bgpwtf: edge01: repurpose wireguard tunnel for fmt

Change-Id: Ib36048a83641b62210ad0d63b7b7ecda999da542 Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1201 Reviewed-by: q3k <q3k@hackerspace.pl>
2021-12-08 14:09:51 +00:00 · 2021-12-08 14:09:51 +00:00 · 82fc1318e2
commit 82fc1318e2
parent 767f031898
2 changed files with 38 additions and 22 deletions
--- a/bgpwtf/machines/edge01.waw.bgp.wtf.nix
+++ b/bgpwtf/machines/edge01.waw.bgp.wtf.nix
@ -65,7 +65,7 @@ in rec {
  };

  networking.wireguard.interfaces = {
-    wg-camp = {
+    wg-fmt = {
      ips = [
        "185.236.240.68/31"
        "2a0d:eb00:2137:1::e/127"
@ -73,35 +73,20 @@ in rec {
      allowedIPsAsRoutes = false;
      listenPort = 51820;
      generatePrivateKeyFile = true;
-      privateKeyFile = "/root/camp-wg";
+      privateKeyFile = "/root/fmt-wg";
      peers = [
        {
-          publicKey = "TbXDHeHwT4/xQ1+l4HH9EzbYUUCU4Pk/r0nsGSw+qUc=";
+          publicKey = "zxL/1Jr0LLwJwXDm8ZOWkuY3ZkHO3sC7TdSBh89CsWc=";
          allowedIPs = [
-            "185.236.240.69/32"
-            "185.236.241.0/24"
-            "2a0d:eb00:8007::/48"
-            "2a0d:eb00:2137:1::f/128"
+            "0.0.0.0/0"
+            "::/0"
          ];
+          endpoint = "[2a00:6340:4000:10::10]:41521";
        }
      ];
    };
  };

-  hscloud.routing.static.v6.camp = {
-    table = "aggregate";
-    address = "2a0d:eb00:8007::";
-    prefixLength = 48;
-    via = "2a0d:eb00:2137:1::f";
-  };
-  hscloud.routing.static.v4.camp = {
-    table = "aggregate";
-    address = "185.236.241.0";
-    prefixLength = 24;
-    via = "185.236.240.69";
-  };
-
-
  hscloud.renameInterfaces = {
    # Link to Nitronet CPE.
    e1-nnet.mac = "ac:1f:6b:1c:d7:ae";
@ -222,6 +207,12 @@ in rec {
    # Default gateway via us, exposed into aggregated table.
    v4.default = { table = "aggregate"; address = "0.0.0.0"; prefixLength = 0; };
    v6.default = { table = "aggregate"; address = "::"; prefixLength = 0; };
+
+    # Loopbacks for IGP table.
+    # Alternatively we could add 'lo' as a stub interface into IGP OSPF, but
+    # that would also add 127.0.0.1...
+    v4.loopbacks = { table = "igp"; address = "185.236.240.1"; prefixLength = 32; };
+    v6.loopbacks = { table = "igp"; address = "2a0d:eb00:2137::1"; prefixLength = 128; };
  };
  hscloud.routing.pipe = let
    copySourcesToKernel = sources: table: extra: {
@ -277,6 +268,21 @@ in rec {
      if net ~ [ 185.236.240.72/29+ ] then accept;
    '';
  };
+  hscloud.routing.ospf.v6.igp = {
+    area."0.0.0.0".interfaces = {
+      "wg-fmt" = {
+        type = "ptmp";
+        neighbors = [
+          "2a0d:eb00:2137:1::f"
+        ];
+      };
+    };
+    table = "igp";
+    filterIn = ''
+      # fmt networks
+      if net ~ [ 2a0d:eb01::/48+ ] then accept;
+    '';
+  };

  hscloud.routing.bgpSessions.v4 = let
    filterInUpstream = ''
--- a/bgpwtf/machines/modules/routing.nix
+++ b/bgpwtf/machines/modules/routing.nix
@ -140,6 +140,9 @@ let
                      default = false;
                      description = "Interface is stub (do not HELLO).";
                    };
+                    neighbors = mkOption {
+                      type = listOf str;
+                    };
                  };
                });
                description = "Interface configuration";
@ -160,11 +163,18 @@ let
    ip = if v4 then "4" else "6";
    name = "ospf_${af}_${n}";

-    interfaces = mapAttrsToList (iface: ifaceConfig: ''
+    interfaces = mapAttrsToList (iface: ifaceConfig: let
+      neighbors = ''
+        neighbors {
+          ${concatStringsSep "\n" (map (n: "${n};") ifaceConfig.neighbors)}
+        };
+      '';
+    in ''
      interface "${iface}" {
        type ${ifaceConfig.type};
        cost ${toString ifaceConfig.cost};
        ${if ifaceConfig.stub then "stub yes;" else ""}
+        ${if ifaceConfig.type == "ptmp" then neighbors else ""}
      };
    '');
    areas = mapAttrsToList (area: areaConfig: ''