nixos-module/container/bird: export default routes on upstream*/anon*

2021-04-29 22:47:11 +02:00 · 2021-04-29 22:47:11 +02:00 · c4fe62ebeb
parent 0350826bc5
commit c4fe62ebeb
1 changed files with 25 additions and 7 deletions
--- a/nix/nixos-module/container/bird.nix
+++ b/nix/nixos-module/container/bird.nix
@ -4,9 +4,9 @@
 let
  hostConf = config.site.hosts.${hostName};

-  isUpstream = builtins.any (net:
-    hostConf.interfaces.${net}.upstream != null
-  ) (builtins.attrNames hostConf.interfaces);
+  isUpstream =
+    builtins.match "upstream.*" hostName != null ||
+    builtins.match "anon.*" hostName != null;

  # Configuring a gateway? If so, this is the associated net.
  gatewayNet =
@ -35,11 +35,20 @@ in
      protocol kernel K4 {
        learn;
        ipv4 {
-          export all;
+          ${lib.optionalString (!isUpstream) ''
+            export all;
+          ''}
          ${lib.optionalString isUpstream ''
-            # Learn the default route
+            export filter {
+              if net ~ [ 0.0.0.0/0 ] then {
+                # Do not set another default route on upstreams
+                reject;
+              }
+              accept;
+            };
            import filter {
              if net ~ [ 0.0.0.0/0 ] then {
+                # Learn the upstream default route
                accept;
              }
              reject;
@ -50,9 +59,18 @@ in
      protocol kernel K6 {
        learn;
        ipv6 {
-          export all;
+          ${lib.optionalString (!isUpstream) ''
+            export all;
+          ''}
          ${lib.optionalString isUpstream ''
-            # Learn the default route
+            export filter {
+              if net ~ [ ::/0 ] then {
+                # Do not set another default route on upstreams
+                reject;
+              }
+              accept;
+            };
+            # Learn the upstream default route
            import filter {
              if net ~ [ ::/0 ] then {
                accept;