n0emis
/
ffnix
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

add basic bird config

Browse Source
main
n0emis 3 years ago
parent 70580fad10
commit 070338967b
Signed by: n0emis
GPG Key ID: 00FAF748B777CF10
3 changed files with 140 additions and 0 deletions
Show Stats Download Patch File Download Diff File

19
default.nix
Unescape Escape View File

@ -16,6 +16,24 @@ in
Use batman-adv-legacy - do not use in new communities! Use batman-adv-legacy - do not use in new communities!
''; '';
}; };
bird = {
enable = mkEnableOption "bird routing daemon";
routerID = mkOption {
type = types.str;
};
kernelTable = mkOption {
type= types.int;
};
earlyExtraConfig = mkOption {
type = types.lines;
default = "";
};
extraConfig = mkOption {
type = types.lines;
default = "";
};
};
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
@ -27,5 +45,6 @@ in
imports = [ imports = [
./modules/batman.nix ./modules/batman.nix
./modules/fastd.nix ./modules/fastd.nix
./modules/bird
]; ];
} }

92
modules/bird/bird2.conf
Unescape Escape View File

@ -0,0 +1,92 @@
router id @routerID@;
timeformat base iso long;
timeformat log iso long;
timeformat protocol iso long;
timeformat route iso long;
function net_default() {
if net.type = NET_IP4 then return net ~ [ 0.0.0.0/0 ];
return net ~ [ ::/0 ];
};
function net_bogon() {
if net.type = NET_IP4 then return net ~ [
0.0.0.0/0,
0.0.0.0/8+, # RFC 1122 'this' network
10.0.0.0/8+, # RFC 1918 private space
100.64.0.0/10+, # RFC 6598 Carrier grade nat space
127.0.0.0/8+, # RFC 1122 localhost
169.254.0.0/16+, # RFC 3927 link local
172.16.0.0/12+, # RFC 1918 private space
192.0.2.0/24+, # RFC 5737 TEST-NET-1
192.88.99.0/24+, # RFC 7526 6to4 anycast relay
192.168.0.0/16+, # RFC 1918 private space
198.18.0.0/15+, # RFC 2544 benchmarking
198.51.100.0/24+, # RFC 5737 TEST-NET-2
203.0.113.0/24+, # RFC 5737 TEST-NET-3
224.0.0.0/4+, # multicast
240.0.0.0/4+ # reserved
];
return net ~ [
::/0,
::/8+, # RFC 4291 IPv4-compatible, loopback, et al
0100::/64+, # RFC 6666 Discard-Only
2001:2::/48+, # RFC 5180 BMWG
2001:10::/28+, # RFC 4843 ORCHID
2001:db8::/32+, # RFC 3849 documentation
2002::/16+, # RFC 7526 6to4 anycast relay
3ffe::/16+, # RFC 3701 old 6bone
fc00::/7+, # RFC 4193 unique local unicast
fe80::/10+, # RFC 4291 link local unicast
fec0::/10+, # RFC 3879 old site local unicast
ff00::/8+ # RFC 4291 multicast
];
}
function as_bogon() {
return bgp_path ~ [
0, # RFC 7607
23456, # RFC 4893 AS_TRANS
64496..64511, # RFC 5398 and documentation/example ASNs
64512..65534, # RFC 6996 Private ASNs
65535, # RFC 7300 Last 16 bit ASN
65536..65551, # RFC 5398 and documentation/example ASNs
65552..131071, # RFC IANA reserved ASNs
4200000000..4294967294, # RFC 6996 Private ASNs
4294967295 # RFC 7300 Last 32 bit ASN
];
};
# This pseudo-protocol watches all interface up/down events.
protocol device {
scan time 10; # Scan interfaces every 10 seconds
};
protocol direct {
ipv4;
ipv6;
interface "lo";
};
protocol kernel {
scan time 20;
kernel table @kernelTable@;
ipv6 {
import none;
export all;
};
}
protocol kernel {
scan time 20;
kernel table @kernelTable@;
ipv4 {
import none;
export all;
};
}

29
modules/bird/default.nix
Unescape Escape View File

@ -0,0 +1,29 @@
{ config, lib, pkgs, ... }:
with import ../common-vars.nix { inherit lib config; };
let
cfg = config.ffnix.bird;
in {
config = lib.mkIf cfg.enable {
services.bird2.enable = true;
environment.etc."bird/bird2.conf".source = lib.mkForce (pkgs.substituteAll {
name = "bird2-${config.networking.hostName}.conf";
inherit (cfg) routerID kernelTable;
# the check is run in a sandboxed nix derivation and does not have access to password includes
checkPhase = ''
cat $out | sed 's/include.*//g' > temp.conf
echo $out
${pkgs.bird2}/bin/bird -d -p -c temp.conf
'';
src = pkgs.writeText "bird2-${config.networking.hostName}-template.conf" ''
${cfg.earlyExtraConfig}
${lib.fileContents ./bird2.conf}
${cfg.extraConfig}
'';
});
};
}
Write Preview
Loading…
Cancel
Save