nixos-module/container/bird.nix: init for ospf
This commit is contained in:
parent
704f007ae5
commit
260bc3aeb5
|
@ -19,6 +19,7 @@ in
|
|||
(builtins.mapAttrs (_: vlan: { vlan = vlan; }) pillar.vlans)
|
||||
(builtins.mapAttrs (_: subnet4: { inherit subnet4; }) pillar.subnets-inet)
|
||||
(builtins.mapAttrs (_: hosts4: { inherit hosts4; }) pillar.hosts-inet)
|
||||
{ core.ospf.secret = pillar.ospf.secret; }
|
||||
] ++ (
|
||||
map (ctx:
|
||||
builtins.mapAttrs (_: subnet: { subnets6.${ctx} = subnet; }) pillar.subnets-inet6.${ctx}
|
||||
|
@ -45,13 +46,22 @@ in
|
|||
role = "ap";
|
||||
}) pillar.cpe)
|
||||
|
||||
(builtins.mapAttrs (_: container: {
|
||||
(builtins.mapAttrs (name: container: {
|
||||
role = "container";
|
||||
location = mainServer;
|
||||
interfaces =
|
||||
builtins.mapAttrs (_:
|
||||
renameAttr "gw" "gw6"
|
||||
renameAttr "gw" "gw4"
|
||||
) container.interfaces;
|
||||
ospf =
|
||||
let
|
||||
hostPillar = self.lib.saltPillarFor name;
|
||||
ospfConf = hostPillar.ospf;
|
||||
in lib.optionalAttrs (hostPillar ? ospf && ospfConf ? stubnets-inet) {
|
||||
stubNets4 = ospfConf.stubnets-inet;
|
||||
} // lib.optionalAttrs (hostPillar ? ospf && ospfConf ? stubnets-inet6) {
|
||||
stubNets6 = ospfConf.stubnets-inet6;
|
||||
};
|
||||
}) pillar.containers)
|
||||
] ++
|
||||
|
||||
|
@ -67,4 +77,13 @@ in
|
|||
) (builtins.attrNames pillar.hosts-inet6.${ctx})
|
||||
) (builtins.attrNames pillar.hosts-inet6))
|
||||
);
|
||||
|
||||
config.site.ospf = {
|
||||
networks4 = [ "172.20.72.0/21" ];
|
||||
networks6 = [
|
||||
"fd23:42:c3d2:500::/56"
|
||||
"2a02:8106:208:5200::/56"
|
||||
"2a02:8106:211:e900::/56"
|
||||
];
|
||||
};
|
||||
}
|
||||
|
|
|
@ -39,6 +39,12 @@ let
|
|||
type = with types; attrsOf (attrsOf str);
|
||||
default = {};
|
||||
};
|
||||
ospf = {
|
||||
secret = mkOption {
|
||||
type = with types; nullOr str;
|
||||
default = null;
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
interfaceOpts = { name, ... }: {
|
||||
|
@ -92,6 +98,14 @@ let
|
|||
type = types.bool;
|
||||
default = config.site.hosts.${name}.interfaces ? core;
|
||||
};
|
||||
ospf.stubNets4 = mkOption {
|
||||
type = with types; listOf str;
|
||||
default = [];
|
||||
};
|
||||
ospf.stubNets6 = mkOption {
|
||||
type = with types; listOf str;
|
||||
default = [];
|
||||
};
|
||||
};
|
||||
};
|
||||
in
|
||||
|
@ -105,6 +119,14 @@ in
|
|||
default = {};
|
||||
type = with types; attrsOf (submodule hostOpts);
|
||||
};
|
||||
ospf.networks4 = mkOption {
|
||||
default = [];
|
||||
type = with types; listOf str;
|
||||
};
|
||||
ospf.networks6 = mkOption {
|
||||
default = [];
|
||||
type = with types; listOf str;
|
||||
};
|
||||
};
|
||||
|
||||
config.warnings =
|
||||
|
|
101
nix/nixos-module/container/bird.nix
Normal file
101
nix/nixos-module/container/bird.nix
Normal file
|
@ -0,0 +1,101 @@
|
|||
{ hostName, config, options, lib, ... }:
|
||||
|
||||
let
|
||||
hostConf = config.site.hosts.${hostName};
|
||||
in
|
||||
{
|
||||
services.bird2 = {
|
||||
enable = true;
|
||||
config = ''
|
||||
router id ${config.site.net.core.hosts4.${hostName}};
|
||||
|
||||
protocol kernel K4 {
|
||||
ipv4 {
|
||||
export all;
|
||||
};
|
||||
}
|
||||
protocol kernel K6 {
|
||||
ipv6 {
|
||||
export all;
|
||||
};
|
||||
}
|
||||
protocol device {
|
||||
scan time 10;
|
||||
}
|
||||
|
||||
# protocol radv {
|
||||
# interface "c3d2" {
|
||||
# min ra interval 10;
|
||||
# max ra interval 60;
|
||||
# prefix ::/64 {
|
||||
# preferred lifetime 20;
|
||||
# valid lifetime 60;
|
||||
# };
|
||||
# };
|
||||
# }
|
||||
|
||||
protocol ospf v2 ZW4 {
|
||||
area 0 {
|
||||
networks {
|
||||
${builtins.concatStringsSep " " (
|
||||
map (n: " ${n};") config.site.ospf.networks4
|
||||
)}
|
||||
};
|
||||
${builtins.concatStringsSep "\n" (
|
||||
builtins.attrValues (
|
||||
builtins.mapAttrs (net: _:
|
||||
if config.site.net.${net}.ospf.secret != null
|
||||
then ''
|
||||
interface "${net}" {
|
||||
authentication cryptographic;
|
||||
password "${config.site.net.${net}.ospf.secret}";
|
||||
};
|
||||
''
|
||||
else if config.site.net.${net}.subnet4 != null
|
||||
then ''
|
||||
stubnet ${config.site.net.${net}.subnet4} {};
|
||||
''
|
||||
else ""
|
||||
) hostConf.interfaces
|
||||
)
|
||||
)}
|
||||
${builtins.concatStringsSep "\n" (
|
||||
map (stubnet4: "stubnet ${stubnet4} {};")
|
||||
hostConf.ospf.stubNets4
|
||||
)}
|
||||
};
|
||||
}
|
||||
|
||||
protocol ospf v3 ZW6 {
|
||||
area 0 {
|
||||
networks {
|
||||
${builtins.concatStringsSep " " (
|
||||
map (n: " ${n};") config.site.ospf.networks6
|
||||
)}
|
||||
};
|
||||
${builtins.concatStringsSep "\n" (
|
||||
builtins.attrValues (
|
||||
builtins.mapAttrs (net: _:
|
||||
if config.site.net.${net}.ospf.secret != null
|
||||
then ''
|
||||
interface "${net}" {
|
||||
authentication cryptographic;
|
||||
password "${config.site.net.${net}.ospf.secret}";
|
||||
};
|
||||
''
|
||||
else builtins.concatStringsSep "\n" (
|
||||
map (subnet6: "stubnet ${subnet6} {};")
|
||||
(builtins.attrValues config.site.net.${net}.subnets6)
|
||||
)
|
||||
) hostConf.interfaces
|
||||
)
|
||||
)}
|
||||
${builtins.concatStringsSep "\n" (
|
||||
map (stubnet6: "stubnet ${stubnet6} {};")
|
||||
hostConf.ospf.stubNets6
|
||||
)}
|
||||
};
|
||||
}
|
||||
'';
|
||||
};
|
||||
}
|
|
@ -18,5 +18,10 @@ in {
|
|||
]
|
||||
++ optionals (hostConfig.role == "container") [
|
||||
./container/defaults.nix
|
||||
] ++ optionals (
|
||||
hostConfig.role == "container" &&
|
||||
lib.config.site.hosts.${hostName}.isRouter
|
||||
) [
|
||||
./container/bird.nix
|
||||
];
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue
Block a user