forked from hswaw/hscloud
bgpwtf: edge01: repurpose wireguard tunnel for fmt
Change-Id: Ib36048a83641b62210ad0d63b7b7ecda999da542 Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1201 Reviewed-by: q3k <q3k@hackerspace.pl>
This commit is contained in:
parent
767f031898
commit
82fc1318e2
2 changed files with 38 additions and 22 deletions
|
@ -65,7 +65,7 @@ in rec {
|
|||
};
|
||||
|
||||
networking.wireguard.interfaces = {
|
||||
wg-camp = {
|
||||
wg-fmt = {
|
||||
ips = [
|
||||
"185.236.240.68/31"
|
||||
"2a0d:eb00:2137:1::e/127"
|
||||
|
@ -73,35 +73,20 @@ in rec {
|
|||
allowedIPsAsRoutes = false;
|
||||
listenPort = 51820;
|
||||
generatePrivateKeyFile = true;
|
||||
privateKeyFile = "/root/camp-wg";
|
||||
privateKeyFile = "/root/fmt-wg";
|
||||
peers = [
|
||||
{
|
||||
publicKey = "TbXDHeHwT4/xQ1+l4HH9EzbYUUCU4Pk/r0nsGSw+qUc=";
|
||||
publicKey = "zxL/1Jr0LLwJwXDm8ZOWkuY3ZkHO3sC7TdSBh89CsWc=";
|
||||
allowedIPs = [
|
||||
"185.236.240.69/32"
|
||||
"185.236.241.0/24"
|
||||
"2a0d:eb00:8007::/48"
|
||||
"2a0d:eb00:2137:1::f/128"
|
||||
"0.0.0.0/0"
|
||||
"::/0"
|
||||
];
|
||||
endpoint = "[2a00:6340:4000:10::10]:41521";
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
hscloud.routing.static.v6.camp = {
|
||||
table = "aggregate";
|
||||
address = "2a0d:eb00:8007::";
|
||||
prefixLength = 48;
|
||||
via = "2a0d:eb00:2137:1::f";
|
||||
};
|
||||
hscloud.routing.static.v4.camp = {
|
||||
table = "aggregate";
|
||||
address = "185.236.241.0";
|
||||
prefixLength = 24;
|
||||
via = "185.236.240.69";
|
||||
};
|
||||
|
||||
|
||||
hscloud.renameInterfaces = {
|
||||
# Link to Nitronet CPE.
|
||||
e1-nnet.mac = "ac:1f:6b:1c:d7:ae";
|
||||
|
@ -222,6 +207,12 @@ in rec {
|
|||
# Default gateway via us, exposed into aggregated table.
|
||||
v4.default = { table = "aggregate"; address = "0.0.0.0"; prefixLength = 0; };
|
||||
v6.default = { table = "aggregate"; address = "::"; prefixLength = 0; };
|
||||
|
||||
# Loopbacks for IGP table.
|
||||
# Alternatively we could add 'lo' as a stub interface into IGP OSPF, but
|
||||
# that would also add 127.0.0.1...
|
||||
v4.loopbacks = { table = "igp"; address = "185.236.240.1"; prefixLength = 32; };
|
||||
v6.loopbacks = { table = "igp"; address = "2a0d:eb00:2137::1"; prefixLength = 128; };
|
||||
};
|
||||
hscloud.routing.pipe = let
|
||||
copySourcesToKernel = sources: table: extra: {
|
||||
|
@ -277,6 +268,21 @@ in rec {
|
|||
if net ~ [ 185.236.240.72/29+ ] then accept;
|
||||
'';
|
||||
};
|
||||
hscloud.routing.ospf.v6.igp = {
|
||||
area."0.0.0.0".interfaces = {
|
||||
"wg-fmt" = {
|
||||
type = "ptmp";
|
||||
neighbors = [
|
||||
"2a0d:eb00:2137:1::f"
|
||||
];
|
||||
};
|
||||
};
|
||||
table = "igp";
|
||||
filterIn = ''
|
||||
# fmt networks
|
||||
if net ~ [ 2a0d:eb01::/48+ ] then accept;
|
||||
'';
|
||||
};
|
||||
|
||||
hscloud.routing.bgpSessions.v4 = let
|
||||
filterInUpstream = ''
|
||||
|
|
|
@ -140,6 +140,9 @@ let
|
|||
default = false;
|
||||
description = "Interface is stub (do not HELLO).";
|
||||
};
|
||||
neighbors = mkOption {
|
||||
type = listOf str;
|
||||
};
|
||||
};
|
||||
});
|
||||
description = "Interface configuration";
|
||||
|
@ -160,11 +163,18 @@ let
|
|||
ip = if v4 then "4" else "6";
|
||||
name = "ospf_${af}_${n}";
|
||||
|
||||
interfaces = mapAttrsToList (iface: ifaceConfig: ''
|
||||
interfaces = mapAttrsToList (iface: ifaceConfig: let
|
||||
neighbors = ''
|
||||
neighbors {
|
||||
${concatStringsSep "\n" (map (n: "${n};") ifaceConfig.neighbors)}
|
||||
};
|
||||
'';
|
||||
in ''
|
||||
interface "${iface}" {
|
||||
type ${ifaceConfig.type};
|
||||
cost ${toString ifaceConfig.cost};
|
||||
${if ifaceConfig.stub then "stub yes;" else ""}
|
||||
${if ifaceConfig.type == "ptmp" then neighbors else ""}
|
||||
};
|
||||
'');
|
||||
areas = mapAttrsToList (area: areaConfig: ''
|
||||
|
|
Loading…
Reference in a new issue