diff --git a/ext-peer.bgp.conf.j2 b/ext-peer.bgp.conf.j2 new file mode 100644 index 0000000..d05fb09 --- /dev/null +++ b/ext-peer.bgp.conf.j2 @@ -0,0 +1,13 @@ +protocol bgp dn42_{{ item['remotename'] }} from dnpeers { + neighbor {{ item['remote_llv6'] }} % 'dn42{{ item['remotename'] }}' as {{ item['asn'] }}; +{% if item['needs_v4'] is defined %} +{% if item['remote_unicastv4'] is not defined %} + ipv4 { + extended next hop on; + }; +{% endif %} + ipv6 { + extended next hop on; + }; +{% endif %} +} diff --git a/ext-peer.netdev.j2 b/ext-peer.netdev.j2 new file mode 100644 index 0000000..41e57bd --- /dev/null +++ b/ext-peer.netdev.j2 @@ -0,0 +1,20 @@ +[NetDev] +Name=dn42{{ item['remotename'] }} +Kind=wireguard + +[WireGuard] +PrivateKeyFile=/etc/systemd/network/wg.key +{% if item['localport'] is defined %} +ListenPort={{ item['localport'] }} +{% endif %} + +[WireGuardPeer] +{% if item['remotehost'] is defined %} +# {{ item['remotehost'] }} +{% endif %} +{% if item['remoteip'] is defined %} +Endpoint={{ item['remoteip'] }}:{{ item['remoteport'] }} +{% endif %} +PublicKey={{ item['publickey'] }} +PersistentKeepalive=15 +AllowedIPs=fe80::/64 fd00::/8 172.20.0.0/14 172.31.0.0/16 10.0.0.0/8 diff --git a/ext-peer.network.j2 b/ext-peer.network.j2 new file mode 100644 index 0000000..67cbba2 --- /dev/null +++ b/ext-peer.network.j2 @@ -0,0 +1,23 @@ +[Match] +Name=dn42{{ item['remotename'] }} + +[Network] +DHCP=false +IPv6AcceptRA=false +IPv4Forwarding=true +IPv6Forwarding=true +KeepConfiguration=true + +[Address] +{% if item['llv6'] is defined %} +Address={{ item['llv6'] }}/128 +{% else %} +Address={{ llv6 }}/128 +{% endif %} +Peer={{ item['remote_llv6'] }}/128 + +[Address] +Address={{ unicastv4 }}/32 +{% if item['remote_unicastv4'] is defined %} +Peer={{ item['remote_unicastv4'] }} +{% endif %} diff --git a/peerings.yml b/peerings.yml new file mode 100644 index 0000000..d0dcaa4 --- /dev/null +++ b/peerings.yml @@ -0,0 +1,39 @@ +- name: Configure peerings + hosts: routers + remote_user: root + tasks: + - name: Include per-node peering data + include_vars: "{{ playbook_dir }}/peerings/{{ pop_loc }}.yaml" + ignore_errors: false + - name: Generate systemd .netdev files + ansible.builtin.template: + src: ext-peer.netdev.j2 + dest: "/etc/systemd/network/dn42{{ item.remotename }}.netdev" + mode: '0644' + loop: "{{ peers }}" + when: peers is defined + register: netdev_files + - name: Generate systemd .network files + ansible.builtin.template: + src: ext-peer.network.j2 + dest: "/etc/systemd/network/dn42{{ item.remotename }}.network" + mode: '0644' + loop: "{{ peers }}" + when: peers is defined + register: network_files + - name: Generate BGP peering files + ansible.builtin.template: + src: ext-peer.bgp.conf.j2 + dest: "/etc/bird/peers/dn42{{ item.remotename }}.conf" + mode: '0644' + loop: "{{ peers }}" + register: bgp_files + when: peers is defined + - name: Reload systemd-networkd + ansible.builtin.command: networkctl reload + when: peers is defined + - name: Reload bird + ansible.builtin.systemd_service: + name: bird.service + state: reloaded + when: peers is defined