bgpwtf: edge01: repurpose wireguard tunnel for fmt
Change-Id: Ib36048a83641b62210ad0d63b7b7ecda999da542
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1201
Reviewed-by: q3k <q3k@hackerspace.pl>
diff --git a/bgpwtf/machines/edge01.waw.bgp.wtf.nix b/bgpwtf/machines/edge01.waw.bgp.wtf.nix
index bdb55e3..ff58ea3 100644
--- a/bgpwtf/machines/edge01.waw.bgp.wtf.nix
+++ b/bgpwtf/machines/edge01.waw.bgp.wtf.nix
@@ -65,7 +65,7 @@
};
networking.wireguard.interfaces = {
- wg-camp = {
+ wg-fmt = {
ips = [
"185.236.240.68/31"
"2a0d:eb00:2137:1::e/127"
@@ -73,35 +73,20 @@
allowedIPsAsRoutes = false;
listenPort = 51820;
generatePrivateKeyFile = true;
- privateKeyFile = "/root/camp-wg";
+ privateKeyFile = "/root/fmt-wg";
peers = [
{
- publicKey = "TbXDHeHwT4/xQ1+l4HH9EzbYUUCU4Pk/r0nsGSw+qUc=";
+ publicKey = "zxL/1Jr0LLwJwXDm8ZOWkuY3ZkHO3sC7TdSBh89CsWc=";
allowedIPs = [
- "185.236.240.69/32"
- "185.236.241.0/24"
- "2a0d:eb00:8007::/48"
- "2a0d:eb00:2137:1::f/128"
+ "0.0.0.0/0"
+ "::/0"
];
+ endpoint = "[2a00:6340:4000:10::10]:41521";
}
];
};
};
- hscloud.routing.static.v6.camp = {
- table = "aggregate";
- address = "2a0d:eb00:8007::";
- prefixLength = 48;
- via = "2a0d:eb00:2137:1::f";
- };
- hscloud.routing.static.v4.camp = {
- table = "aggregate";
- address = "185.236.241.0";
- prefixLength = 24;
- via = "185.236.240.69";
- };
-
-
hscloud.renameInterfaces = {
# Link to Nitronet CPE.
e1-nnet.mac = "ac:1f:6b:1c:d7:ae";
@@ -222,6 +207,12 @@
# Default gateway via us, exposed into aggregated table.
v4.default = { table = "aggregate"; address = "0.0.0.0"; prefixLength = 0; };
v6.default = { table = "aggregate"; address = "::"; prefixLength = 0; };
+
+ # Loopbacks for IGP table.
+ # Alternatively we could add 'lo' as a stub interface into IGP OSPF, but
+ # that would also add 127.0.0.1...
+ v4.loopbacks = { table = "igp"; address = "185.236.240.1"; prefixLength = 32; };
+ v6.loopbacks = { table = "igp"; address = "2a0d:eb00:2137::1"; prefixLength = 128; };
};
hscloud.routing.pipe = let
copySourcesToKernel = sources: table: extra: {
@@ -277,6 +268,21 @@
if net ~ [ 185.236.240.72/29+ ] then accept;
'';
};
+ hscloud.routing.ospf.v6.igp = {
+ area."0.0.0.0".interfaces = {
+ "wg-fmt" = {
+ type = "ptmp";
+ neighbors = [
+ "2a0d:eb00:2137:1::f"
+ ];
+ };
+ };
+ table = "igp";
+ filterIn = ''
+ # fmt networks
+ if net ~ [ 2a0d:eb01::/48+ ] then accept;
+ '';
+ };
hscloud.routing.bgpSessions.v4 = let
filterInUpstream = ''
diff --git a/bgpwtf/machines/modules/routing.nix b/bgpwtf/machines/modules/routing.nix
index 50f5ff8..ac222a9 100644
--- a/bgpwtf/machines/modules/routing.nix
+++ b/bgpwtf/machines/modules/routing.nix
@@ -140,6 +140,9 @@
default = false;
description = "Interface is stub (do not HELLO).";
};
+ neighbors = mkOption {
+ type = listOf str;
+ };
};
});
description = "Interface configuration";
@@ -160,11 +163,18 @@
ip = if v4 then "4" else "6";
name = "ospf_${af}_${n}";
- interfaces = mapAttrsToList (iface: ifaceConfig: ''
+ interfaces = mapAttrsToList (iface: ifaceConfig: let
+ neighbors = ''
+ neighbors {
+ ${concatStringsSep "\n" (map (n: "${n};") ifaceConfig.neighbors)}
+ };
+ '';
+ in ''
interface "${iface}" {
type ${ifaceConfig.type};
cost ${toString ifaceConfig.cost};
${if ifaceConfig.stub then "stub yes;" else ""}
+ ${if ifaceConfig.type == "ptmp" then neighbors else ""}
};
'');
areas = mapAttrsToList (area: areaConfig: ''