From 58f7ba451884bca8a1eb6362f91c8000a16ad736 Mon Sep 17 00:00:00 2001 From: clerie Date: Sat, 22 Mar 2025 17:27:39 +0100 Subject: [PATCH] hosts/dn42-il-gw6: Migrate to systemd-networkd and dn42-router profile --- hosts/dn42-il-gw6/configuration.nix | 243 ++++++++++------------------ 1 file changed, 82 insertions(+), 161 deletions(-) diff --git a/hosts/dn42-il-gw6/configuration.nix b/hosts/dn42-il-gw6/configuration.nix index 1eb5193..1615e77 100644 --- a/hosts/dn42-il-gw6/configuration.nix +++ b/hosts/dn42-il-gw6/configuration.nix @@ -4,182 +4,103 @@ imports = [ ./hardware-configuration.nix - ../../configuration/dn42 ]; profiles.clerie.cybercluster-vm.enable = true; + profiles.clerie.common-networking.enable = true; boot.loader.grub.enable = true; boot.loader.grub.device = "/dev/vda"; - networking.useDHCP = false; - networking.interfaces.lo.ipv6.addresses = [ { address = "fd56:4902:eca0:6::1"; prefixLength = 64; } ]; - # IPv6 Uplink - networking.interfaces.ens18.ipv6.addresses = [ { address = "2001:638:904:ffc9::9"; prefixLength = 64; } ]; - # Ildix - networking.interfaces.ens19.ipv6.addresses = [ { address = "fd81:edb3:71d8:ffff:2574::6"; prefixLength = 64; } ]; - # VM Nat Netz mercury - networking.interfaces.ens20.ipv4.addresses = [ { address = "192.168.10.26"; prefixLength = 24; } ]; - # OSPF Netz - networking.interfaces.ens21 = {}; - - - networking.defaultGateway = { address = "192.168.10.1"; interface = "ens20"; }; - networking.defaultGateway6 = { address = "2001:638:904:ffc9::1"; interface = "ens18"; }; - - petabyte.policyrouting = { - enable = true; - rules6 = [ - { rule = "from all to fd56:4902:eca0::/48 lookup 1337"; prio = 10000; } - { rule = "from all to all lookup 2342"; prio = 10000; } - { rule = "from all to fd56:4902:eca0::/48 unreachable"; prio = 20000; } - { rule = "from fd56:4902:eca0::/48 to all unreachable"; prio = 20000; } + systemd.network.networks."10-wan" = { + matchConfig.Name = "ens18"; + address = [ + "2001:638:904:ffc9::9/64" ]; + routes = [ + { Gateway = "2001:638:904:ffc9::1"; } + ]; + linkConfig.RequiredForOnline = "routable"; + }; + systemd.network.networks."10-nat-netz-mercury" = { + matchConfig.Name = "ens20"; + address = [ + "192.168.10.26/24" + ]; + routes = [ + { Gateway = "192.168.10.1"; } + ]; + linkConfig.RequiredForOnline = "routable"; + }; + systemd.network.networks."10-dn42-ospf-netz" = { + matchConfig.Name = "ens21"; + linkConfig.RequiredForOnline = "no"; + }; + systemd.network.networks."10-dn42-ildix" = { + matchConfig.Name = "ens19"; + address = [ + "fd81:edb3:71d8:ffff:2574::6/64" + ]; + linkConfig.RequiredForOnline = "no"; }; - services.bird.enable = true; - services.bird.package = pkgs.bird2; - services.bird.config = '' - router id ${ (lib.head config.networking.interfaces.ens20.ipv4.addresses).address }; + profiles.clerie.dn42-router = { + enable = true; + loopbackIp = "fd56:4902:eca0:6::1"; + routerId = "192.168.10.26"; - ipv6 table ospf6; - ipv6 table bgp6; + ospfInterfaces = [ + "ens21" + ]; - protocol direct { - interface "lo"; - ipv6 { - table ospf6; - }; - } + ibgpPeers = [ + { + peerName = "gw1"; + remoteAddress = "fd56:4902:eca0:1::1"; + } + { + peerName = "gw5"; + remoteAddress = "fd56:4902:eca0:5::1"; + } + ]; - protocol static { - ipv6 { - table bgp6; + bgpPeers = [ + { + peerName = "peer_ildix_clerie"; + localAddress = "fd81:edb3:71d8:ffff:2574::6"; + remoteAddress = "fd81:edb3:71d8:ffff::13"; + remoteAsn = "4242422953"; + } + { + peerName = "peer_ildix_nex"; + localAddress = "fd81:edb3:71d8:ffff:2574::6"; + remoteAddress = "fd81:edb3:71d8:ffff::14"; + remoteAsn = "4242422953"; + } + ]; + + birdExtraConfig = '' + # Internal + protocol bgp peer_2953_dn42_ildix_service { + local as 4242422574; + neighbor fd81:edb3:71d8:ffff:2953::1 port 1179 as 4242422953; + source address fd81:edb3:71d8:ffff:2574::6; + multihop 64; + ipv6 { + table bgp6; + igp table ospf6; + next hop keep; + add paths tx; + import filter { + reject; }; - #route fd56:4902:eca0::/48 via "lo"; - #route fd56:4902:eca0::/52 via "lo"; - } - - protocol kernel { - ipv6 { - table ospf6; - export filter { - krt_prefsrc=fd56:4902:eca0:6::1; - accept; - }; - import none; + export filter { + accept; }; - kernel table 1337; - } - - protocol kernel { - ipv6 { - table bgp6; - export filter { - krt_prefsrc=fd56:4902:eca0:6::1; - accept; - }; - import none; - }; - kernel table 2342; - } - - protocol ospf v3 { - ipv6 { - table ospf6; - import all; - export all; - }; - area 0 { - interface "ens21" { - cost 80; - type broadcast; - }; - }; - } - - protocol bgp gw1 { - local as 4242422574; - graceful restart on; - neighbor fd56:4902:eca0:1::1 as 4242422574; - source address fd56:4902:eca0:6::1; - ipv6 { - table bgp6; - igp table ospf6; - next hop self; - import keep filtered; - import all; - export all; - }; - } - - protocol bgp gw5 { - local as 4242422574; - graceful restart on; - neighbor fd56:4902:eca0:5::1 as 4242422574; - source address fd56:4902:eca0:6::1; - ipv6 { - table bgp6; - igp table ospf6; - next hop self; - import keep filtered; - import all; - export all; - }; - } - - template bgp ildix { - local as 4242422574; - graceful restart on; - source address fd81:edb3:71d8:ffff:2574::6; - ipv6 { - table bgp6; - igp table ospf6; - next hop self; - import keep filtered; - import filter { - if net ~ [fd00::/8{8,64}] then accept; - reject; - }; - export filter { - if net ~ [fd00::/8{8,64}] then accept; - reject; - }; - }; - } - - protocol bgp peer_ildix_clerie from ildix { - neighbor fd81:edb3:71d8:ffff::13 as 4242422953; - } - - protocol bgp peer_ildix_nex from ildix { - neighbor fd81:edb3:71d8:ffff::14 as 4242422953; - } - - # Internal - protocol bgp peer_2953_dn42_ildix_service { - local as 4242422574; - neighbor fd81:edb3:71d8:ffff:2953::1 port 1179 as 4242422953; - source address fd81:edb3:71d8:ffff:2574::6; - multihop 64; - ipv6 { - table bgp6; - igp table ospf6; - next hop keep; - add paths tx; - import filter { - reject; - }; - export filter { - accept; - }; - }; - } - - protocol device { - scan time 10; - } - ''; + }; + } + ''; + }; clerie.system-auto-upgrade = { allowReboot = true;