diff --git a/ops/nixos/lib/bgp.nix b/ops/nixos/lib/bgp.nix index d4653b1813..123fb55f60 100644 --- a/ops/nixos/lib/bgp.nix +++ b/ops/nixos/lib/bgp.nix @@ -266,6 +266,29 @@ in { }; }; }; + internal.export = mkOption { + default = { v4 = []; v6 = []; }; + type = submodule { + options = { + v4 = mkOption { # lukegbgp.config.internal.export.v4 + type = listOf str; + default = []; + }; + v4Extra = mkOption { #lukegbgp.config.internal.export.v4Extra + type = lines; + default = ""; + }; + v6 = mkOption { # lukegbgp.config.internal.export.v6 + type = listOf str; + default = []; + }; + v6Extra = mkOption { #lukegbgp.config.internal.export.v6Extra + type = lines; + default = ""; + }; + }; + }; + }; bfd = mkOption { # lukegbgp.config.bfd type = lines; default = ""; @@ -380,6 +403,16 @@ in { ${lib.concatMapStrings (ip: "route ${ip} blackhole;") config.services.lukegbgp.config.export.v4} ${config.services.lukegbgp.config.export.v4Extra} }; + protocol static exportinternal4 { + ipv4 { + import filter { + bgp_ext_community.add((ro, 205479, 10)); # internal only + accept; + }; + }; + ${lib.concatMapStrings (ip: "route ${ip} blackhole;") config.services.lukegbgp.config.internal.export.v4} + ${config.services.lukegbgp.config.internal.export.v4Extra} + }; protocol static export6 { ipv6 { import filter { @@ -414,6 +447,16 @@ in { ${lib.concatMapStrings (ip: "route ${ip} blackhole;") config.services.lukegbgp.config.export.v6} ${config.services.lukegbgp.config.export.v6Extra} }; + protocol static exportinternal6 { + ipv6 { + import filter { + bgp_ext_community.add((ro, 205479, 10)); # internal only + accept; + }; + }; + ${lib.concatMapStrings (ip: "route ${ip} blackhole;") config.services.lukegbgp.config.internal.export.v6} + ${config.services.lukegbgp.config.internal.export.v6Extra} + }; protocol bfd { ${config.services.lukegbgp.config.bfd}