nixos-module/container/bird.nix: init for ospf

nix/lib/config/legacy.nix

@@ -19,6 +19,7 @@ in
     (builtins.mapAttrs (_: vlan: { vlan = vlan; }) pillar.vlans)
     (builtins.mapAttrs (_: subnet4: { inherit subnet4; }) pillar.subnets-inet)
     (builtins.mapAttrs (_: hosts4: { inherit hosts4; }) pillar.hosts-inet)
+    { core.ospf.secret = pillar.ospf.secret; }
   ] ++ (
     map (ctx:
       builtins.mapAttrs (_: subnet: { subnets6.${ctx} = subnet; }) pillar.subnets-inet6.${ctx}
@@ -45,13 +46,22 @@ in
         role = "ap";
       }) pillar.cpe)
 
-      (builtins.mapAttrs (_: container: {
+      (builtins.mapAttrs (name: container: {
         role = "container";
         location = mainServer;
         interfaces =
           builtins.mapAttrs (_:
-            renameAttr "gw" "gw6"
+            renameAttr "gw" "gw4"
           ) container.interfaces;
+        ospf =
+          let
+            hostPillar = self.lib.saltPillarFor name;
+            ospfConf = hostPillar.ospf;
+          in lib.optionalAttrs (hostPillar ? ospf && ospfConf ? stubnets-inet) {
+            stubNets4 = ospfConf.stubnets-inet;
+          } // lib.optionalAttrs (hostPillar ? ospf && ospfConf ? stubnets-inet6) {
+            stubNets6 = ospfConf.stubnets-inet6;
+          };
       }) pillar.containers)
     ] ++
 
@@ -67,4 +77,13 @@ in
       ) (builtins.attrNames pillar.hosts-inet6.${ctx})
     ) (builtins.attrNames pillar.hosts-inet6))
   );
+
+  config.site.ospf = {
+    networks4 = [ "172.20.72.0/21" ];
+    networks6 = [
+      "fd23:42:c3d2:500::/56"
+      "2a02:8106:208:5200::/56"
+      "2a02:8106:211:e900::/56"
+    ];
+  };
 }

nix/lib/config/options.nix

@@ -39,6 +39,12 @@ let
         type = with types; attrsOf (attrsOf str);
         default = {};
       };
+      ospf = {
+        secret = mkOption {
+          type = with types; nullOr str;
+          default = null;
+        };
+      };
     };
   };
   interfaceOpts = { name, ... }: {
@@ -92,6 +98,14 @@ let
         type = types.bool;
         default = config.site.hosts.${name}.interfaces ? core;
       };
+      ospf.stubNets4 = mkOption {
+        type = with types; listOf str;
+        default = [];
+      };
+      ospf.stubNets6 = mkOption {
+        type = with types; listOf str;
+        default = [];
+      };
     };
   };
 in
@@ -105,6 +119,14 @@ in
       default = {};
       type = with types; attrsOf (submodule hostOpts);
     };
+    ospf.networks4 = mkOption {
+      default = [];
+      type = with types; listOf str;
+    };
+    ospf.networks6 = mkOption {
+      default = [];
+      type = with types; listOf str;
+    };
   };
 
   config.warnings =

nix/nixos-module/container/bird.nix

@@ -0,0 +1,101 @@
+{ hostName, config, options, lib, ... }:
+
+let
+  hostConf = config.site.hosts.${hostName};
+in
+{
+  services.bird2 = {
+    enable = true;
+    config = ''
+      router id ${config.site.net.core.hosts4.${hostName}};
+
+      protocol kernel K4 {
+        ipv4 {
+          export all;
+        };
+      }
+      protocol kernel K6 {
+        ipv6 {
+          export all;
+        };
+      }
+      protocol device {
+        scan time 10;
+      }
+
+      # protocol radv {
+      #   interface "c3d2" {
+      #     min ra interval 10;
+      #     max ra interval 60;
+      #     prefix ::/64 {
+      #       preferred lifetime 20;
+      #       valid lifetime 60;
+      #     };
+      #   };
+      # }
+
+      protocol ospf v2 ZW4 {
+        area 0 {
+          networks {
+            ${builtins.concatStringsSep " " (
+              map (n: "  ${n};") config.site.ospf.networks4
+             )}
+          };
+          ${builtins.concatStringsSep "\n" (
+              builtins.attrValues (
+                builtins.mapAttrs (net: _:
+                  if config.site.net.${net}.ospf.secret != null
+                  then ''
+                    interface "${net}" {
+                      authentication cryptographic;
+                      password "${config.site.net.${net}.ospf.secret}";
+                    };
+                  ''
+                  else if config.site.net.${net}.subnet4 != null
+                  then ''
+                    stubnet ${config.site.net.${net}.subnet4} {};
+                  ''
+                  else ""
+                ) hostConf.interfaces
+              )
+          )}
+          ${builtins.concatStringsSep "\n" (
+            map (stubnet4: "stubnet ${stubnet4} {};")
+              hostConf.ospf.stubNets4
+          )}
+        };
+      }
+
+      protocol ospf v3 ZW6 {
+        area 0 {
+          networks {
+            ${builtins.concatStringsSep " " (
+              map (n: "  ${n};") config.site.ospf.networks6
+            )}
+          };
+          ${builtins.concatStringsSep "\n" (
+              builtins.attrValues (
+                builtins.mapAttrs (net: _:
+                  if config.site.net.${net}.ospf.secret != null
+                  then ''
+                    interface "${net}" {
+                      authentication cryptographic;
+                      password "${config.site.net.${net}.ospf.secret}";
+                    };
+                  ''
+                  else builtins.concatStringsSep "\n" (
+                    map (subnet6: "stubnet ${subnet6} {};")
+                      (builtins.attrValues config.site.net.${net}.subnets6)
+                  )
+                ) hostConf.interfaces
+              )
+          )}
+          ${builtins.concatStringsSep "\n" (
+            map (stubnet6: "stubnet ${stubnet6} {};")
+              hostConf.ospf.stubNets6
+          )}
+        };
+      }
+    '';
+  };
+}

nix/nixos-module/default.nix

@@ -18,5 +18,10 @@ in {
   ]
   ++ optionals (hostConfig.role == "container") [
     ./container/defaults.nix
+  ] ++ optionals (
+    hostConfig.role == "container" &&
+    lib.config.site.hosts.${hostName}.isRouter
+  ) [
+    ./container/bird.nix
   ];
 }