2022-10-06 22:12:30 +01:00
|
|
|
{ lib, pkgs, config, assignments, allAssignments, ... }:
|
|
|
|
let
|
2022-10-08 20:20:10 +01:00
|
|
|
securebitSpace = "2a0e:97c0:4d0::/44";
|
2022-10-06 22:12:30 +01:00
|
|
|
in
|
|
|
|
{
|
|
|
|
config = {
|
|
|
|
services = {
|
|
|
|
bird2 = {
|
|
|
|
enable = true;
|
|
|
|
# TODO: Clean up and modularise
|
|
|
|
config = ''
|
|
|
|
define OWNAS = 211024;
|
2022-10-08 20:20:10 +01:00
|
|
|
define OWNIP4 = ${assignments.internal.ipv4.address};
|
|
|
|
define OWNNETSET4 = [${assignments.internal.ipv4.address}/32];
|
2022-10-06 22:12:30 +01:00
|
|
|
|
2022-10-08 20:20:10 +01:00
|
|
|
define OWNIP6 = ${assignments.base.ipv6.address};
|
|
|
|
define OWNNET6 = ${securebitSpace};
|
|
|
|
define OWNNETSET6 = [${securebitSpace}+];
|
2022-10-06 22:12:30 +01:00
|
|
|
#define TRANSSET6 = [::1/128];
|
|
|
|
|
|
|
|
define INTNET6 = 2a0e:97c0:4df::/48;
|
|
|
|
define AMSNET6 = 2a0e:97c0:4d2::/48;
|
|
|
|
define HOMENET6 = 2a0e:97c0:4d0::/48;
|
|
|
|
|
|
|
|
define DUB1IP6 = 2a0e:97c0:4df:0:2::1;
|
|
|
|
|
|
|
|
#function should_export6() {
|
|
|
|
# return net ~ OWNNETSET6 || (transit && net ~ TRANSSET6);
|
|
|
|
#}
|
|
|
|
|
|
|
|
filter bgp_import {
|
|
|
|
if net !~ OWNNETSET6 then accept; else reject;
|
|
|
|
}
|
|
|
|
filter bgp_export {
|
|
|
|
if net ~ OWNNETSET6 then accept; else reject;
|
|
|
|
}
|
|
|
|
|
|
|
|
router id from "wan";
|
|
|
|
|
|
|
|
protocol device {}
|
|
|
|
#protocol direct {
|
|
|
|
# interface "devplayer0";
|
|
|
|
# ipv6;
|
|
|
|
#}
|
|
|
|
protocol static {
|
|
|
|
# Special case: We have to do the routing on behalf of this _internal_ next-hop
|
|
|
|
#route INTNET6 via "devplayer0";
|
|
|
|
route AMSNET6 via "base";
|
|
|
|
#route HOMENET6 via DUB1IP6;
|
|
|
|
ipv6 {
|
|
|
|
import all;
|
|
|
|
export none;
|
|
|
|
};
|
|
|
|
}
|
|
|
|
|
2022-10-08 20:20:10 +01:00
|
|
|
protocol kernel kernel4 {
|
|
|
|
ipv4 {
|
|
|
|
import none;
|
|
|
|
export filter {
|
|
|
|
if net ~ OWNNETSET4 then reject;
|
|
|
|
krt_prefsrc = OWNIP4;
|
|
|
|
accept;
|
|
|
|
};
|
|
|
|
};
|
|
|
|
}
|
|
|
|
protocol kernel kernel6 {
|
2022-10-06 22:12:30 +01:00
|
|
|
ipv6 {
|
|
|
|
#import filter bgp_export;
|
|
|
|
import none;
|
|
|
|
export filter {
|
|
|
|
if net ~ OWNNETSET6 then reject;
|
|
|
|
krt_prefsrc = OWNIP6;
|
|
|
|
accept;
|
|
|
|
};
|
|
|
|
};
|
|
|
|
}
|
|
|
|
|
2022-10-08 20:20:10 +01:00
|
|
|
template bgp base_bgp4 {
|
|
|
|
local as OWNAS;
|
|
|
|
direct;
|
|
|
|
ipv4 {
|
|
|
|
export none;
|
|
|
|
};
|
|
|
|
}
|
|
|
|
|
|
|
|
template bgp upstream_bgp4 from base_bgp4 {
|
|
|
|
ipv4 {
|
|
|
|
#import none;
|
|
|
|
import filter bgp_import;
|
|
|
|
};
|
|
|
|
}
|
|
|
|
template bgp peer_bgp4 from base_bgp4 {
|
|
|
|
ipv4 {
|
|
|
|
import filter bgp_import;
|
|
|
|
};
|
|
|
|
}
|
|
|
|
|
|
|
|
template bgp base_bgp6 {
|
2022-10-06 22:12:30 +01:00
|
|
|
local as OWNAS;
|
|
|
|
direct;
|
|
|
|
ipv6 {
|
|
|
|
export filter bgp_export;
|
|
|
|
};
|
|
|
|
}
|
|
|
|
|
2022-10-08 20:20:10 +01:00
|
|
|
template bgp upstream_bgp6 from base_bgp6 {
|
2022-10-06 22:12:30 +01:00
|
|
|
ipv6 {
|
2022-10-08 20:20:10 +01:00
|
|
|
#import none;
|
|
|
|
import filter bgp_import;
|
2022-10-06 22:12:30 +01:00
|
|
|
};
|
|
|
|
}
|
2022-10-08 20:20:10 +01:00
|
|
|
template bgp peer_bgp6 from base_bgp6 {
|
2022-10-06 22:12:30 +01:00
|
|
|
ipv6 {
|
|
|
|
import filter bgp_import;
|
|
|
|
};
|
|
|
|
}
|
|
|
|
|
2022-10-08 20:20:10 +01:00
|
|
|
protocol bgp upstream4_coloclue_eun2 from upstream_bgp4 {
|
|
|
|
description "ColoClue euNetworks 2 (IPv4)";
|
|
|
|
neighbor 94.142.240.253 as 8283;
|
|
|
|
}
|
|
|
|
protocol bgp upstream4_coloclue_eun3 from upstream_bgp4 {
|
|
|
|
description "ColoClue euNetworks 3 (IPv4)";
|
|
|
|
neighbor 94.142.240.252 as 8283;
|
|
|
|
}
|
|
|
|
|
|
|
|
protocol bgp upstream6_coloclue_eun2 from upstream_bgp6 {
|
|
|
|
description "ColoClue euNetworks 2 (IPv6)";
|
|
|
|
neighbor 2a02:898:0:20::e2 as 8283;
|
|
|
|
}
|
|
|
|
protocol bgp upstream6_coloclue_eun3 from upstream_bgp6 {
|
|
|
|
description "ColoClue euNetworks 3 (IPv6)";
|
|
|
|
neighbor 2a02:898:0:20::e1 as 8283;
|
2022-10-06 22:12:30 +01:00
|
|
|
}
|
|
|
|
|
2022-10-08 20:20:10 +01:00
|
|
|
protocol bgp peer4_luje from peer_bgp4 {
|
|
|
|
description "LUJE.net (IPv4)";
|
|
|
|
neighbor 94.142.240.20 as 212855;
|
|
|
|
}
|
|
|
|
protocol bgp peer6_luje from peer_bgp6 {
|
|
|
|
description "LUJE.net (IPv6)";
|
|
|
|
neighbor 2a02:898:0:20::166:1 as 212855;
|
2022-10-06 22:12:30 +01:00
|
|
|
}
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
}
|