blade-paris/blade-tuvok: add BGP config

This commit is contained in:
Luke Granger-Brown 2021-03-29 11:47:44 +00:00
parent 3ea210e884
commit b559512200
3 changed files with 78 additions and 14 deletions

View file

@ -5,31 +5,55 @@
{ depot, lib, pkgs, rebuilder, config, ... }: { depot, lib, pkgs, rebuilder, config, ... }:
let let
inherit (depot.ops) secrets; inherit (depot.ops) secrets;
internetAddresses = {
v4 = { local = "195.74.55.23"; remote = "195.74.55.22"; };
v6 = {
local = "2a03:ee40:8080:9:2::2";
remote = "2a03:ee40:8080:9:2::1";
};
};
in { in {
imports = [ imports = [
../lib/blade.nix ../lib/blade.nix
../lib/bgp.nix
]; ];
boot.loader.grub.device = "/dev/disk/by-id/usb-USB_SanDisk_3.2Gen1_0101da58c052a35c497ff39f7bd33f46a018bf2f2cd4503e52a89df5e552da8d661f000000000000000000005e0619e7ff90240091558107b6a8e58d-0:0"; boot.loader.grub.device = "/dev/disk/by-id/usb-USB_SanDisk_3.2Gen1_0101da58c052a35c497ff39f7bd33f46a018bf2f2cd4503e52a89df5e552da8d661f000000000000000000005e0619e7ff90240091558107b6a8e58d-0:0";
services.lukegbgp = {
enable = true;
config = {
local.routerID = internetAddresses.v4.local;
peering.veloxserv = {
local = {
asn = 205479;
v4 = internetAddresses.v4.local;
v6 = internetAddresses.v6.local;
};
remote = {
asn = 3170;
export_community = 4001;
routers = [{ v4 = internetAddresses.v4.remote; v6 = internetAddresses.v6.remote; }];
};
};
};
};
# Networking! # Networking!
networking = { networking = {
hostName = "blade-paris"; hostName = "blade-paris";
hostId = "41b2a198"; hostId = "41b2a198";
interfaces.br-public.ipv4.addresses = [{
address = "92.118.28.1";
prefixLength = 24;
}];
interfaces.en-internet.ipv4.addresses = [{ interfaces.en-internet.ipv4.addresses = [{
address = "195.74.55.23"; address = internetAddresses.v4.local;
prefixLength = 31; prefixLength = 31;
}]; }];
interfaces.en-internet.ipv6.addresses = [{ interfaces.en-internet.ipv6.addresses = [{
address = "2a03:ee40:8080:9:2::2"; address = internetAddresses.v6.local;
prefixLength = 126; prefixLength = 126;
}]; }];
defaultGateway = "195.74.55.22"; defaultGateway = internetAddresses.v4.remote;
defaultGateway6 = "2a03:ee40:8080:9:2::1"; defaultGateway6 = internetAddresses.v6.remote;
firewall.extraCommands = "iptables -A INPUT -p vrrp -i br-mgmt -j ACCEPT"; firewall.extraCommands = "iptables -A INPUT -p vrrp -i br-mgmt -j ACCEPT";
}; };
my.ip.tailscale = "100.117.185.118"; my.ip.tailscale = "100.117.185.118";
@ -55,7 +79,10 @@ in {
interface = "br-mgmt"; interface = "br-mgmt";
state = "MASTER"; state = "MASTER";
priority = 100; priority = 100;
virtualIps = [{ addr = "10.100.0.1/23"; }]; virtualIps = [
{ addr = "10.100.0.1/23"; }
{ addr = "92.118.28.1/24"; dev = "br-public"; }
];
virtualRouterId = 1; virtualRouterId = 1;
}; };
}; };

View file

@ -5,28 +5,56 @@
{ depot, lib, pkgs, rebuilder, config, ... }: { depot, lib, pkgs, rebuilder, config, ... }:
let let
inherit (depot.ops) secrets; inherit (depot.ops) secrets;
internetAddresses = {
v4 = { local = "195.74.55.21"; remote = "195.74.55.20"; };
v6 = {
local = "2a03:ee40:8080:9:1::2";
remote = "2a03:ee40:8080:9:1::1";
};
};
in { in {
imports = [ imports = [
../lib/bgp.nix
../lib/blade.nix ../lib/blade.nix
../lib/fup.nix ../lib/fup.nix
]; ];
boot.loader.grub.device = "/dev/disk/by-id/usb-USB_SanDisk_3.2Gen1_0101cabb1ebdbdc0fd7b18edd207d43717c39c4a59d1b138b363e315841eca15743400000000000000000000443273100087260091558107b6a8e06e-0:0"; boot.loader.grub.device = "/dev/disk/by-id/usb-USB_SanDisk_3.2Gen1_0101cabb1ebdbdc0fd7b18edd207d43717c39c4a59d1b138b363e315841eca15743400000000000000000000443273100087260091558107b6a8e06e-0:0";
services.lukegbgp = {
enable = true;
config = {
local.routerID = internetAddresses.v4.local;
peering.veloxserv = {
local = {
asn = 205479;
v4 = internetAddresses.v4.local;
v6 = internetAddresses.v6.local;
};
remote = {
asn = 3170;
export_community = 4001;
routers = [{ v4 = internetAddresses.v4.remote; v6 = internetAddresses.v6.remote; }];
};
};
};
};
# Networking! # Networking!
networking = { networking = {
hostName = "blade-tuvok"; hostName = "blade-tuvok";
hostId = "525229f7"; hostId = "525229f7";
interfaces.en-internet.ipv4.addresses = [{ interfaces.en-internet.ipv4.addresses = [{
address = "195.74.55.21"; address = internetAddresses.v4.local;
prefixLength = 31; prefixLength = 31;
}]; }];
interfaces.en-internet.ipv6.addresses = [{ interfaces.en-internet.ipv6.addresses = [{
address = "2a03:ee40:8080:9:1::2"; address = internetAddresses.v6.local;
prefixLength = 126; prefixLength = 126;
}]; }];
defaultGateway = "195.74.55.20"; defaultGateway = internetAddresses.v4.remote;
defaultGateway6 = "2a03:ee40:8080:9:1::1"; defaultGateway6 = internetAddresses.v6.remote;
firewall.allowedTCPPorts = [ 80 443 ]; firewall.allowedTCPPorts = [ 80 443 ];
firewall.extraCommands = "iptables -A INPUT -p vrrp -i br-mgmt -j ACCEPT"; firewall.extraCommands = "iptables -A INPUT -p vrrp -i br-mgmt -j ACCEPT";
}; };
@ -86,7 +114,10 @@ in {
interface = "br-mgmt"; interface = "br-mgmt";
state = "MASTER"; state = "MASTER";
priority = 50; priority = 50;
virtualIps = [{ addr = "10.100.0.1/23"; }]; virtualIps = [
{ addr = "10.100.0.1/23"; }
{ addr = "92.118.28.1/24"; dev = "br-public"; }
];
virtualRouterId = 1; virtualRouterId = 1;
}; };
}; };

View file

@ -167,6 +167,9 @@ in {
bgp_ext_community.add((ro, 205479, 2002)); bgp_ext_community.add((ro, 205479, 2002));
bgp_ext_community.add((ro, 205479, 2003)); bgp_ext_community.add((ro, 205479, 2003));
bgp_ext_community.add((ro, 205479, 3000)); bgp_ext_community.add((ro, 205479, 3000));
bgp_ext_community.add((ro, 205479, 4000));
bgp_ext_community.add((ro, 205479, 4001));
bgp_ext_community.add((ro, 205479, 4002));
accept; accept;
}; };
}; };
@ -181,6 +184,9 @@ in {
bgp_ext_community.add((ro, 205479, 2002)); bgp_ext_community.add((ro, 205479, 2002));
bgp_ext_community.add((ro, 205479, 2003)); bgp_ext_community.add((ro, 205479, 2003));
bgp_ext_community.add((ro, 205479, 3000)); bgp_ext_community.add((ro, 205479, 3000));
bgp_ext_community.add((ro, 205479, 4000));
bgp_ext_community.add((ro, 205479, 4001));
bgp_ext_community.add((ro, 205479, 4002));
accept; accept;
}; };
}; };