nixos-module/container/bird: add bgp configuration

2021-04-13 00:46:12 +02:00 · 2021-04-13 00:46:12 +02:00 · 5aa53fbcb1
parent aed29a54ce
commit 5aa53fbcb1
3 changed files with 61 additions and 15 deletions
--- a/nix/lib/config/legacy.nix
+++ b/nix/lib/config/legacy.nix
@ -135,8 +135,7 @@ in
                bgpConf = ctPillar.bgp;
              in {
                inherit (bgpConf) asn;
-                peers4 = bgpConf.peers-inet;
-                peers6 = bgpConf.peers-inet6;
+                peers = bgpConf.peers-inet // bgpConf.peers-inet6;
              }
            else null;

--- a/nix/lib/config/options.nix
+++ b/nix/lib/config/options.nix
@ -229,23 +229,18 @@ let
      };
    };
  };
-  bgpPeerOpts = { name, ... }: {
-    options = {
-      asn = mkOption {
-        type = types.int;
-      };
-    };
-  };
  bgpOpts = {
    asn = mkOption {
      type = types.int;
    };
-    peers4 = mkOption {
-      type = with types; attrsOf (submodule bgpPeerOpts);
-      default = {};
-    };
-    peers6 = mkOption {
-      type = with types; attrsOf (submodule bgpPeerOpts);
+    peers = mkOption {
+      type = with types; attrsOf (submodule ({ name, ... }: {
+        options = {
+          asn = mkOption {
+            type = types.int;
+          };
+        };
+      }));
      default = {};
    };
  };
--- a/nix/nixos-module/container/bird.nix
+++ b/nix/nixos-module/container/bird.nix
@ -13,6 +13,14 @@ let
       else if m == null
       then null
       else builtins.head m;
+
+  enumerate = n: list:
+    if list == []
+    then []
+    else [ {
+      n = n;
+      x = builtins.head list;
+    } ] ++ (enumerate (n + 1) (builtins.tail list));
 in
 {
  services.bird2 = {
@ -138,6 +146,50 @@ in
          )}
        };
      }
+
+      # Zentralwerk DN42
+      protocol static {
+        ipv4;
+        route 172.20.72.0/21 unreachable;
+      }
+      protocol static {
+        ipv6;
+        route fd23:42:c3d2:580::/57 unreachable;
+      }
+      # Static Vodafone
+      protocol static {
+        ipv6;
+        route 2a02:8106:208:5200::/56 unreachable;
+        route 2a02:8106:211:e900::/56 unreachable;
+      }
+
+      ${lib.optionalString (hostConf.bgp != null) ''
+        template bgp bgppeer {
+          local as ${toString hostConf.bgp.asn};
+
+          ipv4 {
+            import all;
+            export where source=RTS_STATIC;
+          };
+          ipv6 {
+            import all;
+            export where source=RTS_STATIC;
+          };
+        }
+
+        ${builtins.concatStringsSep "\n" (
+          map ({ n, x }:
+            let
+              peer = x;
+              peerConf = hostConf.bgp.peers.${peer};
+            in ''
+              protocol bgp bgp_${toString n} from bgppeer {
+                neighbor ${peer} as ${toString peerConf.asn};
+              }
+            ''
+          ) (enumerate 1 (builtins.attrNames hostConf.bgp.peers))
+        )}
+      ''}
    '';
  };
 }