nixos-module/container/bird: rework radv router selection

2022-10-23 01:16:18 +02:00 · 2022-10-23 01:16:18 +02:00 · 13e0aa216e
parent f5080ccf94
commit 13e0aa216e
7 changed files with 31 additions and 25 deletions
--- a/config/net/c3d2.nix
+++ b/config/net/c3d2.nix
@ -67,6 +67,7 @@
      c3d2-gw3 = "172.22.99.4";
      dn42 = "172.22.99.253";
    };
+    ipv6Router = "c3d2-gw3";
    hosts6.dn42 = {
      bgp = "fd23:42:c3d2:523::c3d2:ff0b";
      c3d2-anon = "fd23:42:c3d2:523::c3d2:1";
--- a/config/net/cluster.nix
+++ b/config/net/cluster.nix
@ -4,6 +4,7 @@ let
 in
 {
  site.net.cluster = {
+    ipv6Router = "cls-gw";
    domainName = "cluster.zentralwerk.org";
    extraRecords = map (host: {
      data = "1 1 6789 ${host}";
--- a/config/net/flpk.nix
+++ b/config/net/flpk.nix
@ -1,6 +1,7 @@
 {
  site.net.flpk = {
    domainName = "flpk.zentralwerk.org";
+    ipv6Router = "flpk-gw";
    subnet4 = "45.158.40.160/27";
    # we get a /56
    subnets6.flpk = "2a0f:5382:acab:1400::/64";
--- a/config/net/serv.nix
+++ b/config/net/serv.nix
@ -79,6 +79,7 @@
      factorio = "172.20.73.73";
      zengel = "172.20.73.74";
    };
+    ipv6Router = "serv-gw";
    subnets6.dn42 = "fd23:42:c3d2:582::/64";
    subnets6.up4 = "2a00:8180:2c00:282::/64";
    hosts6.dn42 = {
--- a/config/net/vpn.nix
+++ b/config/net/vpn.nix
@ -3,6 +3,7 @@
  site.net.vpn = {
    vlan = null;
    domainName = "core.zentralwerk.org";
+    ipv6Router = "vpn-gw";
    hosts4 = {
      vpn-gw = "172.20.76.225";
    };
--- a/nix/lib/config/options.nix
+++ b/nix/lib/config/options.nix
@ -158,6 +158,11 @@ let
        type = with types; nullOr (submodule { options = dhcpOpts; });
        default = null;
      };
+      ipv6Router = mkOption {
+        description = "Who sends router advertisements?";
+        type = with types; nullOr str;
+        default = config.site.net.${name}.dhcp.router or null;
+      };
      domainName = mkOption {
        description = "Domain name option";
        type = types.str;
--- a/nix/nixos-module/container/bird.nix
+++ b/nix/nixos-module/container/bird.nix
@ -12,17 +12,11 @@ let

  isUpstream = upstreamInterfaces != {};

-  # Configuring a gateway? If so, this is the associated net.
-  gatewayNet =
-    let
-      m = builtins.match "(.+)-gw" hostName;
-    in if hostName == "c3d2-gw3"
-       then "c3d2"
-       else if m == [ "cls" ]
-       then "cluster"
-       else if m == null
-       then null
-       else builtins.head m;
+  ipv6RouterNets = builtins.attrNames (
+    lib.filterAttrs (net: { ipv6Router, ... }:
+      ipv6Router == hostName
+    ) config.site.net
+  );

  enumerate = n: list:
    if list == []
@ -110,26 +104,28 @@ in
        }
      ''}

-      ${lib.optionalString (gatewayNet != null) ''
+      ${lib.optionalString (ipv6RouterNets != []) ''
        # Router advertisements
        protocol radv {
          rdnss ${config.site.net.serv.hosts6.dn42.dnscache};

-          interface "${gatewayNet}" {
-            min ra interval 10;
-            max ra interval 60;
+          ${lib.concatMapStrings (net:
+            interface "${net}" {
+              min ra interval 10;
+              max ra interval 60;

-            ${builtins.concatStringsSep "\n" (
-              map (subnet6: ''
-                prefix ${subnet6} {
-                  preferred lifetime 600;
-                  valid lifetime 1800;
-                };
-              '') (builtins.attrValues config.site.net.${gatewayNet}.subnets6)
-            )}
+              ${builtins.concatStringsSep "\n" (
+                map (subnet6: ''
+                  prefix ${subnet6} {
+                    preferred lifetime 600;
+                    valid lifetime 1800;
+                  };
+                '') (builtins.attrValues config.site.net.${net}.subnets6)
+              )}

-            dnssl "${config.site.net.${gatewayNet}.domainName}";
-          };
+              dnssl "${config.site.net.${net}.domainName}";
+            };
+          ) ipv6RouterNets}
        }
      ''}