diff --git a/ops/nixos/ixvm-fra01/bird.nix b/ops/nixos/ixvm-fra01/bird.nix new file mode 100644 index 0000000000..c878bcd351 --- /dev/null +++ b/ops/nixos/ixvm-fra01/bird.nix @@ -0,0 +1,115 @@ +{ lib, config, ... }: +let + local = { + asn = 205479; + }; + peering = { + ixvm = { + local = local // { + v4 = "141.98.136.124"; + v6 = "2a09:11c0:f1:bc0b::2"; + }; + remote = { + asn = 209844; + routers = [{ + v4 = "141.98.136.97"; + v6 = "2a09:11c0:f1:bc0b::1"; + } { + v4 = "141.98.136.126"; + v6 = "2a09:11c0:f1:bc0b::3"; + }]; + }; + }; + kleyrex = { + local = local // { + v4 = "193.189.83.41"; + v6 = "2001:7f8:33::a120:5479:1"; + }; + remote = { + asn = 31142; + routers = [{ + v4 = "193.189.82.251"; + v6 = "2001:7f8:33::a103:1142:1"; + } { + v4 = "193.189.82.252"; + v6 = "2001:7f8:33::a103:1142:2"; + } { + v4 = "193.189.82.253"; + v6 = "2001:7f8:33::a103:1142:3"; + }]; + }; + }; + locix = { + local = local // { + v4 = "185.1.166.219"; + v6 = "2001:7f8:f2:e1::a20:5479:1"; + }; + remote = { + asn = 202409; + routers = [{ + v4 = "185.1.166.100"; + v6 = "2001:7f8:f2:e1::babe:1"; + } { + v4 = "185.1.166.200"; + v6 = "2001:7f8:f2:e1::dead:1"; + } { + v4 = "185.1.166.254"; + v6 = "2001:7f8:f2:e1::be5a"; + }]; + }; + }; + nlix = { + local = local // { + v4 = "193.239.118.225"; + v6 = "2001:7f8:13::a520:5479:1"; + }; + remote = { + asn = 34307; + routers = [{ + v4 = "193.239.116.255"; + v6 = "2001:7f8:13::a503:4307:1"; + } { + enabled = false; + v4 = "193.239.117.0"; + v6 = "2001:7f8:13::a503:4307:2"; + }]; + }; + }; + }; + generateSnippet = base: args: lib.concatStringsSep "\n" (lib.mapAttrsToList ( ixName: ix: generateSnippetForIX (args // { ixName = ixName; ix = ix; }) ) base ); + generateSnippetForIX = { ixName, ix, ... }@args: '' + ipv4 table ${ixName}4; + ipv6 table ${ixName}6; + '' + lib.concatImapStringsSep "\n" ( i: v: generateSnippetForRouter (args // { routerNum = i; router = v; }) ) ix.remote.routers; + generateSnippetForRouter = { ixName, ix, routerNum, router, ... }: '' + protocol bgp ${ixName}${toString routerNum}_4 { + local ${ix.local.v4} as ${toString ix.local.asn}; + neighbor ${router.v4} as ${toString ix.remote.asn}; + ipv4 { + table ${ixName}4; + import all; + export none; + }; + }; + protocol bgp ${ixName}${toString routerNum}_6 { + local ${ix.local.v6} as ${toString ix.local.asn}; + neighbor ${router.v6} as ${toString ix.remote.asn}; + ipv6 { + table ${ixName}6; + import all; + export none; + }; + }; + ''; +in { + services.bird2 = { + enable = true; + config = '' + router id 141.98.136.124; + + ${generateSnippet peering {}} + ''; + }; + + networking.firewall.allowedTCPPorts = lib.mkAfter [ 179 ]; +} diff --git a/ops/nixos/ixvm-fra01/default.nix b/ops/nixos/ixvm-fra01/default.nix index f7e2c04ed3..8c60957c0b 100644 --- a/ops/nixos/ixvm-fra01/default.nix +++ b/ops/nixos/ixvm-fra01/default.nix @@ -3,6 +3,8 @@ let inherit (depot.ops) secrets; in { + imports = [ ./bird.nix ]; + boot.initrd.availableKernelModules = [ "ata_piix" "vmw_pvscsi" @@ -113,8 +115,6 @@ in { services.openssh.enable = true; networking.firewall = { - # allowedTCPPorts = []; - # allowedUDPPorts = []; allowPing = true; };