {}; 124 125 bind = handleTest ./bind.nix {}; 125 126 bird = handleTest ./bird.nix {}; 127 + birdwatcher = handleTest ./birdwatcher.nix {}; 126 128 bitcoind = handleTest ./bitcoind.nix {}; 127 129 bittorrent = handleTest ./bittorrent.nix {}; 128 130 blockbook-frontend = handleTest ./blockbook-frontend.nix {};

+94

nixos/tests/birdwatcher.nix

··· 1 + # This test does a basic functionality check for birdwatcher 2 + 3 + { system ? builtins.currentSystem 4 + , pkgs ? import ../.. { inherit system; config = { }; } 5 + }: 6 + 7 + let 8 + inherit (import ../lib/testing-python.nix { inherit system pkgs; }) makeTest; 9 + inherit (pkgs.lib) optionalString; 10 + in 11 + makeTest { 12 + name = "birdwatcher"; 13 + nodes = { 14 + host1 = { 15 + environment.systemPackages = with pkgs; [ jq ]; 16 + services.bird2 = { 17 + enable = true; 18 + config = '' 19 + log syslog all; 20 + 21 + debug protocols all; 22 + 23 + router id 10.0.0.1; 24 + 25 + protocol device { 26 + } 27 + 28 + protocol kernel kernel4 { 29 + ipv4 { 30 + import none; 31 + export all; 32 + }; 33 + } 34 + 35 + protocol kernel kernel6 { 36 + ipv6 { 37 + import none; 38 + export all; 39 + }; 40 + } 41 + ''; 42 + }; 43 + services.birdwatcher = { 44 + enable = true; 45 + settings = '' 46 + [server] 47 + allow_from = [] 48 + allow_uncached = false 49 + modules_enabled = ["status", 50 + "protocols", 51 + "protocols_bgp", 52 + "protocols_short", 53 + "routes_protocol", 54 + "routes_peer", 55 + "routes_table", 56 + "routes_table_filtered", 57 + "routes_table_peer", 58 + "routes_filtered", 59 + "routes_prefixed", 60 + "routes_noexport", 61 + "routes_pipe_filtered_count", 62 + "routes_pipe_filtered" 63 + ] 64 + [status] 65 + reconfig_timestamp_source = "bird" 66 + reconfig_timestamp_match = "# created: (.*)" 67 + filter_fields = [] 68 + [bird] 69 + listen = "0.0.0.0:29184" 70 + config = "/etc/bird/bird2.conf" 71 + birdc = "${pkgs.bird}/bin/birdc" 72 + ttl = 5 # time to live (in minutes) for caching of cli output 73 + [parser] 74 + filter_fields = [] 75 + [cache] 76 + use_redis = false # if not using redis cache, activate housekeeping to save memory! 77 + [housekeeping] 78 + interval = 5 79 + force_release_memory = true 80 + ''; 81 + }; 82 + }; 83 + }; 84 + 85 + testScript = '' 86 + start_all() 87 + 88 + host1.wait_for_unit("bird2.service") 89 + host1.wait_for_unit("birdwatcher.service") 90 + host1.wait_for_open_port(29184) 91 + host1.succeed("curl http://[::]:29184/status | jq -r .status.message | grep 'Daemon is up and running'") 92 + host1.succeed("curl http://[::]:29184/protocols | jq -r .protocols.device1.state | grep 'up'") 93 + ''; 94 + }

+84

pkgs/servers/alice-lg/default.nix

··· 1 + { lib 2 + , fetchFromGitHub 3 + , buildGoModule 4 + , fetchYarnDeps 5 + , stdenv 6 + , yarn 7 + , nodejs 8 + , git 9 + , fixup_yarn_lock 10 + }: 11 + 12 + buildGoModule rec { 13 + pname = "alice-lg"; 14 + version = "6.0.0"; 15 + 16 + src = fetchFromGitHub { 17 + owner = "alice-lg"; 18 + repo = "alice-lg"; 19 + rev = version; 20 + hash = "sha256-BdhbHAFqyQc8UbVm6eakbVmLS5QgXhr06oxoc6vYtsM="; 21 + }; 22 + 23 + vendorSha256 = "sha256-SNF46uUTRCaa9qeGCfkHBjyo4BWOlpRaTDq+Uha08y8="; 24 + 25 + passthru.ui = stdenv.mkDerivation { 26 + pname = "alice-lg-ui"; 27 + src = "${src}/ui"; 28 + inherit version; 29 + 30 + yarnOfflineCache = fetchYarnDeps { 31 + yarnLock = src + "/ui/yarn.lock"; 32 + hash = "sha256-NeK9IM8E2IH09SVH9lMlV3taCmqwlroo4xzmv4Q01jI="; 33 + }; 34 + 35 + nativeBuildInputs = [ nodejs yarn git ]; 36 + configurePhase = '' 37 + runHook preConfigure 38 + 39 + # Yarn and bundler wants a real home directory to write cache, config, etc to 40 + export HOME=$NIX_BUILD_TOP/fake_home 41 + 42 + # Make yarn install packages from our offline cache, not the registry 43 + yarn config --offline set yarn-offline-mirror $yarnOfflineCache 44 + 45 + # Fixup "resolved"-entries in yarn.lock to match our offline cache 46 + ${fixup_yarn_lock}/bin/fixup_yarn_lock yarn.lock 47 + 48 + yarn install --offline --frozen-lockfile --ignore-scripts --no-progress --non-interactive 49 + patchShebangs node_modules/ 50 + runHook postConfigure 51 + ''; 52 + 53 + buildPhase = '' 54 + runHook preBuild 55 + 56 + ./node_modules/.bin/react-scripts build 57 + 58 + runHook postBuild 59 + ''; 60 + 61 + installPhase = '' 62 + runHook preInstall 63 + 64 + mv build $out 65 + 66 + runHook postInstall 67 + ''; 68 + }; 69 + 70 + preBuild = '' 71 + cp -R ${passthru.ui}/ ui/build/ 72 + ''; 73 + 74 + subPackages = [ "cmd/alice-lg" ]; 75 + doCheck = false; 76 + 77 + meta = with lib; { 78 + homepage = "https://github.com/alice-lg/alice-lg"; 79 + description = "A looking-glass for BGP sessions"; 80 + changelog = "https://github.com/alice-lg/alice-lg/blob/main/CHANGELOG.md"; 81 + license = licenses.bsd3; 82 + maintainers = with maintainers; [ janik ]; 83 + }; 84 + }

+28

pkgs/servers/birdwatcher/default.nix

··· 1 + { lib 2 + , fetchFromGitHub 3 + , buildGoModule 4 + }: 5 + 6 + buildGoModule rec { 7 + pname = "birdwatcher"; 8 + version = "2.2.4"; 9 + 10 + vendorSha256 = "sha256-NTD2pnA/GeTn4tXtIFJ227qjRtvBFCjWYZv59Rumc74="; 11 + 12 + src = fetchFromGitHub { 13 + owner = "alice-lg"; 14 + repo = "birdwatcher"; 15 + rev = version; 16 + hash = "sha256-nsmwq7aUcozpp3av38S9wTKv0kiGfmyglQgse9MWSl4="; 17 + }; 18 + 19 + deleteVendor = true; 20 + 21 + meta = with lib; { 22 + homepage = "https://github.com/alice-lg/birdwatcher"; 23 + description = "A small HTTP server meant to provide an API defined by Barry O'Donovan's birds-eye to the BIRD internet routing daemon"; 24 + changelog = "https://github.com/alice-lg/birdwatcher/blob/master/CHANGELOG"; 25 + license = licenses.bsd3; 26 + maintainers = with maintainers; [ janik ]; 27 + }; 28 + }

+4

pkgs/top-level/all-packages.nix

··· 1445 1445 1446 1446 albert = libsForQt5.callPackage ../applications/misc/albert { }; 1447 1447 1448 + alice-lg = callPackage ../servers/alice-lg{ }; 1449 + 1448 1450 alice-tools = callPackage ../tools/games/alice-tools { 1449 1451 withGUI = false; 1450 1452 }; ··· 25064 25066 bird = callPackage ../servers/bird { }; 25065 25067 25066 25068 bird-lg = callPackage ../servers/bird-lg { }; 25069 + 25070 + birdwatcher = callPackage ../servers/birdwatcher { }; 25067 25071 25068 25072 bloat = callPackage ../servers/bloat { }; 25069 25073