nixos-module/container/bird: don't export local nets as stubnets but
learn from kernel
This commit is contained in:
parent
627c51e745
commit
761136bc61
|
@ -44,7 +44,19 @@ in
|
||||||
''
|
''
|
||||||
else ''
|
else ''
|
||||||
export all;
|
export all;
|
||||||
''}
|
import filter {
|
||||||
|
${lib.concatMapStrings (net:
|
||||||
|
lib.optionalString (
|
||||||
|
config.site.net.${net}.subnet4 or null != null
|
||||||
|
) ''
|
||||||
|
if net ~ [ ${config.site.net.${net}.subnet4} ] then {
|
||||||
|
# Learn route of local network ${net}
|
||||||
|
accept;
|
||||||
|
}
|
||||||
|
'') (builtins.attrNames hostConf.interfaces)}
|
||||||
|
''}
|
||||||
|
reject;
|
||||||
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
protocol kernel K6 {
|
protocol kernel K6 {
|
||||||
|
@ -59,6 +71,18 @@ in
|
||||||
''
|
''
|
||||||
else ''
|
else ''
|
||||||
export all;
|
export all;
|
||||||
|
import filter {
|
||||||
|
${lib.concatMapStrings (net:
|
||||||
|
lib.optionalString (
|
||||||
|
config.site.net.${net}.subnet4 or null != null
|
||||||
|
) ''
|
||||||
|
if net ~ [ ${config.site.net.${net}.subnet4} ] then {
|
||||||
|
# Learn route of local network ${net}
|
||||||
|
accept;
|
||||||
|
}
|
||||||
|
'') (builtins.attrNames hostConf.interfaces)}
|
||||||
|
reject;
|
||||||
|
};
|
||||||
''}
|
''}
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
@ -138,9 +162,7 @@ in
|
||||||
${builtins.concatStringsSep "\n" (
|
${builtins.concatStringsSep "\n" (
|
||||||
builtins.attrValues (
|
builtins.attrValues (
|
||||||
builtins.mapAttrs (net: _:
|
builtins.mapAttrs (net: _:
|
||||||
# Enable OSPF only on networks with a secret. Others
|
# Enable OSPF only on networks with a secret.
|
||||||
# are treated as a stubnet whose routes to
|
|
||||||
# advertise.
|
|
||||||
if config.site.net ? "${net}" && config.site.net.${net}.ospf.secret != null
|
if config.site.net ? "${net}" && config.site.net.${net}.ospf.secret != null
|
||||||
then ''
|
then ''
|
||||||
interface "${net}" {
|
interface "${net}" {
|
||||||
|
@ -151,11 +173,6 @@ in
|
||||||
password "${config.site.net.${net}.ospf.secret}";
|
password "${config.site.net.${net}.ospf.secret}";
|
||||||
};
|
};
|
||||||
''
|
''
|
||||||
else if config.site.net ? "${net}" && config.site.net.${net}.subnet4 != null
|
|
||||||
then ''
|
|
||||||
# Advertise route of network ${net}
|
|
||||||
stubnet ${config.site.net.${net}.subnet4} {};
|
|
||||||
''
|
|
||||||
else ""
|
else ""
|
||||||
) hostConf.interfaces
|
) hostConf.interfaces
|
||||||
)
|
)
|
||||||
|
@ -255,9 +272,7 @@ in
|
||||||
${builtins.concatStringsSep "\n" (
|
${builtins.concatStringsSep "\n" (
|
||||||
builtins.attrValues (
|
builtins.attrValues (
|
||||||
builtins.mapAttrs (net: _:
|
builtins.mapAttrs (net: _:
|
||||||
# Enable OSPF only on networks with a secret. Others
|
# Enable OSPF only on networks with a secret.
|
||||||
# are treated as a stubnet whose routes to
|
|
||||||
# advertise.
|
|
||||||
if config.site.net.${net}.ospf.secret != null
|
if config.site.net.${net}.ospf.secret != null
|
||||||
then ''
|
then ''
|
||||||
interface "${net}" {
|
interface "${net}" {
|
||||||
|
@ -268,12 +283,7 @@ in
|
||||||
password "${config.site.net.${net}.ospf.secret}";
|
password "${config.site.net.${net}.ospf.secret}";
|
||||||
};
|
};
|
||||||
''
|
''
|
||||||
else builtins.concatStringsSep "\n" (
|
else ""
|
||||||
map (subnet6: ''
|
|
||||||
# Advertise route of network ${net}
|
|
||||||
stubnet ${subnet6} {};
|
|
||||||
'') (builtins.attrValues config.site.net.${net}.subnets6)
|
|
||||||
)
|
|
||||||
) hostConf.physicalInterfaces
|
) hostConf.physicalInterfaces
|
||||||
)
|
)
|
||||||
)}
|
)}
|
||||||
|
|
Loading…
Reference in New Issue