dev/nixfiles
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

nixos/estuary: Add config for Frys-IX

Browse Source
This commit is contained in:
Jack O'Sullivan 2022-10-25 00:14:35 +01:00
parent 92283ef064
commit 2805167c67
2 changed files with 92 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
nixos/boxes/colony/vms/estuary/bgp.nix
View File

@ -26,6 +26,9 @@ in
define DUB1IP6 = 2a0e:97c0:4df:0:2::1;
define PREFIXP = 110;
define PREFPEER = 120;
#function should_export6() {
# return net ~ OWNNETSET6 || (transit && net ~ TRANSSET6);
#}
@ -156,18 +159,43 @@ in
neighbor 2a02:898:0:20::e1 as 8283;
}
protocol bgp peer4_frysix_rs1 from peer_bgp4 {
description "Frys-IX route server 1 (IPv4)";
neighbor 185.1.203.253 as 56393;
ipv4 { preference PREFIXP; };
}
protocol bgp peer6_frysix_rs1 from peer_bgp6 {
description "Frys-IX route server 1 (IPv6)";
neighbor 2001:7f8:10f::dc49:253 as 56393;
ipv6 { preference PREFIXP; };
}
protocol bgp peer4_frysix_rs2 from peer_bgp4 {
description "Frys-IX route server 2 (IPv4)";
neighbor 185.1.203.254 as 56393;
ipv4 { preference PREFIXP; };
}
protocol bgp peer6_frysix_rs2 from peer_bgp6 {
description "Frys-IX route server 2 (IPv6)";
neighbor 2001:7f8:10f::dc49:254 as 56393;
ipv6 { preference PREFIXP; };
}
protocol bgp peer4_luje from peer_bgp4 {
description "LUJE.net (IPv4)";
neighbor 94.142.240.20 as 212855;
ipv4 { preference PREFPEER; };
}
protocol bgp peer6_luje from peer_bgp6 {
description "LUJE.net (IPv6)";
neighbor 2a02:898:0:20::166:1 as 212855;
ipv6 { preference PREFPEER; };
}
protocol bgp peer6_luje_labs from peer_bgp6 {
description "LUJE.net labs (IPv6)";
neighbor 2a07:cd40:1::9 as 202413;
multihop 3;
neighbor 2a07:cd40:1::9 as 202413;
ipv6 { preference PREFPEER; };
}
'';
};

65
nixos/boxes/colony/vms/estuary/default.nix
View File

@ -140,6 +140,7 @@ in
};
};
#systemd.services.systemd-networkd.environment.SYSTEMD_LOG_LEVEL = "debug";
systemd.network = {
config = {
networkConfig = {
@ -147,9 +148,31 @@ in
};
};
netdevs = {
"25-frys-ix-base" = {
netdevConfig = {
Name = "frys-ix-base";
Kind = "vlan";
};
vlanConfig.Id = 409;
};
"25-frys-ix" = {
netdevConfig = {
Name = "frys-ix";
Kind = "vlan";
};
vlanConfig.Id = 2605;
};
};
links = {
"10-wan" = {
matchConfig.MACAddress = "d0:50:99:fa:a7:99";
matchConfig = {
Driver = "igb";
Path = "pci-0000:01:00.0";
# Matching against MAC address seems to break VLAN interfaces (since they share the same MAC address)
#MACAddress = "d0:50:99:fa:a7:99";
};
linkConfig = {
Name = "wan";
RxBufferSize = 4096;
@ -171,6 +194,7 @@ in
networks = {
"80-wan" = {
matchConfig.Name = "wan";
vlan = [ "frys-ix-base" ];
DHCP = "no";
address = with assignments.internal; [
(with ipv4; "${address}/${toString mask}")
@ -187,6 +211,33 @@ in
IPv6AcceptRA = false;
};
};
"85-frys-ix-base" = {
matchConfig = {
Name = "frys-ix-base";
Kind = "vlan";
};
vlan = [ "frys-ix" ];
networkConfig = {
LinkLocalAddressing = "no";
DHCP = "no";
LLDP = false;
EmitLLDP = false;
IPv6AcceptRA = false;
};
};
"85-frys-ix" = {
matchConfig.Name = "frys-ix";
address = [
"185.1.203.196/24"
"2001:7f8:10f::3:3850:196/64"
];
networkConfig = {
DHCP = "no";
LLDP = false;
EmitLLDP = false;
IPv6AcceptRA = false;
};
};
"80-base" = mkMerge [
(networkdAssignment "base" assignments.base)
@ -296,10 +347,20 @@ in
meta l4proto udp ct state new jump routing-udp
return
}
chain ixp {
ether type != { ip, ip6, arp, vlan } reject
return
}
chain forward {
iifname wan oifname base jump filter-routing
iifname { wan, frys-ix } oifname base jump filter-routing
oifname frys-ix jump ixp
oifname as211024 accept
}
chain output {
oifname frys-ix-base ether type != vlan reject
oifname frys-ix jump ixp
}
}
table inet nat {
chain prerouting {