From 65144fbf3bdbab5e2ada2a0e51239edd579f25d9 Mon Sep 17 00:00:00 2001 From: Pim Kunis Date: Sat, 28 Dec 2024 19:00:27 +0100 Subject: [PATCH] nixos/bpfman: init module --- .../manual/release-notes/rl-2505.section.md | 2 + nixos/modules/module-list.nix | 1 + nixos/modules/services/system/bpfman.nix | 55 +++++++++++++++++++ nixos/tests/all-tests.nix | 1 + nixos/tests/bpfman.nix | 15 +++++ 5 files changed, 74 insertions(+) create mode 100644 nixos/modules/services/system/bpfman.nix create mode 100644 nixos/tests/bpfman.nix diff --git a/nixos/doc/manual/release-notes/rl-2505.section.md b/nixos/doc/manual/release-notes/rl-2505.section.md index 5079ca7414699b..5aa99f7df93b78 100644 --- a/nixos/doc/manual/release-notes/rl-2505.section.md +++ b/nixos/doc/manual/release-notes/rl-2505.section.md @@ -77,6 +77,8 @@ - [nvidia-gpu](https://github.com/utkuozdemir/nvidia_gpu_exporter), a Prometheus exporter that scrapes `nvidia-smi` for GPU metrics. Available as [services.prometheus.exporters.nvidia-gpu](#opt-services.prometheus.exporters.nvidia-gpu.enable). +- [bpfman](https://bpfman.io), an eBPF Manager for Linux and Kubernetes. Availalbe as [services.bpfman](#opt-services.bpfman.enable). + - [InputPlumber](https://github.com/ShadowBlip/InputPlumber/), an open source input router and remapper daemon for Linux. Available as [services.inputplumber](#opt-services.inputplumber.enable). - [Buffyboard](https://gitlab.postmarketos.org/postmarketOS/buffybox/-/tree/master/buffyboard), a framebuffer on-screen keyboard. Available as [services.buffyboard](option.html#opt-services.buffyboard). diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 92e8db5ee8e1c2..9c5ca64ef55c02 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -1380,6 +1380,7 @@ ./services/security/vaultwarden/default.nix ./services/security/yubikey-agent.nix ./services/system/automatic-timezoned.nix + ./services/system/bpfman.nix ./services/system/bpftune.nix ./services/system/cachix-agent/default.nix ./services/system/cachix-watch-store.nix diff --git a/nixos/modules/services/system/bpfman.nix b/nixos/modules/services/system/bpfman.nix new file mode 100644 index 00000000000000..63e250494d66fd --- /dev/null +++ b/nixos/modules/services/system/bpfman.nix @@ -0,0 +1,55 @@ +{ + config, + lib, + pkgs, + ... +}: +let + cfg = config.services.bpfman; + settingsFormat = pkgs.formats.toml { }; + + inherit (lib) + literalExpression + mkIf + mkOption + mkEnableOption + mkPackageOption + ; + + inherit (lib.types) submodule; +in +{ + options.services.bpfman = { + enable = mkEnableOption "bpfman"; + package = mkPackageOption pkgs "bpfman" { }; + + settings = mkOption { + type = submodule { + freeformType = settingsFormat.type; + }; + + default = { }; + + example = literalExpression '' + { + signing.allow_unsigned = true; + database.max_retries = 10; + } + ''; + + description = '' + Configuration for bpfman. + Supported options can be found at the [docs](https://bpfman.io/v0.5.4/developer-guide/configuration). + ''; + }; + }; + + config = mkIf cfg.enable { + environment = { + systemPackages = [ pkgs.bpfman ]; + etc."bpfman/bpfman.toml".source = settingsFormat.generate "bpfman.toml" cfg.settings; + }; + + systemd.packages = [ pkgs.bpfman ]; + }; +} diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index 2952c67d19c28e..9e6b66a9dead39 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -168,6 +168,7 @@ in { borgmatic = handleTest ./borgmatic.nix {}; botamusique = handleTest ./botamusique.nix {}; bpf = handleTestOn ["x86_64-linux" "aarch64-linux"] ./bpf.nix {}; + bpfman = runTest ./bpfman.nix; bpftune = handleTest ./bpftune.nix {}; breitbandmessung = handleTest ./breitbandmessung.nix {}; brscan5 = handleTest ./brscan5.nix {}; diff --git a/nixos/tests/bpfman.nix b/nixos/tests/bpfman.nix new file mode 100644 index 00000000000000..c15853465e8610 --- /dev/null +++ b/nixos/tests/bpfman.nix @@ -0,0 +1,15 @@ +{ pkgs, ... }: +{ + name = "bpfman"; + meta.maintainers = with pkgs.lib.maintainers; [ pizzapim ]; + + nodes.machine = + { ... }: + { + services.bpfman.enable = true; + }; + + testScript = '' + machine.succeed("bpfman list | grep Program") + ''; +}