document histograms, add doh upstream test (#73)

Also fixes #74

.github/workflows/test-nix.yml

@@ -15,9 +15,18 @@ jobs:
     - uses: actions/checkout@v2
     - uses: cachix/install-nix-action@v22
       with:
-        nix_path: nixpkgs=channel:nixos-23.05
+        nix_path: nixpkgs=channel:nixos-24.05
         github_access_token: ${{ secrets.GITHUB_TOKEN }}
-
+
+    - name: Enable KVM group perms (for NixOS tests)
+      run: |
+        echo 'KERNEL=="kvm", GROUP="kvm", MODE="0666", OPTIONS+="static_node=kvm"' | sudo tee /etc/udev/rules.d/99-kvm4all.rules
+        sudo udevadm control --reload-rules
+        sudo udevadm trigger --name-match=kvm
+        sudo apt-get update
+        sudo apt-get install -y libvirt-clients libvirt-daemon-system libvirt-daemon virtinst bridge-utils qemu qemu-system-x86
+        sudo usermod -a -G kvm,libvirt $USER
+
     - run: nix build . --show-trace
 
     - run: nix flake check

api.go

@@ -10,6 +10,7 @@ import (
 	"path/filepath"
 	"strconv"
 	"strings"
+	"time"
 
 	"github.com/gin-gonic/gin"
 	"gopkg.in/gin-contrib/cors.v1"
@@ -48,8 +49,9 @@ func StartAPIServer(config *Config,
 	}
 
 	server := &http.Server{
-		Addr:    config.API,
-		Handler: router,
+		Addr:              config.API,
+		Handler:           router,
+		ReadHeaderTimeout: time.Duration(config.Timeout) * time.Second,
 	}
 
 	router.Use(cors.Default())

doc/src/Configuration.md

@@ -109,6 +109,7 @@ customdnsrecords = [
     path = "/metrics"
     # see https://cottand.github.io/leng/Prometheus-Metrics.html
     highCardinalityEnabled = false
+    histogramsEnabled = false
     resetPeriodMinutes = 60
 
 [DnsOverHttpServer]

doc/src/Prometheus-Metrics.md

@@ -22,7 +22,7 @@ size of the `/metrics`
 response will grow to be so big the metrics stop being updated.
 While resetting the counters periodically can help
 (and you can tweak that with the config `Metrics.resetPeriodMinutes`)
-but you might still see issues depending on your traffic.
+you might still see issues depending on your traffic.
 You can
 read [this SO post](https://stackoverflow.com/questions/46373442/how-dangerous-are-high-cardinality-labels-in-prometheus)
 to learn more.
@@ -38,4 +38,18 @@ with the following config:
 enabled = true
 path = "/metrics"
 highCardinalityEnabled = true
-```
+```
+
+## Histogram metrics
+
+Histogram metrics are not unbounded and usually will not be as high-cardinality as the metrics discussed above,
+but you should still expect them to have some impact on leng's the memory footprint.
+
+You can enable them with:
+
+```toml
+[Metrics]
+enabled = true
+path = "/metrics"
+histogramsEnabled = true
+```

flake.nix

@@ -73,6 +73,7 @@
           metrics-api = pkgs.callPackage ./nixos-tests/metrics-api.nix { inherit self; };
           systemctl-start = pkgs.callPackage ./nixos-tests/systemctl-start.nix { inherit self; };
           custom-dns = pkgs.callPackage ./nixos-tests/custom-dns.nix { inherit self; };
+          doh-upstream = pkgs.callPackage ./nixos-tests/doh-upstream.nix { inherit self; };
         };
 
       }))

nixos-tests/doh-upstream.nix

@@ -0,0 +1,46 @@
+{ self, pkgs, home-manager, ... }:
+let
+  nixpkgs = self.inputs.nixpkgs;
+in
+(nixpkgs.lib.nixos.runTest {
+  hostPkgs = pkgs;
+  defaults.documentation.enable = false;
+  node.specialArgs = { inherit self; };
+
+  name = "leng-custom-dns";
+
+  nodes = {
+    server = { config, pkgs, ... }: {
+      imports = [ self.nixosModules.default ];
+      # Open the default port for `postgrest` in the firewall
+      networking.firewall.allowedUDPPorts = [ 53 ];
+      networking.firewall.allowedTCPPorts = [ 80 ];
+
+      services.leng.enable = true;
+      services.leng.configuration = {
+        blocking.sourcesStore = "/tmp";
+        customdnsrecords = [];
+        upstream.DoH = "";
+        DnsOverHttpServer.enabled = true;
+      };
+    };
+
+    client = { pkgs, ... }: {
+      environment.systemPackages = [ pkgs.dig pkgs.curl ];
+    };
+  };
+
+  testScript =
+    ''
+      start_all()
+
+      server.wait_for_unit("leng", timeout=10)
+      server.wait_for_open_port(80, timeout=10)
+
+      client.succeed(
+        'curl -vH "accept: application/dns-json" "http://server/dns-query?dns=AAABAAABAAAAAAAAA3d3dwdleGFtcGxlA2NvbQAAAQAB"',
+        timeout=10,
+      )
+    '';
+
+}).config.result

nixos-tests/systemctl-start.nix

@@ -15,7 +15,7 @@ in
 
       services.leng.enable = true;
       services.leng.configuration = {
-        blocking.sourcesStore="/tmp";
+        blocking.sourcesStore = "/tmp";
       };
     };