forked from zentralwerk/network
nixos-module/container/bird: don't export local nets as stubnets but
learn from kernel
This commit is contained in:
parent
627c51e745
commit
761136bc61
|
@ -44,7 +44,19 @@ in
|
|||
''
|
||||
else ''
|
||||
export all;
|
||||
import filter {
|
||||
${lib.concatMapStrings (net:
|
||||
lib.optionalString (
|
||||
config.site.net.${net}.subnet4 or null != null
|
||||
) ''
|
||||
if net ~ [ ${config.site.net.${net}.subnet4} ] then {
|
||||
# Learn route of local network ${net}
|
||||
accept;
|
||||
}
|
||||
'') (builtins.attrNames hostConf.interfaces)}
|
||||
''}
|
||||
reject;
|
||||
};
|
||||
};
|
||||
}
|
||||
protocol kernel K6 {
|
||||
|
@ -59,6 +71,18 @@ in
|
|||
''
|
||||
else ''
|
||||
export all;
|
||||
import filter {
|
||||
${lib.concatMapStrings (net:
|
||||
lib.optionalString (
|
||||
config.site.net.${net}.subnet4 or null != null
|
||||
) ''
|
||||
if net ~ [ ${config.site.net.${net}.subnet4} ] then {
|
||||
# Learn route of local network ${net}
|
||||
accept;
|
||||
}
|
||||
'') (builtins.attrNames hostConf.interfaces)}
|
||||
reject;
|
||||
};
|
||||
''}
|
||||
};
|
||||
}
|
||||
|
@ -138,9 +162,7 @@ in
|
|||
${builtins.concatStringsSep "\n" (
|
||||
builtins.attrValues (
|
||||
builtins.mapAttrs (net: _:
|
||||
# Enable OSPF only on networks with a secret. Others
|
||||
# are treated as a stubnet whose routes to
|
||||
# advertise.
|
||||
# Enable OSPF only on networks with a secret.
|
||||
if config.site.net ? "${net}" && config.site.net.${net}.ospf.secret != null
|
||||
then ''
|
||||
interface "${net}" {
|
||||
|
@ -151,11 +173,6 @@ in
|
|||
password "${config.site.net.${net}.ospf.secret}";
|
||||
};
|
||||
''
|
||||
else if config.site.net ? "${net}" && config.site.net.${net}.subnet4 != null
|
||||
then ''
|
||||
# Advertise route of network ${net}
|
||||
stubnet ${config.site.net.${net}.subnet4} {};
|
||||
''
|
||||
else ""
|
||||
) hostConf.interfaces
|
||||
)
|
||||
|
@ -255,9 +272,7 @@ in
|
|||
${builtins.concatStringsSep "\n" (
|
||||
builtins.attrValues (
|
||||
builtins.mapAttrs (net: _:
|
||||
# Enable OSPF only on networks with a secret. Others
|
||||
# are treated as a stubnet whose routes to
|
||||
# advertise.
|
||||
# Enable OSPF only on networks with a secret.
|
||||
if config.site.net.${net}.ospf.secret != null
|
||||
then ''
|
||||
interface "${net}" {
|
||||
|
@ -268,12 +283,7 @@ in
|
|||
password "${config.site.net.${net}.ospf.secret}";
|
||||
};
|
||||
''
|
||||
else builtins.concatStringsSep "\n" (
|
||||
map (subnet6: ''
|
||||
# Advertise route of network ${net}
|
||||
stubnet ${subnet6} {};
|
||||
'') (builtins.attrValues config.site.net.${net}.subnets6)
|
||||
)
|
||||
else ""
|
||||
) hostConf.physicalInterfaces
|
||||
)
|
||||
)}
|
||||
|
|
Loading…
Reference in New Issue