129 lines
4.0 KiB
Nix
129 lines
4.0 KiB
Nix
|
{ pkgs, hostName, config, hostConfig
|
||
|
, sortBy, sortNetsByVlan
|
||
|
, ... }:
|
||
|
with pkgs;
|
||
|
with lib;
|
||
|
let
|
||
|
configFile = builtins.toFile "junos.config" ''
|
||
|
system {
|
||
|
host-name ${hostName};
|
||
|
time-zone Europe/Berlin;
|
||
|
root-authentication {
|
||
|
encrypted-password "$5$EBmFELmv$kQxtWwS0SBS.TqVPRvs8sKpH./l9DTtTxX/I2FJB2n2"; ## SECRET-DATA
|
||
|
}
|
||
|
login {
|
||
|
user root {
|
||
|
class super-user;
|
||
|
authentication {
|
||
|
ssh-rsa "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDOFs2LdK23ysS0SSkXZuULUOCZHe1ZxvfOKj002J6rkvAaDLar9g5aKuiIV70ZR33A2rchoLMiM4pLLwoSAPJg1FgIgJjU+DFoWtiW+IjzKXdHHVspb2iOIhpfbfk8WC5HZ/6fPz4RUqadGQ43ImnMhSN0ge3s/oM48hpc96ne6tH+mGiugdPx8097NE9yTqJHi8deBhi3daeJH4eQeg66Fi+kDIAZv5TJ0Oca5h7PBd253/vf3l21jRH8u1D1trALv9KStGycTk5Nwih+OHx+Rnvue/B/nxgAz4I3mmQa+jhRlGaQVG0MtOBRY3Ae7ZNqhjuefDUCM2hwG70toU9xDUw0AihC2ownY+P2PjssoG1O8f/D7ilw7qrXJHEeM8HwzqMH8X4ELYHaHTwjeWfZTTFev1Djr969LjdS1UZzqCZHO0jmQ5Pa3eXw8xcoprtt620kYLTKSMs6exLstE48o57Yqfn+eTJDy7EkcjiLN6GNIi42b9Z73xXNpZx1WR9O6OulJf/6pWgrApasvxiGmxxILq98s1/VnZkOFXR8JXnpvKHEIOIr3bFQu3GLCrzY2Yuh4NL5wy6lcZNTr/0rr6AO24IbEWM7TApbXnKA5XQhAbThrVsuFBdT3+bBP2nedvWQ0W+Q6SUf+8T2o5InnFqs5ABnTixBItiWw+9BiQ== root@server1"; ## SECRET-DATA
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
services {
|
||
|
ssh {
|
||
|
root-login allow;
|
||
|
}
|
||
|
netconf {
|
||
|
ssh;
|
||
|
}
|
||
|
web-management {
|
||
|
http {
|
||
|
interface [ vme.0 vlan.1 ];
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
virtual-chassis {
|
||
|
no-split-detection;
|
||
|
member 0 {
|
||
|
mastership-priority 255;
|
||
|
}
|
||
|
member 1 {
|
||
|
mastership-priority 255;
|
||
|
}
|
||
|
}
|
||
|
chassis { aggregated-devices { ethernet { device-count 32; } } }
|
||
|
|
||
|
vlans {
|
||
|
${concatMapStrings (net:
|
||
|
let
|
||
|
netName = if net == "mgmt"
|
||
|
then "mgmt-vlan"
|
||
|
else net;
|
||
|
netConfig = config.site.net.${net};
|
||
|
vlan = toString netConfig.vlan;
|
||
|
in
|
||
|
lib.optionalString (netConfig.vlan != null) ''
|
||
|
${netName} {
|
||
|
vlan-id ${vlan};
|
||
|
${lib.optionalString (net == "mgmt") ''
|
||
|
l3-interface vlan.${vlan};
|
||
|
''}
|
||
|
}
|
||
|
''
|
||
|
) (sortNetsByVlan (builtins.attrNames config.site.net))}
|
||
|
}
|
||
|
|
||
|
interfaces {
|
||
|
vlan {
|
||
|
unit ${toString config.site.net.mgmt.vlan} {
|
||
|
family inet {
|
||
|
address ${mgmtAddress}/${toString config.site.net.mgmt.subnet4Len};
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
|
||
|
${concatMapStrings (name:
|
||
|
let
|
||
|
linkConfig = hostConfig.links.${name};
|
||
|
group = toString linkConfig.group;
|
||
|
isBond = linkConfig.trunk &&
|
||
|
builtins.length linkConfig.ports > 1;
|
||
|
nets = map (net:
|
||
|
if net == "mgmt"
|
||
|
then "mgmt-vlan"
|
||
|
else net
|
||
|
) linkConfig.nets;
|
||
|
vlanConfig = ''
|
||
|
unit 0 {
|
||
|
family ethernet-switching {
|
||
|
port-mode ${if linkConfig.trunk then "trunk" else "access"};
|
||
|
vlan { members [ ${concatStringsSep " " nets} ]; }
|
||
|
}
|
||
|
}
|
||
|
'';
|
||
|
in
|
||
|
if isBond
|
||
|
then concatMapStrings (port: ''
|
||
|
${port} {
|
||
|
ether-options { 802.3ad ae${group}; }
|
||
|
}
|
||
|
'') (linkConfig.ports) + ''
|
||
|
ae${group} {
|
||
|
aggregated-ether-options { lacp { active; } }
|
||
|
${vlanConfig}
|
||
|
}
|
||
|
''
|
||
|
else concatMapStrings (port: ''
|
||
|
${port} {
|
||
|
${vlanConfig}
|
||
|
}
|
||
|
'') (linkConfig.ports)
|
||
|
) (sortBy (link: hostConfig.links.${link}.ports)
|
||
|
(builtins.attrNames hostConfig.links)
|
||
|
)}
|
||
|
}
|
||
|
'';
|
||
|
|
||
|
mgmtAddress = config.site.net.mgmt.hosts4.${hostName};
|
||
|
in ''
|
||
|
#! ${runtimeShell} -e
|
||
|
|
||
|
scp ${configFile} root@${mgmtAddress}:/tmp/junos.config
|
||
|
ssh root@${mgmtAddress} cli <<EOF
|
||
|
configure
|
||
|
load override /tmp/junos.config
|
||
|
commit
|
||
|
EOF
|
||
|
''
|