diff --git a/flake.lock b/flake.lock index da1eb76..9710a30 100644 --- a/flake.lock +++ b/flake.lock @@ -43,6 +43,42 @@ "type": "github" } }, + "fernglas": { + "inputs": { + "flake-utils": "flake-utils", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1680199136, + "narHash": "sha256-dlPzsVkEjhQjrV0++UOX+eaOaO1FTSNoHQ2JHQz9qcA=", + "owner": "wobcom", + "repo": "fernglas", + "rev": "71766d09dc6a43c2219d57c6372a1b5934b61a99", + "type": "github" + }, + "original": { + "owner": "wobcom", + "repo": "fernglas", + "type": "github" + } + }, + "flake-utils": { + "locked": { + "lastModified": 1667395993, + "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, "nixos-exporter": { "inputs": { "nixpkgs": [ @@ -98,6 +134,7 @@ "root": { "inputs": { "agenix": "agenix", + "fernglas": "fernglas", "nixos-exporter": "nixos-exporter", "nixpkgs": "nixpkgs", "nixpkgs-schule": "nixpkgs-schule", diff --git a/flake.nix b/flake.nix index ebc4908..b682b7b 100644 --- a/flake.nix +++ b/flake.nix @@ -6,6 +6,10 @@ url = "github:ryantm/agenix"; inputs.nixpkgs.follows = "nixpkgs"; }; + fernglas = { + url = "github:wobcom/fernglas"; + inputs.nixpkgs.follows = "nixpkgs"; + }; nixos-exporter = { url = "git+https://git.clerie.de/clerie/nixos-exporter.git"; inputs.nixpkgs.follows = "nixpkgs"; @@ -15,7 +19,7 @@ inputs.nixpkgs.follows = "nixpkgs"; }; }; - outputs = { self, nixpkgs, nixos-exporter, solid-xmpp-alarm, ... }@inputs: let + outputs = { self, nixpkgs, fernglas, nixos-exporter, solid-xmpp-alarm, ... }@inputs: let helper = (import ./lib/flake-helper.nix) inputs; in { clerie.hosts = { diff --git a/hosts/dn42-ildix-clerie/configuration.nix b/hosts/dn42-ildix-clerie/configuration.nix index d4d832e..bca45c3 100644 --- a/hosts/dn42-ildix-clerie/configuration.nix +++ b/hosts/dn42-ildix-clerie/configuration.nix @@ -120,21 +120,19 @@ # Internal protocol bgp peer_2953_dn42_ildix_service { local as 4242422953; - graceful restart on; - neighbor fd81:edb3:71d8:ffff:2953::1 as 4242422953; + neighbor fd81:edb3:71d8:ffff:2953::1 port 1179 as 4242422953; source address fd81:edb3:71d8:ffff::13; + multihop 64; + rr client; ipv6 { table master6; next hop keep; - import keep filtered; + add paths tx; import filter { - if net ~ [fd81:edb3:71d8::/48{48,128}] then bgp_path.prepend(4242422953); - if net ~ [fd81:edb3:71d8::/48{48,64}] then accept; reject; }; export filter { - if net ~ [fd00::/8{8,64}] then accept; - reject; + accept; }; }; } diff --git a/hosts/dn42-ildix-service/configuration.nix b/hosts/dn42-ildix-service/configuration.nix index 8e4a600..b1d1183 100644 --- a/hosts/dn42-ildix-service/configuration.nix +++ b/hosts/dn42-ildix-service/configuration.nix @@ -6,6 +6,7 @@ ./hardware-configuration.nix ../../configuration/proxmox-vm ./bird.nix + ./fernglas.nix ]; # Use the GRUB 2 boot loader. @@ -36,6 +37,10 @@ networking.defaultGateway = { address = "192.168.10.1"; interface = "ens18"; }; networking.nameservers = [ "2001:638:904:ffcc::3" "2001:638:904:ffcc::4" "141.24.40.3" "141.24.40.4" ]; + services.nginx.enable = true; + + networking.firewall.allowedTCPPorts = [ 80 443 ]; + system.stateVersion = "23.05"; } diff --git a/hosts/dn42-ildix-service/fernglas.nix b/hosts/dn42-ildix-service/fernglas.nix new file mode 100644 index 0000000..373977e --- /dev/null +++ b/hosts/dn42-ildix-service/fernglas.nix @@ -0,0 +1,37 @@ +{ config, lib, inputs, ... }: + +{ + networking.firewall.allowedTCPPorts = [ 3000 1179 ]; + + services.fernglas = { + enable = true; + settings = { + api.bind = "[::1]:3000"; + collectors = [ + { + collector_type = "Bgp"; + bind = "[::]:1179"; + default_peer_config = { + asn = 4242422953; + router_id = "${(lib.head config.networking.interfaces.ens18.ipv4.addresses).address}"; + route_state = "Accepted"; + add_path = true; + }; + } + ]; + }; + }; + + services.nginx.virtualHosts = { + "lg.ildix.clerie.de" = { + enableACME = true; + forceSSL = true; + locations."/" = { + root = inputs.fernglas.packages."x86_64-linux"."fernglas-frontend"; + }; + locations."/api/" = { + proxyPass = "http://${config.services.fernglas.settings.api.bind}"; + }; + }; + }; +} diff --git a/lib/flake-helper.nix b/lib/flake-helper.nix index 7d73a33..86ff576 100644 --- a/lib/flake-helper.nix +++ b/lib/flake-helper.nix @@ -1,4 +1,4 @@ -{ self, nixpkgs, agenix, nixos-exporter, solid-xmpp-alarm, ... }@inputs: +{ self, nixpkgs, agenix, fernglas, nixos-exporter, solid-xmpp-alarm, ... }@inputs: rec { generateNixosSystem = { @@ -16,7 +16,10 @@ rec { Useful for having the monitoring server scraping the target config from all other servers automatically. */ - _module.args._nixfiles = self; + _module.args = { + inputs = inputs; + _nixfiles = self; + }; }) ../configuration/common ../users/clerie @@ -32,6 +35,7 @@ rec { clerie.monitoring = nixpkgs.lib.attrsets.optionalAttrs (group != null) { serviceLevel = group; }; }) agenix.nixosModules.default + fernglas.nixosModules.default solid-xmpp-alarm.nixosModules.solid-xmpp-alarm (../hosts + "/${name}/configuration.nix") # Automatically load secrets from the hosts secrets directory