From 41c85d898b7c6475542da3101199717aaf51c9de Mon Sep 17 00:00:00 2001 From: Luke Granger-Brown Date: Tue, 7 Dec 2021 15:48:50 +0000 Subject: [PATCH] etheroute-lon01: export QuadV net --- ops/nixos/etheroute-lon01/default.nix | 53 +++++++++++++++++++++++++++ 1 file changed, 53 insertions(+) diff --git a/ops/nixos/etheroute-lon01/default.nix b/ops/nixos/etheroute-lon01/default.nix index 0ff89ed423..afcc5f1800 100644 --- a/ops/nixos/etheroute-lon01/default.nix +++ b/ops/nixos/etheroute-lon01/default.nix @@ -6,6 +6,43 @@ let inherit (depot.ops) secrets; machineSecrets = secrets.machineSpecific.etheroute-lon01; + + makeIPIPInterface = { + name, + underlayDevice, + localIP, + remoteIP + }: { + description = "IPIP interface ${name}"; + wantedBy = [ "network-setup.service" "sys-subsystem-net-devices-${underlayDevice}.device" ]; + bindsTo = [ "${underlayDevice}-netdev.service" "sys-subsystem-net-devices-${underlayDevice}.device" ]; + partOf = [ "network-setup.service" ]; + after = [ "network-pre.target" "sys-subsystem-net-devices-${underlayDevice}.device" "network-addresses-${underlayDevice}.service" ]; + before = [ "network-setup.service" ]; + serviceConfig.Type = "oneshot"; + serviceConfig.RemainAfterExit = true; + path = [ pkgs.iproute2 ]; + + script = '' + echo "Removing old interface" + ip link show "${name}" >/dev/null 2>&1 && ip link del "${name}" + + echo "Adding interface" + ip link add name "${name}" type ipip local "${localIP}" remote "${remoteIP}" + + echo "Bringing up interface" + ip link set "${name}" up + ''; + preStop = '' + echo "Removing interface" + ip link set "${name}" down || true + ip link del "${name}" || true + ''; + reload = '' + ip link set dev "${name}" type ipip local "${localIP}" remote "${remoteIP}" + ''; + reloadIfChanged = true; + }; in { imports = [ ../lib/bgp.nix @@ -38,6 +75,10 @@ in { "ip=83.97.19.68::83.97.19.65:255.255.255.224:etheroute-lon01:eno1:none" ]; boot.kernelModules = [ "kvm-intel" ]; + boot.kernel.sysctl = { + "net.ipv4.conf.all.forwarding" = true; + "net.ipv4.conf.default.forwarding" = true; + }; # Use the systemd-boot EFI boot loader. boot.loader.systemd-boot.enable = true; @@ -95,10 +136,21 @@ in { ipv4.addresses = [{ address = "83.97.19.68"; prefixLength = 27; }]; ipv6.addresses = [{ address = "2a07:242:800:64::68"; prefixLength = 64; }]; }; + interfaces.quadv1-4 = { + ipv4.addresses = [{ address = "92.118.31.254"; prefixLength = 24; }]; + virtual = true; + }; firewall.allowedTCPPorts = [ 80 443 ]; }; my.ip.tailscale = "100.111.191.21"; + systemd.services.quadv1-4 = makeIPIPInterface { + name = "quadv1-4"; + underlayDevice = "eno1"; + localIP = "83.97.19.68"; + remoteIP = "92.118.30.254"; # Dummy for now + }; + services.openssh.hostKeys = [ { path = "/persist/etc/ssh/ssh_host_ed25519_key"; @@ -123,6 +175,7 @@ in { local = { routerID = "83.97.19.68"; }; + export.v4 = [ "92.118.31.0/24" ]; peering = { etheroute = { local = local // {