nixos/estuary: Add initial BIRD2 config

2022-10-06 22:12:30 +01:00
parent e8d6a702e6
commit fcc99a92e9
2 changed files with 99 additions and 1 deletions
--- a/nixos/boxes/colony/vms/estuary/bgp.nix
+++ b/nixos/boxes/colony/vms/estuary/bgp.nix
@@ -0,0 +1,98 @@
+{ lib, pkgs, config, assignments, allAssignments, ... }:
+let
+in
+{
+  config = {
+    services = {
+      bird2 = {
+        enable = true;
+        # TODO: Clean up and modularise
+        config = ''
+          define OWNAS = 211024;
+
+          define OWNIP6 = 2a0e:97c0:4df:0:3::1;
+          define OWNNET6 = 2a0e:97c0:4d0::/44;
+          define OWNNETSET6 = [2a0e:97c0:4d0::/44+];
+          #define TRANSSET6 = [::1/128];
+
+          define INTNET6 = 2a0e:97c0:4df::/48;
+          define AMSNET6 = 2a0e:97c0:4d2::/48;
+          define HOMENET6 = 2a0e:97c0:4d0::/48;
+
+          define DUB1IP6 = 2a0e:97c0:4df:0:2::1;
+
+          #function should_export6() {
+          #	return net ~ OWNNETSET6 || (transit && net ~ TRANSSET6);
+          #}
+
+          filter bgp_import {
+            if net !~ OWNNETSET6 then accept; else reject;
+          }
+          filter bgp_export {
+            if net ~ OWNNETSET6 then accept; else reject;
+          }
+
+          router id from "wan";
+
+          protocol device {}
+          #protocol direct {
+          #	interface "devplayer0";
+          #	ipv6;
+          #}
+          protocol static {
+            # Special case: We have to do the routing on behalf of this _internal_ next-hop
+            #route INTNET6 via "devplayer0";
+            route AMSNET6 via "base";
+            #route HOMENET6 via DUB1IP6;
+            ipv6 {
+              import all;
+              export none;
+            };
+          }
+
+          protocol kernel {
+            #learn;
+            ipv6 {
+              #import filter bgp_export;
+              import none;
+              export filter {
+                if net ~ OWNNETSET6 then reject;
+                krt_prefsrc = OWNIP6;
+                accept;
+              };
+            };
+          }
+
+          template bgp base_bgp {
+            local as OWNAS;
+            direct;
+            ipv6 {
+              export filter bgp_export;
+            };
+          }
+
+          template bgp upstream_bgp from base_bgp {
+            ipv6 {
+              import none;
+            };
+          }
+          template bgp peer_bgp from base_bgp {
+            ipv6 {
+              import filter bgp_import;
+            };
+          }
+
+          protocol bgp coloclue from upstream_bgp {
+            description "ColoClue";
+            neighbor 2a02:898:0:20::1 as 8283;
+          }
+
+          protocol bgp peer_luje from peer_bgp {
+            description "LUJE.net";
+            neighbor 2001:7f8:d9:5b::b93e:1 as 212855;
+          }
+        '';
+      };
+    };
+  };
+}
--- a/nixos/boxes/colony/vms/estuary/default.nix
+++ b/nixos/boxes/colony/vms/estuary/default.nix
@@ -39,7 +39,7 @@
        inherit (lib.my) networkdAssignment;
      in
      {
-        imports = [ "${modulesPath}/profiles/qemu-guest.nix" ./dns.nix ];
+        imports = [ "${modulesPath}/profiles/qemu-guest.nix" ./dns.nix ./bgp.nix ];

        config = mkMerge [
          {