diff --git a/hosts/dn42-il-gw1/configuration.nix b/hosts/dn42-il-gw1/configuration.nix
index bec44a7..6eb8ea2 100644
--- a/hosts/dn42-il-gw1/configuration.nix
+++ b/hosts/dn42-il-gw1/configuration.nix
@@ -4,25 +4,38 @@
imports =
[
./hardware-configuration.nix
- ../../configuration/dn42
];
profiles.clerie.mercury-vm.enable = true;
+ profiles.clerie.common-networking.enable = true;
boot.loader.grub.enable = true;
boot.loader.grub.device = "/dev/vda";
- networking.useDHCP = false;
- networking.interfaces.lo.ipv6.addresses = [ { address = "fd56:4902:eca0:1::1"; prefixLength = 64; } ];
- # VM Nat Netz mercury
- networking.interfaces.ens18.ipv4.addresses = [ { address = "192.168.10.23"; prefixLength = 24; } ];
- # OSPF Netz
- networking.interfaces.ens19 = {};
- # IPv6 Uplink
- networking.interfaces.ens20.ipv6.addresses = [ { address = "2001:638:904:ffc9::7"; prefixLength = 64; } ];
-
- networking.defaultGateway = { address = "192.168.10.1"; interface = "ens18"; };
- networking.defaultGateway6 = { address = "2001:638:904:ffc9::1"; interface = "ens20"; };
+ systemd.network.networks."10-wan" = {
+ matchConfig.Name = "ens20";
+ address = [
+ "2001:638:904:ffc9::7/64"
+ ];
+ routes = [
+ { Gateway = "2001:638:904:ffc9::1"; }
+ ];
+ linkConfig.RequiredForOnline = "routable";
+ };
+ systemd.network.networks."10-nat-netz-mercury" = {
+ matchConfig.Name = "ens18";
+ address = [
+ "192.168.10.23/24"
+ ];
+ routes = [
+ { Gateway = "192.168.10.1"; }
+ ];
+ linkConfig.RequiredForOnline = "routable";
+ };
+ systemd.network.networks."10-dn42-ospf-netz" = {
+ matchConfig.Name = "ens19";
+ linkConfig.RequiredForOnline = "no";
+ };
networking.wireguard.enable = true;
networking.wireguard.interfaces = {
@@ -127,154 +140,65 @@
};
};
- petabyte.policyrouting = {
+ profiles.clerie.dn42-router = {
enable = true;
- rules6 = [
- { rule = "from all to fd56:4902:eca0::/48 lookup 1337"; prio = 10000; }
- { rule = "from all to all lookup 2342"; prio = 10000; }
- { rule = "from all to fd56:4902:eca0::/48 unreachable"; prio = 20000; }
- { rule = "from fd56:4902:eca0::/48 to all unreachable"; prio = 20000; }
+ loopbackIp = "fd56:4902:eca0:1::1";
+ routerId = "192.168.10.23";
+
+ ospfInterfaces = [
+ "ens19"
+ ];
+
+ ibgpPeers = [
+ {
+ peerName = "gw5";
+ remoteAddress = "fd56:4902:eca0:5::1";
+ }
+ {
+ peerName = "gw6";
+ remoteAddress = "fd56:4902:eca0:6::1";
+ }
+ ];
+
+ wireguardPeers = [
+ {
+ peerName = "peer_0565";
+ remoteAddress = "fe80::565";
+ interfaceName = "wg0565";
+ remoteAsn = "4242420565";
+ localAddress = "fe80::2574";
+ }
+ {
+ peerName = "peer_1271_north";
+ remoteAddress = "fe80::2";
+ interfaceName = "wg1271";
+ remoteAsn = "4242421271";
+ localAddress = "fe80::1";
+ }
+ {
+ peerName = "peer_1271_south";
+ remoteAddress = "fe80::1:2";
+ interfaceName = "wg1272";
+ remoteAsn = "4242421271";
+ localAddress = "fe80::1:1";
+ }
+ {
+ peerName = "peer_1280_wg1";
+ remoteAddress = "fde3:4c0d:2836:ff00::20";
+ interfaceName = "wg1280";
+ remoteAsn = "4242421280";
+ localAddress = "fde3:4c0d:2836:ff00::21";
+ }
+ {
+ peerName = "peer_4719";
+ remoteAddress = "fe80::acab";
+ interfaceName = "wg4719";
+ remoteAsn = "64719";
+ localAddress = "fe80::1";
+ }
];
};
- services.bird.enable = true;
- services.bird.package = pkgs.bird2;
- services.bird.config = ''
- router id ${ (lib.head config.networking.interfaces.ens18.ipv4.addresses).address };
-
- ipv6 table ospf6;
- ipv6 table bgp6;
-
- protocol direct {
- interface "lo";
- ipv6 {
- table ospf6;
- };
- }
-
- protocol static {
- ipv6 {
- table bgp6;
- };
- route fd56:4902:eca0::/48 via "lo";
- route fd56:4902:eca0::/52 via "lo";
- }
-
- protocol kernel {
- ipv6 {
- table ospf6;
- export filter {
- krt_prefsrc=fd56:4902:eca0:1::1;
- accept;
- };
- import none;
- };
- kernel table 1337;
- }
-
- protocol kernel {
- ipv6 {
- table bgp6;
- export filter {
- krt_prefsrc=fd56:4902:eca0:1::1;
- accept;
- };
- import none;
- };
- kernel table 2342;
- }
-
- protocol ospf v3 {
- ipv6 {
- table ospf6;
- import all;
- export all;
- };
- area 0 {
- interface "ens19" {
- cost 80;
- type broadcast;
- };
- };
- }
-
- protocol bgp gw5 {
- local as 4242422574;
- graceful restart on;
- neighbor fd56:4902:eca0:5::1 as 4242422574;
- source address fd56:4902:eca0:1::1;
- ipv6 {
- table bgp6;
- igp table ospf6;
- next hop self;
- import keep filtered;
- import all;
- export all;
- };
- }
-
- protocol bgp gw6 {
- local as 4242422574;
- graceful restart on;
- neighbor fd56:4902:eca0:6::1 as 4242422574;
- source address fd56:4902:eca0:1::1;
- ipv6 {
- table bgp6;
- igp table ospf6;
- next hop self;
- import keep filtered;
- import all;
- export all;
- };
- }
-
- template bgp bgp_peer {
- local as 4242422574;
- graceful restart on;
- ipv6 {
- table bgp6;
- next hop self;
- import keep filtered;
- import filter {
- if net ~ [fd00::/8{48,64}] then accept;
- reject;
- };
- export filter {
- if net ~ [fd00::/8{48,64}] then accept;
- reject;
- };
- };
- }
-
- protocol bgp peer_0565 from bgp_peer {
- neighbor fe80::565%wg0565 as 4242420565;
- source address fe80::2574;
- }
-
- protocol bgp peer_1271_north from bgp_peer {
- neighbor fe80::2%wg1271 as 4242421271;
- source address fe80::1;
- }
-
- protocol bgp peer_1271_south from bgp_peer {
- neighbor fe80::1:2%wg1272 as 4242421271;
- source address fe80::1:1;
- }
-
- protocol bgp peer_1280_wg1 from bgp_peer {
- neighbor fde3:4c0d:2836:ff00::20%wg1280 as 4242421280;
- source address fde3:4c0d:2836:ff00::21;
- }
-
- protocol bgp peer_4719 from bgp_peer {
- neighbor fe80::acab%wg4719 as 64719;
- }
-
- protocol device {
- scan time 10;
- }
- '';
-
clerie.system-auto-upgrade = {
allowReboot = true;
autoUpgrade = true;