zentralwerk/network
zentralwerk
/
network
12
4
Fork 2
Code Issues 3 Pull Requests 1 Releases Wiki Activity

nixos-module/container/bird: bgp fixups

This commit is contained in:
Astro 2023-01-22 01:42:19 +01:00
parent 8869681b28
commit f2bb5a2735
3 changed files with 38 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
config/net/flpk.nix
View File

@ -51,8 +51,10 @@
}; };
}; };
bgp = { bgp = {
allowedUpstreams = [ "upstream4" "upstream3" "freifunk" ];
upstreamTable = "vpn_table"; upstreamTable = "vpn_table";
allowedUpstreams = [ "upstream4" "upstream3" "freifunk" ];
# IPv6 ::/0 via wireguard tunnel
allowedUpstreams6 = [];
peers.${config.site.net.core.subnets6.dn42} = { peers.${config.site.net.core.subnets6.dn42} = {
type = "upstream"; type = "upstream";
name = "up"; name = "up";

4
config/net/upstream.nix
View File

@ -353,8 +353,10 @@ in
}; };
}; };
bgp = { bgp = {
allowedUpstreams = [ "upstream3" "upstream4" "freifunk" ];
upstreamTable = "vpn_table"; upstreamTable = "vpn_table";
allowedUpstreams = [ "upstream3" "upstream4" "freifunk" ];
# IPv6 ::/0 via wireguard tunnel
allowedUpstreams6 = [];
peers.${config.site.net.core.subnets6.dn42} = { peers.${config.site.net.core.subnets6.dn42} = {
asn = config.site.hosts.upstream3.bgp.asn; asn = config.site.hosts.upstream3.bgp.asn;
type = "upstream"; type = "upstream";

41
nix/nixos-module/container/bird.nix
View File

@ -166,23 +166,43 @@ in
preference = preference + 200; preference = preference + 200;
accept; accept;
}; };
${lib.optionalString (nets4 != []) '' export filter {
export where net ~ [ ${lib.concatMapStringsSep ", " (n: "${n}") nets4} ]; if net ~ [ ${config.site.net.core.subnet4} ] then {
''} reject;
}
${lib.optionalString (nets4 != []) ''
if net ~ [ ${lib.concatMapStringsSep ", " (n: "${n}+") nets4} ] then {
accept;
}
''}
reject;
};
}; };
ipv6 { ipv6 {
import filter { import filter {
preference = preference + 200; preference = preference + 200;
accept; accept;
}; };
${lib.optionalString (nets6 != []) '' export filter {
export where net ~ [ ${lib.concatMapStringsSep ", " (n: "${n}") nets6} ]; if net ~ [ ${lib.concatStringsSep ", " (builtins.attrValues config.site.net.core.subnets6)} ] then {
''} reject;
}
${lib.optionalString (nets6 != []) ''
if net ~ [ ${lib.concatMapStringsSep ", " (n: "${n}+") nets6} ] then {
accept;
}
''}
reject;
};
}; };
} }
template bgp bgp_rr_client { template bgp bgp_rr_client {
local as ${toString hostConf.bgp.asn}; local as ${toString hostConf.bgp.asn};
direct; direct;
connect delay time 1;
connect retry time 3;
error wait time 1 5;
error forget time 5;
ipv4 { ipv4 {
next hop self on; next hop self on;
@ -260,6 +280,10 @@ in
local as ${toString hostConf.bgp.asn}; local as ${toString hostConf.bgp.asn};
neighbor ${config.site.net.core.hosts6.dn42.${upstream}} as ${toString hostConf.bgp.asn}; neighbor ${config.site.net.core.hosts6.dn42.${upstream}} as ${toString hostConf.bgp.asn};
direct; direct;
connect delay time 1;
connect retry time 3;
error wait time 1 5;
error forget time 5;
ipv4 { ipv4 {
${if (upstream4Order ? ${upstream}) ${if (upstream4Order ? ${upstream})
@ -329,8 +353,7 @@ in
]; ];
}; };
instance = { instance = {
ipv4 = "ZW4_${hostNameEscaped}"; ipv4 = "bgp_up";
ipv6 = "ZW6_${hostNameEscaped}";
}; };
checkService = addressFamily: { checkService = addressFamily: {
description = "Check connectivity for ${addressFamily}"; description = "Check connectivity for ${addressFamily}";
@ -369,6 +392,6 @@ in
}; };
in lib.mkIf isUpstream { in lib.mkIf isUpstream {
check-upstream-ipv4 = checkService "ipv4"; check-upstream-ipv4 = checkService "ipv4";
check-upstream-ipv6 = checkService "ipv6"; #check-upstream-ipv6 = checkService "ipv6";
}; };
} }