Initial Commit

NuschtOS · Nov 10, 2024 · 18d73c2 · 18d73c2
commit 18d73c2
Show file tree

Hide file tree

Showing 9 changed files with 303 additions and 0 deletions.
diff --git a/.editorconfig b/.editorconfig
@@ -0,0 +1,21 @@
+root = true
+
+[*]
+charset = utf-8
+end_of_line = lf
+indent_size = 2
+indent_style = space
+insert_final_newline = true
+trim_trailing_whitespace = true
+
+[*.{diff,patch}]
+end_of_line = unset
+insert_final_newline = unset
+trim_trailing_whitespace = unset
+
+[*.ts]
+quote_type = single
+
+[Makefile]
+indent_size = 1
+indent_style = tab
diff --git a/.github/workflows/deadnix.yaml b/.github/workflows/deadnix.yaml
@@ -0,0 +1,21 @@
+name: "deadnix"
+
+on:
+  push:
+    branches: [ main ]
+    tags: [ '*' ]
+  pull_request:
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+jobs:
+  deadnix:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: cachix/install-nix-action@v30
+      - uses: astro/deadnix-action@main
+        with:
+          flags: "-l"
diff --git a/.github/workflows/flake-check.yaml b/.github/workflows/flake-check.yaml
@@ -0,0 +1,19 @@
+name: "flake check"
+
+on:
+  push:
+    branches: [ main ]
+    tags: [ '*' ]
+  pull_request:
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: cachix/install-nix-action@v30
+      - run: nix flake check
diff --git a/.github/workflows/template-sync.yaml b/.github/workflows/template-sync.yaml
@@ -0,0 +1,24 @@
+name: "Sync template"
+on:
+  schedule:
+  - cron:  "0 0 1 * *"
+  workflow_dispatch:
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  repo-sync:
+    if: github.repository != 'NuschtOS/template'
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          token: ${{ secrets.GH_TOKEN_FOR_UPDATES }}
+      - uses: AndreasAugustin/actions-template-sync@v2
+        with:
+          # required to update github workflow files
+          github_token: ${{ secrets.GH_TOKEN_FOR_UPDATES }}
+          pr_commit_msg: Merge template changes
+          source_repo_path: NuschtOS/template
diff --git a/README.md b/README.md
@@ -0,0 +1 @@
+# bird.nix
diff --git a/checks/bird.nix b/checks/bird.nix
@@ -0,0 +1,126 @@
+{ self, pkgs, ... }:
+
+let
+  makeBird2Host = hostId: { pkgs, ... }: {
+    imports = [
+      self.nixosModules.default
+    ];
+
+    virtualisation.vlans = [ 1 ];
+
+    environment.systemPackages = with pkgs; [ jq ];
+
+    networking = {
+      useNetworkd = true;
+      useDHCP = false;
+      firewall.enable = false;
+    };
+
+    systemd.network.networks."01-eth1" = {
+      name = "eth1";
+      networkConfig.Address = "10.0.0.${hostId}/24";
+    };
+
+    services.bird2 = {
+      enable = true;
+
+      routerId = "10.0.0.${hostId}";
+
+      config = ''
+        log syslog all;
+
+        debug protocols all;
+      '';
+
+      preCheckConfig = ''
+        echo "route 1.2.3.4/32 blackhole;" > static4.conf
+        echo "route fd00::/128 blackhole;" > static6.conf
+      '';
+
+      protocols = {
+        device = "";
+
+        "kernel kernel4" = ''
+          ipv4 {
+            import none;
+            export all;
+          };
+        '';
+
+        "static static4" = ''
+          ipv4;
+          include "static4.conf";
+        '';
+
+        "ospf v2 ospf4" = ''
+          ipv4 {
+            export all;
+          };
+          area 0 {
+            interface "eth1" {
+              hello 5;
+              wait 5;
+            };
+          };
+        '';
+
+        "kernel kernel6" = ''
+          ipv6 {
+            import none;
+            export all;
+          };
+        '';
+
+        "static static6" = ''
+          ipv6;
+          include "static6.conf";
+        '';
+
+        "ospf v3 ospf6" = ''
+          ipv6 {
+            export all;
+          };
+          area 0 {
+            interface "eth1" {
+              hello 5;
+              wait 5;
+            };
+          };
+        '';
+      };
+    };
+
+    systemd.tmpfiles.rules = [
+      "f /etc/bird/static4.conf - - - - route 10.10.0.${hostId}/32 blackhole;"
+      "f /etc/bird/static6.conf - - - - route fdff::${hostId}/128 blackhole;"
+    ];
+  };
+in
+pkgs.nixosTest {
+  name = "bird2";
+
+  nodes.host1 = makeBird2Host "1";
+  nodes.host2 = makeBird2Host "2";
+
+  testScript = ''
+    start_all()
+
+    host1.wait_for_unit("bird2.service")
+    host2.wait_for_unit("bird2.service")
+    host1.succeed("systemctl reload bird2.service")
+
+    with subtest("Waiting for advertised IPv4 routes"):
+      host1.wait_until_succeeds("ip --json r | jq -e 'map(select(.dst == \"10.10.0.2\")) | any'")
+      host2.wait_until_succeeds("ip --json r | jq -e 'map(select(.dst == \"10.10.0.1\")) | any'")
+    with subtest("Waiting for advertised IPv6 routes"):
+      host1.wait_until_succeeds("ip --json -6 r | jq -e 'map(select(.dst == \"fdff::2\")) | any'")
+      host2.wait_until_succeeds("ip --json -6 r | jq -e 'map(select(.dst == \"fdff::1\")) | any'")
+
+    with subtest("Check fake routes in preCheckConfig do not exists"):
+      host1.fail("ip --json r | jq -e 'map(select(.dst == \"1.2.3.4\")) | any'")
+      host2.fail("ip --json r | jq -e 'map(select(.dst == \"1.2.3.4\")) | any'")
+
+      host1.fail("ip --json -6 r | jq -e 'map(select(.dst == \"fd00::\")) | any'")
+      host2.fail("ip --json -6 r | jq -e 'map(select(.dst == \"fd00::\")) | any'")
+  '';
+}
diff --git a/flake.lock b/flake.lock
diff --git a/flake.nix b/flake.nix
@@ -0,0 +1,32 @@
+{
+  inputs = {
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05";
+  };
+
+  outputs = { self, nixpkgs, ... }:
+    let
+      systems = [
+        "x86_64-linux"
+        # "aarch64-linux"
+      ];
+
+    in
+    {
+      nixosModules = rec {
+        bird = ./modules;
+        default = bird;
+      };
+
+      checks = builtins.listToAttrs (map
+        (system: {
+          name = system;
+          value = {
+            bird = import ./checks/bird.nix {
+              inherit self;
+              pkgs = nixpkgs.legacyPackages.${system};
+            };
+          };
+        })
+        systems);
+    };
+}
diff --git a/modules/default.nix b/modules/default.nix
@@ -0,0 +1,32 @@
+{ config, lib, ... }:
+let
+  cfg = config.services.bird2;
+in
+{
+  options.services.bird2 = {
+    routerId = lib.mkOption {
+      type = lib.types.str;
+      description = "The router ID is a world-wide unique identification of your router, usually one of router's IPv4 addresses.";
+    };
+
+    protocols = lib.mkOption {
+      type = with lib.types; attrsOf str;
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    services.bird2 = {
+      config = ''
+        router id ${cfg.routerId};
+
+        ${builtins.concatStringsSep "\n" (builtins.attrValues
+          (builtins.mapAttrs
+            (name: conf: ''
+              protocol ${name} {
+                ${conf}
+              }
+            '') cfg.protocols))}
+      '';
+    };
+  };
+}