blade-paris/blade-tuvok: add BGP config
This commit is contained in:
parent
3ea210e884
commit
b559512200
3 changed files with 78 additions and 14 deletions
|
@ -5,31 +5,55 @@
|
||||||
{ depot, lib, pkgs, rebuilder, config, ... }:
|
{ depot, lib, pkgs, rebuilder, config, ... }:
|
||||||
let
|
let
|
||||||
inherit (depot.ops) secrets;
|
inherit (depot.ops) secrets;
|
||||||
|
|
||||||
|
internetAddresses = {
|
||||||
|
v4 = { local = "195.74.55.23"; remote = "195.74.55.22"; };
|
||||||
|
v6 = {
|
||||||
|
local = "2a03:ee40:8080:9:2::2";
|
||||||
|
remote = "2a03:ee40:8080:9:2::1";
|
||||||
|
};
|
||||||
|
};
|
||||||
in {
|
in {
|
||||||
imports = [
|
imports = [
|
||||||
../lib/blade.nix
|
../lib/blade.nix
|
||||||
|
../lib/bgp.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
boot.loader.grub.device = "/dev/disk/by-id/usb-USB_SanDisk_3.2Gen1_0101da58c052a35c497ff39f7bd33f46a018bf2f2cd4503e52a89df5e552da8d661f000000000000000000005e0619e7ff90240091558107b6a8e58d-0:0";
|
boot.loader.grub.device = "/dev/disk/by-id/usb-USB_SanDisk_3.2Gen1_0101da58c052a35c497ff39f7bd33f46a018bf2f2cd4503e52a89df5e552da8d661f000000000000000000005e0619e7ff90240091558107b6a8e58d-0:0";
|
||||||
|
|
||||||
|
services.lukegbgp = {
|
||||||
|
enable = true;
|
||||||
|
config = {
|
||||||
|
local.routerID = internetAddresses.v4.local;
|
||||||
|
peering.veloxserv = {
|
||||||
|
local = {
|
||||||
|
asn = 205479;
|
||||||
|
v4 = internetAddresses.v4.local;
|
||||||
|
v6 = internetAddresses.v6.local;
|
||||||
|
};
|
||||||
|
remote = {
|
||||||
|
asn = 3170;
|
||||||
|
export_community = 4001;
|
||||||
|
routers = [{ v4 = internetAddresses.v4.remote; v6 = internetAddresses.v6.remote; }];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
# Networking!
|
# Networking!
|
||||||
networking = {
|
networking = {
|
||||||
hostName = "blade-paris";
|
hostName = "blade-paris";
|
||||||
hostId = "41b2a198";
|
hostId = "41b2a198";
|
||||||
interfaces.br-public.ipv4.addresses = [{
|
|
||||||
address = "92.118.28.1";
|
|
||||||
prefixLength = 24;
|
|
||||||
}];
|
|
||||||
interfaces.en-internet.ipv4.addresses = [{
|
interfaces.en-internet.ipv4.addresses = [{
|
||||||
address = "195.74.55.23";
|
address = internetAddresses.v4.local;
|
||||||
prefixLength = 31;
|
prefixLength = 31;
|
||||||
}];
|
}];
|
||||||
interfaces.en-internet.ipv6.addresses = [{
|
interfaces.en-internet.ipv6.addresses = [{
|
||||||
address = "2a03:ee40:8080:9:2::2";
|
address = internetAddresses.v6.local;
|
||||||
prefixLength = 126;
|
prefixLength = 126;
|
||||||
}];
|
}];
|
||||||
defaultGateway = "195.74.55.22";
|
defaultGateway = internetAddresses.v4.remote;
|
||||||
defaultGateway6 = "2a03:ee40:8080:9:2::1";
|
defaultGateway6 = internetAddresses.v6.remote;
|
||||||
firewall.extraCommands = "iptables -A INPUT -p vrrp -i br-mgmt -j ACCEPT";
|
firewall.extraCommands = "iptables -A INPUT -p vrrp -i br-mgmt -j ACCEPT";
|
||||||
};
|
};
|
||||||
my.ip.tailscale = "100.117.185.118";
|
my.ip.tailscale = "100.117.185.118";
|
||||||
|
@ -55,7 +79,10 @@ in {
|
||||||
interface = "br-mgmt";
|
interface = "br-mgmt";
|
||||||
state = "MASTER";
|
state = "MASTER";
|
||||||
priority = 100;
|
priority = 100;
|
||||||
virtualIps = [{ addr = "10.100.0.1/23"; }];
|
virtualIps = [
|
||||||
|
{ addr = "10.100.0.1/23"; }
|
||||||
|
{ addr = "92.118.28.1/24"; dev = "br-public"; }
|
||||||
|
];
|
||||||
virtualRouterId = 1;
|
virtualRouterId = 1;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
@ -5,28 +5,56 @@
|
||||||
{ depot, lib, pkgs, rebuilder, config, ... }:
|
{ depot, lib, pkgs, rebuilder, config, ... }:
|
||||||
let
|
let
|
||||||
inherit (depot.ops) secrets;
|
inherit (depot.ops) secrets;
|
||||||
|
|
||||||
|
internetAddresses = {
|
||||||
|
v4 = { local = "195.74.55.21"; remote = "195.74.55.20"; };
|
||||||
|
v6 = {
|
||||||
|
local = "2a03:ee40:8080:9:1::2";
|
||||||
|
remote = "2a03:ee40:8080:9:1::1";
|
||||||
|
};
|
||||||
|
};
|
||||||
in {
|
in {
|
||||||
imports = [
|
imports = [
|
||||||
|
../lib/bgp.nix
|
||||||
../lib/blade.nix
|
../lib/blade.nix
|
||||||
../lib/fup.nix
|
../lib/fup.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
boot.loader.grub.device = "/dev/disk/by-id/usb-USB_SanDisk_3.2Gen1_0101cabb1ebdbdc0fd7b18edd207d43717c39c4a59d1b138b363e315841eca15743400000000000000000000443273100087260091558107b6a8e06e-0:0";
|
boot.loader.grub.device = "/dev/disk/by-id/usb-USB_SanDisk_3.2Gen1_0101cabb1ebdbdc0fd7b18edd207d43717c39c4a59d1b138b363e315841eca15743400000000000000000000443273100087260091558107b6a8e06e-0:0";
|
||||||
|
|
||||||
|
services.lukegbgp = {
|
||||||
|
enable = true;
|
||||||
|
config = {
|
||||||
|
local.routerID = internetAddresses.v4.local;
|
||||||
|
peering.veloxserv = {
|
||||||
|
local = {
|
||||||
|
asn = 205479;
|
||||||
|
v4 = internetAddresses.v4.local;
|
||||||
|
v6 = internetAddresses.v6.local;
|
||||||
|
};
|
||||||
|
remote = {
|
||||||
|
asn = 3170;
|
||||||
|
export_community = 4001;
|
||||||
|
routers = [{ v4 = internetAddresses.v4.remote; v6 = internetAddresses.v6.remote; }];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
# Networking!
|
# Networking!
|
||||||
networking = {
|
networking = {
|
||||||
hostName = "blade-tuvok";
|
hostName = "blade-tuvok";
|
||||||
hostId = "525229f7";
|
hostId = "525229f7";
|
||||||
interfaces.en-internet.ipv4.addresses = [{
|
interfaces.en-internet.ipv4.addresses = [{
|
||||||
address = "195.74.55.21";
|
address = internetAddresses.v4.local;
|
||||||
prefixLength = 31;
|
prefixLength = 31;
|
||||||
}];
|
}];
|
||||||
interfaces.en-internet.ipv6.addresses = [{
|
interfaces.en-internet.ipv6.addresses = [{
|
||||||
address = "2a03:ee40:8080:9:1::2";
|
address = internetAddresses.v6.local;
|
||||||
prefixLength = 126;
|
prefixLength = 126;
|
||||||
}];
|
}];
|
||||||
defaultGateway = "195.74.55.20";
|
defaultGateway = internetAddresses.v4.remote;
|
||||||
defaultGateway6 = "2a03:ee40:8080:9:1::1";
|
defaultGateway6 = internetAddresses.v6.remote;
|
||||||
firewall.allowedTCPPorts = [ 80 443 ];
|
firewall.allowedTCPPorts = [ 80 443 ];
|
||||||
firewall.extraCommands = "iptables -A INPUT -p vrrp -i br-mgmt -j ACCEPT";
|
firewall.extraCommands = "iptables -A INPUT -p vrrp -i br-mgmt -j ACCEPT";
|
||||||
};
|
};
|
||||||
|
@ -86,7 +114,10 @@ in {
|
||||||
interface = "br-mgmt";
|
interface = "br-mgmt";
|
||||||
state = "MASTER";
|
state = "MASTER";
|
||||||
priority = 50;
|
priority = 50;
|
||||||
virtualIps = [{ addr = "10.100.0.1/23"; }];
|
virtualIps = [
|
||||||
|
{ addr = "10.100.0.1/23"; }
|
||||||
|
{ addr = "92.118.28.1/24"; dev = "br-public"; }
|
||||||
|
];
|
||||||
virtualRouterId = 1;
|
virtualRouterId = 1;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
@ -167,6 +167,9 @@ in {
|
||||||
bgp_ext_community.add((ro, 205479, 2002));
|
bgp_ext_community.add((ro, 205479, 2002));
|
||||||
bgp_ext_community.add((ro, 205479, 2003));
|
bgp_ext_community.add((ro, 205479, 2003));
|
||||||
bgp_ext_community.add((ro, 205479, 3000));
|
bgp_ext_community.add((ro, 205479, 3000));
|
||||||
|
bgp_ext_community.add((ro, 205479, 4000));
|
||||||
|
bgp_ext_community.add((ro, 205479, 4001));
|
||||||
|
bgp_ext_community.add((ro, 205479, 4002));
|
||||||
accept;
|
accept;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
@ -181,6 +184,9 @@ in {
|
||||||
bgp_ext_community.add((ro, 205479, 2002));
|
bgp_ext_community.add((ro, 205479, 2002));
|
||||||
bgp_ext_community.add((ro, 205479, 2003));
|
bgp_ext_community.add((ro, 205479, 2003));
|
||||||
bgp_ext_community.add((ro, 205479, 3000));
|
bgp_ext_community.add((ro, 205479, 3000));
|
||||||
|
bgp_ext_community.add((ro, 205479, 4000));
|
||||||
|
bgp_ext_community.add((ro, 205479, 4001));
|
||||||
|
bgp_ext_community.add((ro, 205479, 4002));
|
||||||
accept;
|
accept;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
Loading…
Reference in a new issue