nixos-module/container/bird: export default routes on upstream*/anon*
This commit is contained in:
parent
0350826bc5
commit
c4fe62ebeb
|
@ -4,9 +4,9 @@
|
||||||
let
|
let
|
||||||
hostConf = config.site.hosts.${hostName};
|
hostConf = config.site.hosts.${hostName};
|
||||||
|
|
||||||
isUpstream = builtins.any (net:
|
isUpstream =
|
||||||
hostConf.interfaces.${net}.upstream != null
|
builtins.match "upstream.*" hostName != null ||
|
||||||
) (builtins.attrNames hostConf.interfaces);
|
builtins.match "anon.*" hostName != null;
|
||||||
|
|
||||||
# Configuring a gateway? If so, this is the associated net.
|
# Configuring a gateway? If so, this is the associated net.
|
||||||
gatewayNet =
|
gatewayNet =
|
||||||
|
@ -35,11 +35,20 @@ in
|
||||||
protocol kernel K4 {
|
protocol kernel K4 {
|
||||||
learn;
|
learn;
|
||||||
ipv4 {
|
ipv4 {
|
||||||
export all;
|
${lib.optionalString (!isUpstream) ''
|
||||||
|
export all;
|
||||||
|
''}
|
||||||
${lib.optionalString isUpstream ''
|
${lib.optionalString isUpstream ''
|
||||||
# Learn the default route
|
export filter {
|
||||||
|
if net ~ [ 0.0.0.0/0 ] then {
|
||||||
|
# Do not set another default route on upstreams
|
||||||
|
reject;
|
||||||
|
}
|
||||||
|
accept;
|
||||||
|
};
|
||||||
import filter {
|
import filter {
|
||||||
if net ~ [ 0.0.0.0/0 ] then {
|
if net ~ [ 0.0.0.0/0 ] then {
|
||||||
|
# Learn the upstream default route
|
||||||
accept;
|
accept;
|
||||||
}
|
}
|
||||||
reject;
|
reject;
|
||||||
|
@ -50,9 +59,18 @@ in
|
||||||
protocol kernel K6 {
|
protocol kernel K6 {
|
||||||
learn;
|
learn;
|
||||||
ipv6 {
|
ipv6 {
|
||||||
export all;
|
${lib.optionalString (!isUpstream) ''
|
||||||
|
export all;
|
||||||
|
''}
|
||||||
${lib.optionalString isUpstream ''
|
${lib.optionalString isUpstream ''
|
||||||
# Learn the default route
|
export filter {
|
||||||
|
if net ~ [ ::/0 ] then {
|
||||||
|
# Do not set another default route on upstreams
|
||||||
|
reject;
|
||||||
|
}
|
||||||
|
accept;
|
||||||
|
};
|
||||||
|
# Learn the upstream default route
|
||||||
import filter {
|
import filter {
|
||||||
if net ~ [ ::/0 ] then {
|
if net ~ [ ::/0 ] then {
|
||||||
accept;
|
accept;
|
||||||
|
|
Loading…
Reference in New Issue