From 86a09dab739afab2ffc66d3ec3a7dbb4f6c11a00 Mon Sep 17 00:00:00 2001 From: Luke Granger-Brown Date: Wed, 4 Nov 2020 16:41:15 +0000 Subject: [PATCH] clouvider-lon01: add minotarproxy IPs --- ops/nixos/clouvider-lon01/default.nix | 8 ++++++++ ops/nixos/lib/bgp.nix | 22 +++++++++++++++++++--- 2 files changed, 27 insertions(+), 3 deletions(-) diff --git a/ops/nixos/clouvider-lon01/default.nix b/ops/nixos/clouvider-lon01/default.nix index ffa7d3682c..2bd2d1cfef 100644 --- a/ops/nixos/clouvider-lon01/default.nix +++ b/ops/nixos/clouvider-lon01/default.nix @@ -105,6 +105,11 @@ in { ipv4.addresses = [{ address = "185.198.188.29"; prefixLength = 31; }]; ipv6.addresses = [{ address = "2a0a:54c0:0:17::2"; prefixLength = 126; }]; }; + interfaces.lo = { + ipv4.addresses = [{ address = "127.0.0.1"; prefixLength = 8; }] ++ ( + map (n: { address = "92.118.29.${toString n}"; prefixLength = 32; }) (lib.range 225 253)); + ipv6.addresses = [{ address = "::1"; prefixLength = 128; }]; + }; firewall.allowPing = true; firewall.allowedTCPPorts = [ 80 443 # HTTP/nginx @@ -142,6 +147,9 @@ in { local = { routerID = "185.198.188.29"; }; + export = { + v4 = ["92.118.28.0/24" "92.118.29.0/24"]; + }; peering = { clouvider = { local = local // { diff --git a/ops/nixos/lib/bgp.nix b/ops/nixos/lib/bgp.nix index ffac25421e..58ae2d4ab3 100644 --- a/ops/nixos/lib/bgp.nix +++ b/ops/nixos/lib/bgp.nix @@ -113,6 +113,20 @@ in { }; }); }; + export = mkOption { # lukegbgp.config.export + type = submodule { + options = { + v4 = mkOption { # lukegbgp.config.export.v4 + type = listOf str; + default = ["92.118.31.0/24"]; + }; + v6 = mkOption { # lukegbgp.config.export.v6 + type = listOf str; + default = ["2a09:a440::/48"]; + }; + }; + }; + }; }; }; }; @@ -151,10 +165,11 @@ in { bgp_ext_community.add((ro, 205479, 2001)); bgp_ext_community.add((ro, 205479, 2002)); bgp_ext_community.add((ro, 205479, 2003)); + bgp_ext_community.add((ro, 205479, 3000)); accept; }; }; - route 92.118.31.0/24 blackhole; + ${lib.concatMapStrings (ip: "route ${ip} blackhole;") config.services.lukegbgp.config.export.v4} }; protocol static export6 { ipv6 { @@ -164,10 +179,11 @@ in { bgp_ext_community.add((ro, 205479, 2001)); bgp_ext_community.add((ro, 205479, 2002)); bgp_ext_community.add((ro, 205479, 2003)); + bgp_ext_community.add((ro, 205479, 3000)); accept; }; }; - route 2a09:a440::/48 blackhole; + ${lib.concatMapStrings (ip: "route ${ip} blackhole;") config.services.lukegbgp.config.export.v6} }; ''; }; @@ -181,4 +197,4 @@ in { "net.ipv6.conf.all.autoconf" = 0; }; }; -} \ No newline at end of file +}