{ lib, config, ... }: let local = { asn = 205479; }; peering = { ixvm = { local = local // { v4 = "141.98.136.124"; v6 = "2a09:11c0:f1:bc0b::2"; }; remote = { asn = 209844; export_community = 2000; routers = [{ v4 = "141.98.136.97"; v6 = "2a09:11c0:f1:bc0b::1"; } { v4 = "141.98.136.126"; v6 = "2a09:11c0:f1:bc0b::3"; }]; }; }; kleyrex = { local = local // { v4 = "193.189.83.41"; v6 = "2001:7f8:33::a120:5479:1"; }; remote = { asn = 31142; export_community = 2001; routers = [{ v4 = "193.189.82.251"; v6 = "2001:7f8:33::a103:1142:1"; } { v4 = "193.189.82.252"; v6 = "2001:7f8:33::a103:1142:2"; } { v4 = "193.189.82.253"; v6 = "2001:7f8:33::a103:1142:3"; }]; }; }; locix = { local = local // { v4 = "185.1.166.219"; v6 = "2001:7f8:f2:e1::a20:5479:1"; }; remote = { asn = 202409; export_community = 2002; routers = [{ v4 = "185.1.166.100"; v6 = "2001:7f8:f2:e1::babe:1"; } { v4 = "185.1.166.200"; v6 = "2001:7f8:f2:e1::dead:1"; } { v4 = "185.1.166.254"; v6 = "2001:7f8:f2:e1::be5a"; }]; }; }; nlix = { local = local // { v4 = "193.239.118.225"; v6 = "2001:7f8:13::a520:5479:1"; }; remote = { asn = 34307; export_community = 2003; routers = [{ v4 = "193.239.116.255"; v6 = "2001:7f8:13::a503:4307:1"; } { enabled = false; v4 = "193.239.117.0"; v6 = "2001:7f8:13::a503:4307:2"; }]; }; }; }; generateSnippet = base: args: lib.concatStringsSep "\n" (lib.mapAttrsToList ( ixName: ix: generateSnippetForIX (args // { ixName = ixName; ix = ix; }) ) base ); generateSnippetForIX = { ixName, ix, ... }@args: '' ipv4 table ${ixName}4; ipv6 table ${ixName}6; protocol pipe ${ixName}pipe_4 { table ${ixName}4; peer table master4; import where ((ro, 205479, ${toString ix.remote.export_community}) ~ bgp_ext_community); export all; }; protocol pipe ${ixName}pipe_6 { table ${ixName}6; peer table master6; import where ((ro, 205479, ${toString ix.remote.export_community}) ~ bgp_ext_community); export all; }; '' + lib.concatImapStringsSep "\n" ( i: v: generateSnippetForRouter (args // { routerNum = i; router = v; }) ) ix.remote.routers; enabledSnippet = { enabled ? true, ... }: "disabled ${if enabled then "off" else "on"}"; generateSnippetForRouter = { ixName, ix, routerNum, router, ... }: '' protocol bgp ${ixName}${toString routerNum}_4 { ${enabledSnippet router}; local ${ix.local.v4} as ${toString ix.local.asn}; neighbor ${router.v4} as ${toString ix.remote.asn}; ipv4 { table ${ixName}4; import all; export where ((ro, 205479, 1000) ~ bgp_ext_community); }; }; protocol bgp ${ixName}${toString routerNum}_6 { ${enabledSnippet router}; local ${ix.local.v6} as ${toString ix.local.asn}; neighbor ${router.v6} as ${toString ix.remote.asn}; ipv6 { table ${ixName}6; import all; export where ((ro, 205479, 1000) ~ bgp_ext_community); }; }; ''; in { services.bird2 = { enable = true; config = '' router id 141.98.136.124; ${generateSnippet peering {}} protocol kernel { persist; ipv4 { import none; export all; }; }; protocol kernel { persist; ipv6 { import none; export all; }; }; protocol device { }; protocol static export4 { ipv4 { import filter { bgp_ext_community.add((ro, 205479, 1000)); bgp_ext_community.add((ro, 205479, 2000)); bgp_ext_community.add((ro, 205479, 2001)); bgp_ext_community.add((ro, 205479, 2002)); bgp_ext_community.add((ro, 205479, 2003)); accept; }; }; route 92.118.31.0/24 blackhole; }; protocol static export6 { ipv6 { import filter { bgp_ext_community.add((ro, 205479, 1000)); bgp_ext_community.add((ro, 205479, 2000)); bgp_ext_community.add((ro, 205479, 2001)); bgp_ext_community.add((ro, 205479, 2002)); bgp_ext_community.add((ro, 205479, 2003)); accept; }; }; route 2a09:a440::/48 blackhole; }; ''; }; networking.firewall.allowedTCPPorts = lib.mkAfter [ 179 ]; }