From dbc008769e977d299c180b811de1e67c72958904 Mon Sep 17 00:00:00 2001
From: clerie <git@clerie.de>
Date: Tue, 28 Feb 2023 20:50:26 +0100
Subject: [PATCH] hosts/dn42-ildix-service: prepare BGP setup

---
 hosts/dn42-ildix-service/bird.nix          | 62 ++++++++++++++++++++++
 hosts/dn42-ildix-service/configuration.nix |  4 +-
 2 files changed, 64 insertions(+), 2 deletions(-)
 create mode 100644 hosts/dn42-ildix-service/bird.nix

diff --git a/hosts/dn42-ildix-service/bird.nix b/hosts/dn42-ildix-service/bird.nix
new file mode 100644
index 0000000..5a46e41
--- /dev/null
+++ b/hosts/dn42-ildix-service/bird.nix
@@ -0,0 +1,62 @@
+{ config, lib, ... }:
+
+{
+  networking.firewall.allowedTCPPorts = [ 179 ];
+
+  # something doesn't work right
+  services.bird2.enable = false;
+  services.bird2.config = ''
+  router id ${(lib.head config.networking.interfaces.ens18.ipv4.addresses).address};
+
+  ipv6 table bgp6;
+
+  protocol static {
+    ipv6 {
+      table bgp6;
+    };
+    route fd81:edb3:71d8::/48 via "lo";
+  }
+
+  protocol kernel {
+    ipv6 {
+      table bgp6;
+      export filter {
+        krt_prefsrc=${(lib.head config.networking.interfaces.lo.ipv6.addresses).address};
+        accept;
+      };
+      import none;
+    };
+  }
+
+  template bgp ildix {
+    local as 4242422953;
+    graceful restart on;
+    source address fd81:edb3:71d8:ffff:2953::1;
+    ipv6 {
+      table bgp6;
+      next hop self;
+      import keep filtered;
+      import filter {
+        if net ~ [fd00::/8{8,64}] then accept;
+        reject;
+      };
+      export filter {
+        if net ~ [fd81:edb3:71d8::/48{48,64}] then accept;
+        reject;
+      };
+    };
+  }
+
+  protocol bgp peer_ildix_clerie from ildix {
+    neighbor fd81:edb3:71d8:ffff::13 as 4242422953;
+  }
+
+  protocol bgp peer_ildix_nex from ildix {
+    neighbor fd81:edb3:71d8:ffff::14 as 4242422953;
+  }
+
+  protocol device {
+    scan time 10;
+  }
+  '';
+}
diff --git a/hosts/dn42-ildix-service/configuration.nix b/hosts/dn42-ildix-service/configuration.nix
index 2003588..8e4a600 100644
--- a/hosts/dn42-ildix-service/configuration.nix
+++ b/hosts/dn42-ildix-service/configuration.nix
@@ -5,6 +5,7 @@
     [
       ./hardware-configuration.nix
       ../../configuration/proxmox-vm
+      ./bird.nix
     ];
 
   # Use the GRUB 2 boot loader.
@@ -27,7 +28,7 @@
   # VM Nat Netz mercury
   networking.interfaces.ens18.ipv4.addresses = [ { address = "192.168.10.28"; prefixLength = 24; } ];
   # ildix peering lan
-  networking.interfaces.ens19.ipv6.addresses = [ { address = "fd81:ed3:71d8:ffff:2953::1"; prefixLength = 64; } ];
+  networking.interfaces.ens19.ipv6.addresses = [ { address = "fd81:edb3:71d8:ffff:2953::1"; prefixLength = 64; } ];
   # IPv6 Uplink
   networking.interfaces.ens20.ipv6.addresses = [ { address = "2001:638:904:ffc9::c"; prefixLength = 64; } ];
 
@@ -35,7 +36,6 @@
   networking.defaultGateway = { address = "192.168.10.1"; interface = "ens18"; };
   networking.nameservers = [ "2001:638:904:ffcc::3" "2001:638:904:ffcc::4" "141.24.40.3" "141.24.40.4" ];
 
-
   system.stateVersion = "23.05";
 }