Rudimentary support of VPP

nixos/modules/module-list.nix

@@ -1173,6 +1173,7 @@
   ./services/networking/zeronet.nix
   ./services/networking/zerotierone.nix
   ./services/networking/znc/default.nix
+  ./services/networking/vpp.nix
   ./services/printing/cupsd.nix
   ./services/printing/ipp-usb.nix
   ./services/printing/cups-pdf.nix

nixos/modules/services/networking/vpp.nix

@@ -0,0 +1,52 @@
+{ pkgs, config, lib, ... }:
+let
+  inherit (lib) mkEnableOption mkPackageOption mkIf types mkOption;
+  cfg = config.services.vpp;
+in
+{
+  options.services.vpp = {
+    enable = mkEnableOption ''
+      vector packet processing framework.
+
+      VPP replaces the Linux network stack by a userspace-based network stack,
+      driven by `vppctl`. You can enable the Linux Control Plane to continue
+      to interop with Linux APIs.
+    '';
+
+    package = mkPackageOption pkgs "vpp" { };
+
+    configFile = mkOption {
+      type = types.path;
+      description = "VPP configuration file for startup";
+    };
+  };
+
+  config = mkIf cfg.enable {
+    users.groups.vpp = {};
+    environment.systemPackages = [ cfg.package ];
+    boot.kernel.sysctl = {
+     "vm.nr_hugepages" = lib.mkDefault 1024;
+     "max_map_count" = lib.mkDefault 3096;
+     "hugetlb_shm_group" = lib.mkDefault 0;
+      # Assert that shm max ≥ total size of hugepages.
+      "shmmax" = lib.mkDefault 2147483648;
+    };
+    systemd.services.vpp = {
+      description = "Vector Packet Processing process";
+      after = [ "syslog.target" "network.target" "auditd.service" ];
+      serviceConfig = {
+        ExecStartPre = [
+          "-${pkgs.coreutils}/bin/rm -f /dev/shm/db /dev/shm/global_vm /dev/shm/vpe-api"
+          "-/run/current-system/sw/bin/modprobe uio_pci_generic"
+        ];
+
+        ExecStart = "${cfg.package}/bin/vpp -c ${cfg.configFile}";
+        Type = "simple";
+        Restart = "on-failure";
+        RestartSec = "5s";
+        RuntimeDirectory = "vpp";
+      };
+      wantedBy = [ "multi-user.target" ];
+    };
+  };
+}

nixos/tests/all-tests.nix

@@ -957,6 +957,7 @@ in {
   vscode-remote-ssh = handleTestOn ["x86_64-linux"] ./vscode-remote-ssh.nix {};
   vscodium = discoverTests (import ./vscodium.nix);
   vsftpd = handleTest ./vsftpd.nix {};
+  vpp = handleTest ./vpp.nix { };
   warzone2100 = handleTest ./warzone2100.nix {};
   wasabibackend = handleTest ./wasabibackend.nix {};
   watchdogd = handleTest ./watchdogd.nix {};

nixos/tests/vpp.nix

@@ -0,0 +1,38 @@
+import ./make-test-python.nix ({ pkgs, lib, ... }:
+{
+  name = "vpp";
+
+  meta = with pkgs.lib.maintainers; {
+    maintainers = [ raitobezarius ];
+  };
+
+  nodes = {
+    node = { ... }: {
+      # Clearly, VPP is hungry of hugepages…
+      virtualisation.memorySize = 4096;
+      services.vpp = {
+        enable = true;
+        configFile = pkgs.writeText "startup.conf" ''
+          unix {
+            nodaemon
+            nosyslog
+            full-coredump
+            cli-listen /run/vpp/cli.sock
+          }
+
+          api-trace {
+            on
+          }
+        '';
+      };
+    };
+  };
+
+  testScript = ''
+    start_all()
+    node.wait_for_unit("multi-user.target")
+    node.wait_for_unit("vpp.service")
+    node.succeed("vppctl show version | grep -i nixos")
+    node.succeed("vppctl show interface | grep -i local0")
+  '';
+})

pkgs/by-name/vp/vpp/package.nix

@@ -0,0 +1,96 @@
+{ lib
+, stdenv
+, fetchFromGitHub
+, cmake
+, openssl
+, python3
+, subunit
+, dpdk
+, mbedtls_2
+, rdma-core
+, libnl
+, libmnl
+, libpcap
+, check
+, fetchpatch
+}:
+
+stdenv.mkDerivation rec {
+  pname = "vpp";
+  version = "23.10";
+
+  src = fetchFromGitHub {
+    owner = "FDio";
+    repo = "vpp";
+    rev = "v${version}";
+    hash = "sha256-YcDMDHvKIL2tOD98hTcuyQrL5pk80olYKNWiN+BA49U=";
+  };
+
+  patches = [
+    # Important fix part of 24.02 for the Linux Control Plane.
+    (fetchpatch {
+      name = "fix-looping-netlink-messages.patch";
+      url = "https://gerrit.fd.io/r/changes/vpp~39622/revisions/9/patch?download";
+      decode = "base64 -d";
+      stripLen = 1;
+      hash = "sha256-0ZDKJgXrmTzlVSSapdEoP27znKuWUrnjTXZZ4JrximA=";
+    })
+# Does not apply cleanly.
+#    (fetchpatch {
+#      name = "fix-optional-labels-for-prometheus.patch";
+#      url = "https://gerrit.fd.io/r/changes/vpp~40199/revisions/4/patch?download";
+#      decode = "base64 -d";
+#      stripLen = 1;
+#      hash = "sha256-exuR4DucNtER2t1ecsjuNxzmhfZkhx6ABeeXmf/qQ4U=";
+#    })
+  ];
+
+  postPatch = ''
+    patchShebangs scripts/
+    substituteInPlace CMakeLists.txt \
+      --replace "plugins tools/vppapigen tools/g2 tools/perftool cmake pkg" "plugins tools/vppapigen tools/g2 tools/perftool cmake"
+  '';
+
+  preConfigure = ''
+    echo "${version}-nixos" > scripts/.version
+    scripts/version
+  '';
+
+  postConfigure = ''
+    patchShebangs ../tools/
+    patchShebangs ../vpp-api/
+  '';
+
+  sourceRoot = "source/src";
+
+  cmakeFlags = [ "-DVPP_PLATFORM=default" ];
+
+  # A bunch of GCC13 warnings I suppose.
+  env.NIX_CFLAGS_COMPILE = "-Wno-array-bounds -Wno-error";
+
+  nativeBuildInputs = [
+    cmake
+  ];
+
+  buildInputs = [
+    openssl
+    subunit
+    dpdk
+    rdma-core
+    mbedtls_2
+    check
+    libnl
+    libmnl
+    libpcap
+    (python3.withPackages (ps: [ ps.ply ]))
+  ];
+
+  meta = with lib; {
+    description = "";
+    homepage = "https://github.com/FDio/vpp";
+    license = licenses.asl20;
+    maintainers = with maintainers; [ raitobezarius ];
+    mainProgram = "vpp";
+    platforms = platforms.all;
+  };
+}