c3d2/nix-config
c3d2
/
nix-config
24
7
Fork 3
Code Issues 12 Pull Requests 2 Releases Wiki Activity

freifunk: add upstreams through separate table

This commit is contained in:
Astro 2022-03-22 21:52:48 +01:00
parent 3391956bbf
commit 1c3f457850
1 changed files with 71 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

84
hosts/containers/freifunk/default.nix
View File

@ -2,7 +2,8 @@
let
inherit (zentralwerk.lib.config.site.net) core;
coreAddress = core.hosts4.${config.networking.hostName};
inherit (config.networking) hostName;
coreAddress = core.hosts4.${hostName};
meshInterface = "bmx";
meshLoopback = "bmx_prime";
ddmeshRegisterUrl = "https://register.freifunk-dresden.de/bot.php";
@ -13,6 +14,10 @@ let
rt_table_nets = rt_table_hosts + 1;
rt_table_tuns = rt_table_hosts + 2;
sysinfo-json = import ./sysinfo-json.nix { inherit pkgs ddmeshNode; };
upstreams = [ "upstream4" "upstream3" "upstream1" ];
upstreamMark = 3;
rt_table_upstream = 100;
in {
imports = [
"${modulesPath}/profiles/minimal.nix"
@ -61,6 +66,7 @@ in {
networking.iproute2 = {
enable = true;
rttablesExtraConfig = ''
${toString rt_table_upstream} upstream
${toString rt_table_hosts} bmx_hosts
${toString rt_table_nets} bmx_nets
${toString rt_table_tuns} bmx_tuns
@ -105,21 +111,35 @@ in {
};
}];
};
"12-vpn6" = {
enable = true;
matchConfig.Name = "vpn6";
addresses = [{
addressConfig = {
Address = "10.203.${ddmeshAddrPart}/16";
Broadcast = "10.203.255.255";
};
}];
};
# ZW
"20-core" = {
enable = true;
matchConfig = { Name = "core"; };
addresses = map (Address: { addressConfig = { inherit Address; }; }) [
"${coreAddress}/${toString core.subnet4Len}"
"2a00:8180:2c00:281:8000::1/64"
"fd23:42:c3d2:581:8000::1/64"
];
# routes = map (Gateway: { routeConfig = { inherit Gateway; }; }) [
# # upstream1
# "2a00:8180:2c00:281::b:0"
# # anon1
# "172.20.72.7"
# ];
addresses = map (Address: { addressConfig = { inherit Address; }; }) (
[
"${coreAddress}/${toString core.subnet4Len}"
] ++
map (hosts6: "${hosts6.${hostName}}/64") (
builtins.attrValues core.hosts6
)
);
routingPolicyRules = [ {
# Marked wireguard packets take the upstream routing table
routingPolicyRuleConfig = {
Table = rt_table_upstream;
FirewallMark = upstreamMark;
};
} ];
};
};
};
@ -187,6 +207,17 @@ in {
export all;
};
}
# BIRD routing table for Wireguard transport
ipv4 table upstream4_table;
# Kernel routing table for Wireguard transport
protocol kernel upstream4 {
kernel table ${toString rt_table_upstream};
ipv4 {
export all;
table upstream4_table;
};
}
protocol kernel K6 {
ipv6 {
export all;
@ -225,6 +256,8 @@ in {
area 0 {
stubnet 10.200.0.0/15;
interface "core" {
hello 10;
wait 20;
authentication cryptographic;
password "${pkgs.zentralwerk-ospf-message-digest-key}";
};
@ -236,7 +269,9 @@ in {
export where net = 0.0.0.0/0;
};
area 0 {
interface "core" instance 6 {
interface "core" instance ${toString zentralwerk.lib.config.site.hosts.freifunk.ospf.upstreamInstance} {
hello 10;
wait 20;
authentication cryptographic;
password "${pkgs.zentralwerk-ospf-message-digest-key}";
};
@ -249,12 +284,35 @@ in {
};
area 0 {
interface "core" {
hello 10;
wait 20;
authentication cryptographic;
password "${pkgs.zentralwerk-ospf-message-digest-key}";
};
};
}
${lib.concatStrings (lib.imap0 (i: upstream: ''
# OSPFv2 to receive a default route from ${upstream}
protocol ospf v2 ZW4_${upstream} {
ipv4 {
import filter {
preference = preference + ${toString (200 - i)};
accept;
};
table upstream4_table;
};
area 0 {
interface "core" instance ${toString zentralwerk.lib.config.site.hosts.${upstream}.ospf.upstreamInstance} {
hello 10;
wait 20;
authentication cryptographic;
password "${pkgs.zentralwerk-ospf-message-digest-key}";
};
};
};
'') upstreams)}
router id ${coreAddress};
'';
};