From 53cd892531be264700fb788672d546a86ad698ac Mon Sep 17 00:00:00 2001
From: Astro <astro@spaceboyz.net>
Date: Tue, 11 Jan 2022 20:00:07 +0100
Subject: [PATCH] nixos-module/container/bird: advertise upstream local subnet
 into ospf

---
 nix/nixos-module/container/bird.nix | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/nix/nixos-module/container/bird.nix b/nix/nixos-module/container/bird.nix
index 01af2ca..318dab3 100644
--- a/nix/nixos-module/container/bird.nix
+++ b/nix/nixos-module/container/bird.nix
@@ -69,6 +69,26 @@ in
       protocol device {
         scan time 10;
       }
+      ${lib.optionalString isUpstream ''
+        # Import address ranges of upstream interfaces so that
+        # internal traffic to local public services take no detours
+        # if the default router takes another upstream gateway.
+        protocol direct {
+          ipv4 {
+            # No RFC6598
+            import where net !~ 100.64.0.0/10
+              # No RFC1918
+              && net !~ 10.0.0.0/8
+              && net !~ 172.16.0.0/12
+              && net !~ 192.168.0.0/16;
+          };
+          ipv6;
+          interface ${lib.concatMapStringsSep ", " (iface:
+            ''"${iface}"''
+          )(builtins.attrNames upstreamInterfaces)};
+          check link yes;
+        }
+      ''}
 
       ${lib.optionalString (builtins.match "anon.*" hostName != null) ''
         # BIRD routing table for Wireguard transport