nixos/bgp: add internal exports

2024-04-04 22:51:40 +00:00 · 2024-04-04 22:51:40 +00:00 · ed0d0fa3c8
commit ed0d0fa3c8
parent 761465b393
1 changed files with 43 additions and 0 deletions
--- a/ops/nixos/lib/bgp.nix
+++ b/ops/nixos/lib/bgp.nix
@ -266,6 +266,29 @@ in {
              };
            };
          };
+          internal.export = mkOption {
+            default = { v4 = []; v6 = []; };
+            type = submodule {
+              options = {
+                v4 = mkOption { # lukegbgp.config.internal.export.v4
+                  type = listOf str;
+                  default = [];
+                };
+                v4Extra = mkOption { #lukegbgp.config.internal.export.v4Extra
+                  type = lines;
+                  default = "";
+                };
+                v6 = mkOption { # lukegbgp.config.internal.export.v6
+                  type = listOf str;
+                  default = [];
+                };
+                v6Extra = mkOption { #lukegbgp.config.internal.export.v6Extra
+                  type = lines;
+                  default = "";
+                };
+              };
+            };
+          };
          bfd = mkOption { # lukegbgp.config.bfd
            type = lines;
            default = "";
@ -380,6 +403,16 @@ in {
          ${lib.concatMapStrings (ip: "route ${ip} blackhole;") config.services.lukegbgp.config.export.v4}
          ${config.services.lukegbgp.config.export.v4Extra}
        };
+        protocol static exportinternal4 {
+          ipv4 {
+            import filter {
+              bgp_ext_community.add((ro, 205479, 10));  # internal only
+              accept;
+            };
+          };
+          ${lib.concatMapStrings (ip: "route ${ip} blackhole;") config.services.lukegbgp.config.internal.export.v4}
+          ${config.services.lukegbgp.config.internal.export.v4Extra}
+        };
        protocol static export6 {
          ipv6 {
            import filter {
@ -414,6 +447,16 @@ in {
          ${lib.concatMapStrings (ip: "route ${ip} blackhole;") config.services.lukegbgp.config.export.v6}
          ${config.services.lukegbgp.config.export.v6Extra}
        };
+        protocol static exportinternal6 {
+          ipv6 {
+            import filter {
+              bgp_ext_community.add((ro, 205479, 10));  # internal only
+              accept;
+            };
+          };
+          ${lib.concatMapStrings (ip: "route ${ip} blackhole;") config.services.lukegbgp.config.internal.export.v6}
+          ${config.services.lukegbgp.config.internal.export.v6Extra}
+        };

        protocol bfd {
          ${config.services.lukegbgp.config.bfd}