hosts/dn42-ildix-service: add lookingglass

2023-05-04 14:35:30 +02:00
parent e9de141316
commit 4834e5b91d
6 changed files with 95 additions and 10 deletions
--- a/hosts/dn42-ildix-clerie/configuration.nix
+++ b/hosts/dn42-ildix-clerie/configuration.nix
@@ -120,21 +120,19 @@
  # Internal
  protocol bgp peer_2953_dn42_ildix_service {
    local as 4242422953;
-    graceful restart on;
-    neighbor fd81:edb3:71d8:ffff:2953::1 as 4242422953;
+    neighbor fd81:edb3:71d8:ffff:2953::1 port 1179 as 4242422953;
    source address fd81:edb3:71d8:ffff::13;
+    multihop 64;
+    rr client;
    ipv6 {
      table master6;
      next hop keep;
-      import keep filtered;
+      add paths tx;
      import filter {
-        if net ~ [fd81:edb3:71d8::/48{48,128}] then bgp_path.prepend(4242422953);
-        if net ~ [fd81:edb3:71d8::/48{48,64}] then accept;
        reject;
      };
      export filter {
-        if net ~ [fd00::/8{8,64}] then accept;
-        reject;
+        accept;
      };
    };
  }
--- a/hosts/dn42-ildix-service/configuration.nix
+++ b/hosts/dn42-ildix-service/configuration.nix
@@ -6,6 +6,7 @@
      ./hardware-configuration.nix
      ../../configuration/proxmox-vm
      ./bird.nix
+      ./fernglas.nix
    ];

  # Use the GRUB 2 boot loader.
@@ -36,6 +37,10 @@
  networking.defaultGateway = { address = "192.168.10.1"; interface = "ens18"; };
  networking.nameservers = [ "2001:638:904:ffcc::3" "2001:638:904:ffcc::4" "141.24.40.3" "141.24.40.4" ];

+  services.nginx.enable = true;
+
+  networking.firewall.allowedTCPPorts = [ 80 443 ];
+
  system.stateVersion = "23.05";
 }

--- a/hosts/dn42-ildix-service/fernglas.nix
+++ b/hosts/dn42-ildix-service/fernglas.nix
@@ -0,0 +1,37 @@
+{ config, lib, inputs, ... }:
+
+{
+  networking.firewall.allowedTCPPorts = [ 3000 1179 ];
+
+  services.fernglas = {
+    enable = true;
+    settings = {
+      api.bind = "[::1]:3000";
+      collectors = [
+        {
+          collector_type = "Bgp";
+          bind = "[::]:1179";
+          default_peer_config = {
+            asn = 4242422953;
+            router_id = "${(lib.head config.networking.interfaces.ens18.ipv4.addresses).address}";
+            route_state = "Accepted";
+            add_path = true;
+          };
+        }
+      ];
+    };
+  };
+
+  services.nginx.virtualHosts = {
+    "lg.ildix.clerie.de" = {
+      enableACME = true;
+      forceSSL = true;
+      locations."/" = {
+        root = inputs.fernglas.packages."x86_64-linux"."fernglas-frontend";
+      };
+      locations."/api/" = {
+        proxyPass = "http://${config.services.fernglas.settings.api.bind}";
+      };
+    };
+  };
+}