diff --git a/nix/lib/config/legacy.nix b/nix/lib/config/legacy.nix index 249aa08..570b6d8 100644 --- a/nix/lib/config/legacy.nix +++ b/nix/lib/config/legacy.nix @@ -19,6 +19,7 @@ in (builtins.mapAttrs (_: vlan: { vlan = vlan; }) pillar.vlans) (builtins.mapAttrs (_: subnet4: { inherit subnet4; }) pillar.subnets-inet) (builtins.mapAttrs (_: hosts4: { inherit hosts4; }) pillar.hosts-inet) + { core.ospf.secret = pillar.ospf.secret; } ] ++ ( map (ctx: builtins.mapAttrs (_: subnet: { subnets6.${ctx} = subnet; }) pillar.subnets-inet6.${ctx} @@ -45,13 +46,22 @@ in role = "ap"; }) pillar.cpe) - (builtins.mapAttrs (_: container: { + (builtins.mapAttrs (name: container: { role = "container"; location = mainServer; interfaces = builtins.mapAttrs (_: - renameAttr "gw" "gw6" + renameAttr "gw" "gw4" ) container.interfaces; + ospf = + let + hostPillar = self.lib.saltPillarFor name; + ospfConf = hostPillar.ospf; + in lib.optionalAttrs (hostPillar ? ospf && ospfConf ? stubnets-inet) { + stubNets4 = ospfConf.stubnets-inet; + } // lib.optionalAttrs (hostPillar ? ospf && ospfConf ? stubnets-inet6) { + stubNets6 = ospfConf.stubnets-inet6; + }; }) pillar.containers) ] ++ @@ -67,4 +77,13 @@ in ) (builtins.attrNames pillar.hosts-inet6.${ctx}) ) (builtins.attrNames pillar.hosts-inet6)) ); + + config.site.ospf = { + networks4 = [ "172.20.72.0/21" ]; + networks6 = [ + "fd23:42:c3d2:500::/56" + "2a02:8106:208:5200::/56" + "2a02:8106:211:e900::/56" + ]; + }; } diff --git a/nix/lib/config/options.nix b/nix/lib/config/options.nix index b832f5d..3cafba7 100644 --- a/nix/lib/config/options.nix +++ b/nix/lib/config/options.nix @@ -39,6 +39,12 @@ let type = with types; attrsOf (attrsOf str); default = {}; }; + ospf = { + secret = mkOption { + type = with types; nullOr str; + default = null; + }; + }; }; }; interfaceOpts = { name, ... }: { @@ -92,6 +98,14 @@ let type = types.bool; default = config.site.hosts.${name}.interfaces ? core; }; + ospf.stubNets4 = mkOption { + type = with types; listOf str; + default = []; + }; + ospf.stubNets6 = mkOption { + type = with types; listOf str; + default = []; + }; }; }; in @@ -105,6 +119,14 @@ in default = {}; type = with types; attrsOf (submodule hostOpts); }; + ospf.networks4 = mkOption { + default = []; + type = with types; listOf str; + }; + ospf.networks6 = mkOption { + default = []; + type = with types; listOf str; + }; }; config.warnings = diff --git a/nix/nixos-module/container/bird.nix b/nix/nixos-module/container/bird.nix new file mode 100644 index 000000000..2bec482 --- /dev/null +++ b/nix/nixos-module/container/bird.nix @@ -0,0 +1,101 @@ +{ hostName, config, options, lib, ... }: + +let + hostConf = config.site.hosts.${hostName}; +in +{ + services.bird2 = { + enable = true; + config = '' + router id ${config.site.net.core.hosts4.${hostName}}; + + protocol kernel K4 { + ipv4 { + export all; + }; + } + protocol kernel K6 { + ipv6 { + export all; + }; + } + protocol device { + scan time 10; + } + + # protocol radv { + # interface "c3d2" { + # min ra interval 10; + # max ra interval 60; + # prefix ::/64 { + # preferred lifetime 20; + # valid lifetime 60; + # }; + # }; + # } + + protocol ospf v2 ZW4 { + area 0 { + networks { + ${builtins.concatStringsSep " " ( + map (n: " ${n};") config.site.ospf.networks4 + )} + }; + ${builtins.concatStringsSep "\n" ( + builtins.attrValues ( + builtins.mapAttrs (net: _: + if config.site.net.${net}.ospf.secret != null + then '' + interface "${net}" { + authentication cryptographic; + password "${config.site.net.${net}.ospf.secret}"; + }; + '' + else if config.site.net.${net}.subnet4 != null + then '' + stubnet ${config.site.net.${net}.subnet4} {}; + '' + else "" + ) hostConf.interfaces + ) + )} + ${builtins.concatStringsSep "\n" ( + map (stubnet4: "stubnet ${stubnet4} {};") + hostConf.ospf.stubNets4 + )} + }; + } + + protocol ospf v3 ZW6 { + area 0 { + networks { + ${builtins.concatStringsSep " " ( + map (n: " ${n};") config.site.ospf.networks6 + )} + }; + ${builtins.concatStringsSep "\n" ( + builtins.attrValues ( + builtins.mapAttrs (net: _: + if config.site.net.${net}.ospf.secret != null + then '' + interface "${net}" { + authentication cryptographic; + password "${config.site.net.${net}.ospf.secret}"; + }; + '' + else builtins.concatStringsSep "\n" ( + map (subnet6: "stubnet ${subnet6} {};") + (builtins.attrValues config.site.net.${net}.subnets6) + ) + ) hostConf.interfaces + ) + )} + ${builtins.concatStringsSep "\n" ( + map (stubnet6: "stubnet ${stubnet6} {};") + hostConf.ospf.stubNets6 + )} + }; + } + ''; + }; +} diff --git a/nix/nixos-module/default.nix b/nix/nixos-module/default.nix index 8c67dd4..b739977 100644 --- a/nix/nixos-module/default.nix +++ b/nix/nixos-module/default.nix @@ -18,5 +18,10 @@ in { ] ++ optionals (hostConfig.role == "container") [ ./container/defaults.nix + ] ++ optionals ( + hostConfig.role == "container" && + lib.config.site.hosts.${hostName}.isRouter + ) [ + ./container/bird.nix ]; }