From 15b63b895245a14c7604f7705143897d25b68282 Mon Sep 17 00:00:00 2001
From: 9pfs <9pfs@amcforum.wiki>
Date: Thu, 21 Nov 2024 15:57:14 -0800
Subject: [PATCH] Add files

---
 .gitignore     |  1 +
 collector.conf | 40 ++++++++++++++++++++++++++++++++++++++++
 int-bgp.j2     | 24 ++++++++++++++++++++++++
 inventory.yml  | 38 ++++++++++++++++++++++++++++++++++++++
 update-bgp.yml | 17 +++++++++++++++++
 upgrade.yml    |  9 +++++++++
 6 files changed, 129 insertions(+)
 create mode 100644 .gitignore
 create mode 100644 collector.conf
 create mode 100644 int-bgp.j2
 create mode 100644 inventory.yml
 create mode 100644 update-bgp.yml
 create mode 100644 upgrade.yml

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..a01ee28
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+.*.swp
diff --git a/collector.conf b/collector.conf
new file mode 100644
index 0000000..9164fd1
--- /dev/null
+++ b/collector.conf
@@ -0,0 +1,40 @@
+protocol bgp ROUTE_COLLECTOR
+{
+  local as OWNAS;
+  neighbor fd42:4242:2601:ac12::1 as 4242422602;
+
+  # enable multihop as the collector is not locally connected
+  multihop;
+
+  ipv4 {
+    # export all available paths to the collector    
+    add paths tx;
+
+    # import/export filters
+    import none;
+    export filter {
+      # export all valid routes
+      if ( is_valid_network() && source ~ [ RTS_STATIC, RTS_BGP ] )
+      then {
+        accept;
+      }
+      reject;
+    };
+  };
+
+  ipv6 {
+    # export all available paths to the collector    
+    add paths tx;
+
+    # import/export filters
+    import none;
+    export filter {
+      # export all valid routes
+      if ( is_valid_network_v6() && source ~ [ RTS_STATIC, RTS_BGP ] )
+      then {
+        accept;
+      }
+      reject;
+    };
+  };
+}
diff --git a/int-bgp.j2 b/int-bgp.j2
new file mode 100644
index 0000000..579ad61
--- /dev/null
+++ b/int-bgp.j2
@@ -0,0 +1,24 @@
+template bgp intpeers {
+    local as OWNAS;
+
+    ipv4 {
+        import where source = RTS_BGP && is_valid_network() && !is_self_net();
+        export where source = RTS_BGP && is_valid_network() && !is_self_net();
+        next hop self;
+        add paths yes;
+    };
+
+    ipv6 {
+        import where source = RTS_BGP && is_valid_network_v6() && !is_self_net_v6();
+        export where source = RTS_BGP && is_valid_network_v6() && !is_self_net_v6();
+        next hop self;
+        add paths yes;
+    };
+}
+{% for host in groups['routers'] %}
+{% if host != inventory_hostname %}
+protocol bgp int_{{ hostvars[host]['pop_loc'] }} from intpeers {
+    neighbor {{ hostvars[host]['unicastv6'] }} as OWNAS;
+}
+{% endif %}
+{% endfor %}
diff --git a/inventory.yml b/inventory.yml
new file mode 100644
index 0000000..9f8abd1
--- /dev/null
+++ b/inventory.yml
@@ -0,0 +1,38 @@
+all:
+  children:
+    routers:
+    nameservers:
+routers:
+  hosts:
+    us1.routers.9pfs.dn42:
+      ansible_python_interpreter: "/usr/bin/python3"
+      unicastv6: fd32:6b0:70a6:179::1
+      machine_type: vm
+      pop_loc: us01
+    us2.routers.9pfs.dn42:
+      ansible_python_interpreter: "/usr/bin/python3"
+      machine_type: container
+      unicastv6: fd32:6b0:70a6:179::2
+      pop_loc: us02
+    us3.routers.9pfs.dn42:
+      ansible_python_interpreter: "/usr/bin/python3"
+      machine_type: container
+      unicastv6: fd32:6b0:70a6:179::4
+      pop_loc: us03
+    uk1.routers.9pfs.dn42:
+      ansible_python_interpreter: "/usr/bin/python3"
+      machine_type: container
+      unicastv6: fd32:6b0:70a6:179::3
+      pop_loc: uk01
+services:
+  hosts:
+    mail.9pfs.dn42:
+      ansible_python_interpreter: "/usr/bin/python3"
+      machine_type: vm
+  children:
+    nameservers:
+nameservers:
+  hosts:
+    us1.ns.9pfs.dn42:
+      machine_type: container
+    us2.ns.9pfs.dn42:
diff --git a/update-bgp.yml b/update-bgp.yml
new file mode 100644
index 0000000..666aa02
--- /dev/null
+++ b/update-bgp.yml
@@ -0,0 +1,17 @@
+- hosts: routers
+  remote_user: root
+  tasks:
+    - name: add internal bgp peers
+      template:
+        src: int-bgp.j2
+        dest: /etc/bird/peers/internal.conf
+    - name: add route collector peering
+      copy:
+        src: collector.conf
+        dest: /etc/bird/peers/collector.conf
+    - name: reload bird
+      ansible.builtin.systemd_service:
+        name: bird.service
+        enabled: true
+        state: reloaded
+      when: ansible_service_mgr == 'systemd'
diff --git a/upgrade.yml b/upgrade.yml
new file mode 100644
index 0000000..f430232
--- /dev/null
+++ b/upgrade.yml
@@ -0,0 +1,9 @@
+- hosts: all
+  remote_user: root
+  tasks:
+    - name: upgrade debian systems
+      ansible.builtin.apt:
+        update_cache: yes
+        upgrade: dist
+        cache_valid_time: 3600
+      when: ansible_distribution == 'Debian'