add basic bird config
parent
70580fad10
commit
070338967b
GPG Key ID:
00FAF748B777CF10
@ -0,0 +1,92 @@
|
||||
router id @routerID@;
|
||||
|
||||
timeformat base iso long;
|
||||
timeformat log iso long;
|
||||
timeformat protocol iso long;
|
||||
timeformat route iso long;
|
||||
|
||||
function net_default() {
|
||||
if net.type = NET_IP4 then return net ~ [ 0.0.0.0/0 ];
|
||||
return net ~ [ ::/0 ];
|
||||
};
|
||||
|
||||
function net_bogon() {
|
||||
if net.type = NET_IP4 then return net ~ [
|
||||
0.0.0.0/0,
|
||||
0.0.0.0/8+, # RFC 1122 'this' network
|
||||
10.0.0.0/8+, # RFC 1918 private space
|
||||
100.64.0.0/10+, # RFC 6598 Carrier grade nat space
|
||||
127.0.0.0/8+, # RFC 1122 localhost
|
||||
169.254.0.0/16+, # RFC 3927 link local
|
||||
172.16.0.0/12+, # RFC 1918 private space
|
||||
192.0.2.0/24+, # RFC 5737 TEST-NET-1
|
||||
192.88.99.0/24+, # RFC 7526 6to4 anycast relay
|
||||
192.168.0.0/16+, # RFC 1918 private space
|
||||
198.18.0.0/15+, # RFC 2544 benchmarking
|
||||
198.51.100.0/24+, # RFC 5737 TEST-NET-2
|
||||
203.0.113.0/24+, # RFC 5737 TEST-NET-3
|
||||
224.0.0.0/4+, # multicast
|
||||
240.0.0.0/4+ # reserved
|
||||
];
|
||||
return net ~ [
|
||||
::/0,
|
||||
::/8+, # RFC 4291 IPv4-compatible, loopback, et al
|
||||
0100::/64+, # RFC 6666 Discard-Only
|
||||
2001:2::/48+, # RFC 5180 BMWG
|
||||
2001:10::/28+, # RFC 4843 ORCHID
|
||||
2001:db8::/32+, # RFC 3849 documentation
|
||||
2002::/16+, # RFC 7526 6to4 anycast relay
|
||||
3ffe::/16+, # RFC 3701 old 6bone
|
||||
fc00::/7+, # RFC 4193 unique local unicast
|
||||
fe80::/10+, # RFC 4291 link local unicast
|
||||
fec0::/10+, # RFC 3879 old site local unicast
|
||||
ff00::/8+ # RFC 4291 multicast
|
||||
];
|
||||
}
|
||||
|
||||
function as_bogon() {
|
||||
return bgp_path ~ [
|
||||
0, # RFC 7607
|
||||
23456, # RFC 4893 AS_TRANS
|
||||
64496..64511, # RFC 5398 and documentation/example ASNs
|
||||
64512..65534, # RFC 6996 Private ASNs
|
||||
65535, # RFC 7300 Last 16 bit ASN
|
||||
65536..65551, # RFC 5398 and documentation/example ASNs
|
||||
65552..131071, # RFC IANA reserved ASNs
|
||||
4200000000..4294967294, # RFC 6996 Private ASNs
|
||||
4294967295 # RFC 7300 Last 32 bit ASN
|
||||
];
|
||||
};
|
||||
|
||||
# This pseudo-protocol watches all interface up/down events.
|
||||
protocol device {
|
||||
scan time 10; # Scan interfaces every 10 seconds
|
||||
};
|
||||
|
||||
protocol direct {
|
||||
ipv4;
|
||||
ipv6;
|
||||
interface "lo";
|
||||
};
|
||||
|
||||
protocol kernel {
|
||||
scan time 20;
|
||||
|
||||
kernel table @kernelTable@;
|
||||
|
||||
ipv6 {
|
||||
import none;
|
||||
export all;
|
||||
};
|
||||
}
|
||||
|
||||
protocol kernel {
|
||||
scan time 20;
|
||||
|
||||
kernel table @kernelTable@;
|
||||
|
||||
ipv4 {
|
||||
import none;
|
||||
export all;
|
||||
};
|
||||
}
|
||||
@ -0,0 +1,29 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with import ../common-vars.nix { inherit lib config; };
|
||||
|
||||
let
|
||||
cfg = config.ffnix.bird;
|
||||
in {
|
||||
config = lib.mkIf cfg.enable {
|
||||
services.bird2.enable = true;
|
||||
environment.etc."bird/bird2.conf".source = lib.mkForce (pkgs.substituteAll {
|
||||
name = "bird2-${config.networking.hostName}.conf";
|
||||
|
||||
inherit (cfg) routerID kernelTable;
|
||||
|
||||
# the check is run in a sandboxed nix derivation and does not have access to password includes
|
||||
checkPhase = ''
|
||||
cat $out | sed 's/include.*//g' > temp.conf
|
||||
echo $out
|
||||
${pkgs.bird2}/bin/bird -d -p -c temp.conf
|
||||
'';
|
||||
|
||||
src = pkgs.writeText "bird2-${config.networking.hostName}-template.conf" ''
|
||||
${cfg.earlyExtraConfig}
|
||||
${lib.fileContents ./bird2.conf}
|
||||
${cfg.extraConfig}
|
||||
'';
|
||||
});
|
||||
};
|
||||
}
|
||||
Loading…
Reference in New Issue