121 lines
3.3 KiB
Nix
121 lines
3.3 KiB
Nix
{ hostName, config, options, lib, ... }:
|
|
|
|
let
|
|
hostConf = config.site.hosts.${hostName};
|
|
|
|
gatewayNet =
|
|
let
|
|
m = builtins.match "(.+)-gw" hostName;
|
|
in if m == null
|
|
then null
|
|
else builtins.head m;
|
|
in
|
|
{
|
|
services.bird2 = {
|
|
enable = true;
|
|
config = ''
|
|
router id ${config.site.net.core.hosts4.${hostName}};
|
|
|
|
protocol kernel K4 {
|
|
ipv4 {
|
|
export all;
|
|
};
|
|
}
|
|
protocol kernel K6 {
|
|
ipv6 {
|
|
export all;
|
|
};
|
|
}
|
|
protocol device {
|
|
scan time 10;
|
|
}
|
|
|
|
${lib.optionalString (gatewayNet != null) ''
|
|
protocol radv {
|
|
rdnss ${config.site.net.serv.hosts6.dn42.dnscache};
|
|
|
|
interface "${gatewayNet}" {
|
|
min ra interval 10;
|
|
max ra interval 60;
|
|
|
|
${builtins.concatStringsSep "\n" (
|
|
map (subnet6: ''
|
|
prefix ${subnet6} {
|
|
preferred lifetime 20;
|
|
valid lifetime 60;
|
|
};
|
|
'') (builtins.attrValues config.site.net.${gatewayNet}.subnets6)
|
|
)}
|
|
|
|
dnssl "${config.site.net.${gatewayNet}.domainName}";
|
|
};
|
|
}
|
|
''}
|
|
|
|
protocol ospf v2 ZW4 {
|
|
area 0 {
|
|
networks {
|
|
${builtins.concatStringsSep " " (
|
|
map (n: " ${n};") config.site.ospf.networks4
|
|
)}
|
|
};
|
|
${builtins.concatStringsSep "\n" (
|
|
builtins.attrValues (
|
|
builtins.mapAttrs (net: _:
|
|
if config.site.net.${net}.ospf.secret != null
|
|
then ''
|
|
interface "${net}" {
|
|
authentication cryptographic;
|
|
password "${config.site.net.${net}.ospf.secret}";
|
|
};
|
|
''
|
|
else if config.site.net.${net}.subnet4 != null
|
|
then ''
|
|
stubnet ${config.site.net.${net}.subnet4} {};
|
|
''
|
|
else ""
|
|
) hostConf.interfaces
|
|
)
|
|
)}
|
|
${builtins.concatStringsSep "\n" (
|
|
map (stubnet4: "stubnet ${stubnet4} {};")
|
|
hostConf.ospf.stubNets4
|
|
)}
|
|
};
|
|
}
|
|
|
|
protocol ospf v3 ZW6 {
|
|
area 0 {
|
|
networks {
|
|
${builtins.concatStringsSep " " (
|
|
map (n: " ${n};") config.site.ospf.networks6
|
|
)}
|
|
};
|
|
${builtins.concatStringsSep "\n" (
|
|
builtins.attrValues (
|
|
builtins.mapAttrs (net: _:
|
|
if config.site.net.${net}.ospf.secret != null
|
|
then ''
|
|
interface "${net}" {
|
|
# TODO: enable when all bird 1.x have shut down
|
|
#authentication cryptographic;
|
|
#password "${config.site.net.${net}.ospf.secret}";
|
|
};
|
|
''
|
|
else builtins.concatStringsSep "\n" (
|
|
map (subnet6: "stubnet ${subnet6} {};")
|
|
(builtins.attrValues config.site.net.${net}.subnets6)
|
|
)
|
|
) hostConf.interfaces
|
|
)
|
|
)}
|
|
${builtins.concatStringsSep "\n" (
|
|
map (stubnet6: "stubnet ${stubnet6} {};")
|
|
hostConf.ospf.stubNets6
|
|
)}
|
|
};
|
|
}
|
|
'';
|
|
};
|
|
}
|