From 88e6f0d54e90c1bc94ab5b39604624893336b903 Mon Sep 17 00:00:00 2001 From: clerie Date: Wed, 16 Dec 2020 12:30:38 +0100 Subject: [PATCH] Include carbon to OSPF network --- hosts/carbon/configuration.nix | 109 ++++++++++++++++++++++++++++----- hosts/porter/configuration.nix | 20 +++++- 2 files changed, 111 insertions(+), 18 deletions(-) diff --git a/hosts/carbon/configuration.nix b/hosts/carbon/configuration.nix index 38d8fc2..4c52d3f 100644 --- a/hosts/carbon/configuration.nix +++ b/hosts/carbon/configuration.nix @@ -1,4 +1,4 @@ -{ config, pkgs, ... }: +{ config, pkgs, lib, ... }: { imports = @@ -22,29 +22,104 @@ networking.hostName = "carbon"; networking.useDHCP = false; + # Local Router IPs + networking.interfaces.lo.ipv6.addresses = [ + { address = "fd00:152:152:104::1"; prefixLength = 64; } + { address = "fd00:152:152::1"; prefixLength = 128; } # Anycast + ]; + networking.interfaces.lo.ipv4.addresses = [ + { address = "10.152.104.1"; prefixLength = 24; } + { address = "10.152.0.1"; prefixLength = 32; } # Anycast + ]; + # Network networking.interfaces.enp1s0.useDHCP = true; networking.wireguard.enable = true; networking.wireguard.interfaces = { - wg-gatekeeper = { - ips = [ - "10.20.30.104/24" - "2a01:4f8:c0c:15f1::8104/113" - ]; + wg-porter = { + ips = [ "fe80::138:2/64" "169.254.138.2/24" ]; + peers = [ { + allowedIPs = [ "0.0.0.0/0" "::/0" ]; + endpoint = "porter.net.clerie.de:50138"; + publicKey = "aP6optNE7nVk6coo+USkSDtB62rAc/isfofRML9V2HM="; + persistentKeepalive = 25; + } ]; allowedIPsAsRoutes = false; - peers = [ - { - allowedIPs = [ - "0.0.0.0/0" - "::/0" - ]; - endpoint = "gatekeeper.net.clerie.de:51820"; - publicKey = "2p1Jqs3bkXbXHFWE6vp1yxHIFoUaZQEARS2nJzbkuBA="; - } - ]; - privateKeyFile = "/var/src/secrets/wireguard/wg-gatekeeper"; + privateKeyFile = "/var/src/secrets/wireguard/wg-porter"; }; }; + services.bird2.enable = true; + services.bird2.config = '' + router id ${ (lib.head config.networking.interfaces.lo.ipv4.addresses).address }; + + ipv6 table ospf6; + ipv4 table ospf4; + + protocol direct { + interface "lo"; + ipv6 { + table ospf6; + }; + ipv4 { + table ospf4; + }; + } + + protocol kernel kernel_6 { + ipv6 { + table ospf6; + export filter { + krt_prefsrc=${ (lib.head config.networking.interfaces.lo.ipv6.addresses).address }; + accept; + }; + import none; + }; + } + + protocol kernel kernel_4 { + ipv4 { + table ospf4; + export filter { + krt_prefsrc=${ (lib.head config.networking.interfaces.lo.ipv4.addresses).address }; + accept; + }; + import none; + }; + } + + protocol ospf v3 ospf_6 { + ipv6 { + table ospf6; + import all; + export all; + }; + area 0 { + interface "wg-porter" { + cost 80; + type pointopoint; + }; + }; + } + + protocol ospf v3 ospf_4 { + ipv4 { + table ospf4; + import all; + export all; + }; + area 0 { + interface "wg-porter" { + cost 80; + type pointopoint; + }; + }; + } + + protocol device { + scan time 10; + } + ''; + system.stateVersion = "21.03"; } diff --git a/hosts/porter/configuration.nix b/hosts/porter/configuration.nix index 9681245..38bf535 100644 --- a/hosts/porter/configuration.nix +++ b/hosts/porter/configuration.nix @@ -33,6 +33,16 @@ networking.wireguard.enable = true; networking.wireguard.interfaces = { + wg-carbon = { + ips = [ "fe80::138:1/64" "169.254.138.1/24" ]; + peers = [ { + allowedIPs = [ "0.0.0.0/0" "::/0" ]; + publicKey = "ezemzjfG6OZ3rHcCvuh+N1VfaIgbijvFbvvRmhasu2E="; + } ]; + listenPort = 50138; + allowedIPsAsRoutes = false; + privateKeyFile = "/var/src/secrets/wireguard/wg-carbon"; + }; wg-nonat = { ips = [ "fe80::1337:1/64" "169.254.137.1/24" ]; peers = [ { @@ -46,7 +56,7 @@ }; }; - networking.firewall.allowedUDPPorts = [ 51337 ]; + networking.firewall.allowedUDPPorts = [ 50138 51337 ]; services.bird2.enable = true; services.bird2.config = '' @@ -94,6 +104,10 @@ export all; }; area 0 { + interface "wg-carbon" { + cost 80; + type pointopoint; + }; interface "wg-nonat" { cost 80; type pointopoint; @@ -108,6 +122,10 @@ export all; }; area 0 { + interface "wg-carbon" { + cost 80; + type pointopoint; + }; interface "wg-nonat" { cost 80; type pointopoint;