freifunk: add upstreams through separate table
This commit is contained in:
parent
3391956bbf
commit
1c3f457850
|
@ -2,7 +2,8 @@
|
|||
|
||||
let
|
||||
inherit (zentralwerk.lib.config.site.net) core;
|
||||
coreAddress = core.hosts4.${config.networking.hostName};
|
||||
inherit (config.networking) hostName;
|
||||
coreAddress = core.hosts4.${hostName};
|
||||
meshInterface = "bmx";
|
||||
meshLoopback = "bmx_prime";
|
||||
ddmeshRegisterUrl = "https://register.freifunk-dresden.de/bot.php";
|
||||
|
@ -13,6 +14,10 @@ let
|
|||
rt_table_nets = rt_table_hosts + 1;
|
||||
rt_table_tuns = rt_table_hosts + 2;
|
||||
sysinfo-json = import ./sysinfo-json.nix { inherit pkgs ddmeshNode; };
|
||||
|
||||
upstreams = [ "upstream4" "upstream3" "upstream1" ];
|
||||
upstreamMark = 3;
|
||||
rt_table_upstream = 100;
|
||||
in {
|
||||
imports = [
|
||||
"${modulesPath}/profiles/minimal.nix"
|
||||
|
@ -61,6 +66,7 @@ in {
|
|||
networking.iproute2 = {
|
||||
enable = true;
|
||||
rttablesExtraConfig = ''
|
||||
${toString rt_table_upstream} upstream
|
||||
${toString rt_table_hosts} bmx_hosts
|
||||
${toString rt_table_nets} bmx_nets
|
||||
${toString rt_table_tuns} bmx_tuns
|
||||
|
@ -105,21 +111,35 @@ in {
|
|||
};
|
||||
}];
|
||||
};
|
||||
"12-vpn6" = {
|
||||
enable = true;
|
||||
matchConfig.Name = "vpn6";
|
||||
addresses = [{
|
||||
addressConfig = {
|
||||
Address = "10.203.${ddmeshAddrPart}/16";
|
||||
Broadcast = "10.203.255.255";
|
||||
};
|
||||
}];
|
||||
};
|
||||
# ZW
|
||||
"20-core" = {
|
||||
enable = true;
|
||||
matchConfig = { Name = "core"; };
|
||||
addresses = map (Address: { addressConfig = { inherit Address; }; }) [
|
||||
addresses = map (Address: { addressConfig = { inherit Address; }; }) (
|
||||
[
|
||||
"${coreAddress}/${toString core.subnet4Len}"
|
||||
"2a00:8180:2c00:281:8000::1/64"
|
||||
"fd23:42:c3d2:581:8000::1/64"
|
||||
];
|
||||
# routes = map (Gateway: { routeConfig = { inherit Gateway; }; }) [
|
||||
# # upstream1
|
||||
# "2a00:8180:2c00:281::b:0"
|
||||
# # anon1
|
||||
# "172.20.72.7"
|
||||
# ];
|
||||
] ++
|
||||
map (hosts6: "${hosts6.${hostName}}/64") (
|
||||
builtins.attrValues core.hosts6
|
||||
)
|
||||
);
|
||||
routingPolicyRules = [ {
|
||||
# Marked wireguard packets take the upstream routing table
|
||||
routingPolicyRuleConfig = {
|
||||
Table = rt_table_upstream;
|
||||
FirewallMark = upstreamMark;
|
||||
};
|
||||
} ];
|
||||
};
|
||||
};
|
||||
};
|
||||
|
@ -187,6 +207,17 @@ in {
|
|||
export all;
|
||||
};
|
||||
}
|
||||
# BIRD routing table for Wireguard transport
|
||||
ipv4 table upstream4_table;
|
||||
|
||||
# Kernel routing table for Wireguard transport
|
||||
protocol kernel upstream4 {
|
||||
kernel table ${toString rt_table_upstream};
|
||||
ipv4 {
|
||||
export all;
|
||||
table upstream4_table;
|
||||
};
|
||||
}
|
||||
protocol kernel K6 {
|
||||
ipv6 {
|
||||
export all;
|
||||
|
@ -225,6 +256,8 @@ in {
|
|||
area 0 {
|
||||
stubnet 10.200.0.0/15;
|
||||
interface "core" {
|
||||
hello 10;
|
||||
wait 20;
|
||||
authentication cryptographic;
|
||||
password "${pkgs.zentralwerk-ospf-message-digest-key}";
|
||||
};
|
||||
|
@ -236,7 +269,9 @@ in {
|
|||
export where net = 0.0.0.0/0;
|
||||
};
|
||||
area 0 {
|
||||
interface "core" instance 6 {
|
||||
interface "core" instance ${toString zentralwerk.lib.config.site.hosts.freifunk.ospf.upstreamInstance} {
|
||||
hello 10;
|
||||
wait 20;
|
||||
authentication cryptographic;
|
||||
password "${pkgs.zentralwerk-ospf-message-digest-key}";
|
||||
};
|
||||
|
@ -249,12 +284,35 @@ in {
|
|||
};
|
||||
area 0 {
|
||||
interface "core" {
|
||||
hello 10;
|
||||
wait 20;
|
||||
authentication cryptographic;
|
||||
password "${pkgs.zentralwerk-ospf-message-digest-key}";
|
||||
};
|
||||
};
|
||||
}
|
||||
|
||||
${lib.concatStrings (lib.imap0 (i: upstream: ''
|
||||
# OSPFv2 to receive a default route from ${upstream}
|
||||
protocol ospf v2 ZW4_${upstream} {
|
||||
ipv4 {
|
||||
import filter {
|
||||
preference = preference + ${toString (200 - i)};
|
||||
accept;
|
||||
};
|
||||
table upstream4_table;
|
||||
};
|
||||
area 0 {
|
||||
interface "core" instance ${toString zentralwerk.lib.config.site.hosts.${upstream}.ospf.upstreamInstance} {
|
||||
hello 10;
|
||||
wait 20;
|
||||
authentication cryptographic;
|
||||
password "${pkgs.zentralwerk-ospf-message-digest-key}";
|
||||
};
|
||||
};
|
||||
};
|
||||
'') upstreams)}
|
||||
|
||||
router id ${coreAddress};
|
||||
'';
|
||||
};
|
||||
|
|
Loading…
Reference in New Issue