9pfs/dn42-ansible
1
0
Fork 1
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

add fr1 and ca1 nodes, update things

Browse source
This commit is contained in:
h 2025-01-25 12:47:55 -08:00
parent 4fb9e0d324
commit 5ddd74b201
Signed by: 9pfs
SSH key fingerprint: SHA256:jgJ8oy3dFgbNXEiRdZlbUhItY8fbh4UvvJ2qhxoOC88
12 changed files with 138 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
bird-babel.j2
View file

@ -11,14 +11,18 @@ protocol direct {
export where net ~ [ fd00::/8+ ];
};
interface "igp-dummy*";
{% if not (shared_net|default(false)) %}
interface "host0";
interface "host0*";
{% endif %}
interface "ztwfugvwdo";
{% if not (shared_net|default(false)) %}
interface "en*";
interface "br*";
interface "int-*";
interface "bond*";
interface "eth*";
{% endif %}
};
protocol babel int_babel {
@ -39,6 +43,7 @@ protocol babel int_babel {
interface "ztwfugvwdo" {
type tunnel;
};
{% if not (shared_net|default(false)) %}
interface "host0*" {
type wired;
};
@ -51,13 +56,16 @@ protocol babel int_babel {
interface "br*" {
type wired;
};
{% endif %}
interface "int-*" {
type tunnel;
};
{% if not (shared_net|default(false)) %}
interface "bond*" {
type wired;
};
interface "wl*" {
type wireless;
};
{% endif %}
};

2
ext-peer.bgp.conf.j2
View file

@ -1,4 +1,5 @@
{% if item.mp|default(true) %}
{% if item.remote_llv6 is defined %}
protocol bgp dn42_{{ item['remotename'] }} from dnpeers {
neighbor {{ item['remote_llv6'] }} % {% if item.ifacename is defined %}{{ item.ifacename }}{% else %}'dn42{{ item['remotename'] }}'{% endif %} as {{ item['asn'] }};
{% if item.extmsg|default(true) %}
@ -18,6 +19,7 @@ protocol bgp dn42_{{ item['remotename'] }} from dnpeers {
};
{% endif %}
}
{% endif %}
{% else %}
{% if item.needs_v4|default(true) %}
protocol bgp dn42_{{ item['remotename'] }}_v4 from dnpeers {

10
ext-peer.network.j2
View file

@ -12,14 +12,20 @@ Description=DN42 peering with AS{{ item.asn }}{% if item.wireguard|default(true)
[Address]
{% if item['llv6'] is defined %}
Address={{ item['llv6'] }}/128
Address={{ item['llv6'] }}/{% if item.remote_llv6 is defined %}128{% else %}64{% endif %}
{% else %}
Address={{ llv6 }}/128
Address={{ llv6 }}/{% if item.remote_llv6 is defined %}128{% else %}64{% endif %}
{% endif %}
{% if item.remote_llv6 is defined %}
Peer={{ item['remote_llv6'] }}/128
{% endif %}
[Address]
Address={{ unicastv4 }}/32
{% if item['remote_unicastv4'] is defined %}
Peer={{ item['remote_unicastv4'] }}
{% endif %}

3
igp-dummy-def.netdev Normal file
View file

@ -0,0 +1,3 @@
[NetDev]
Name=igp-dummy-def
Kind=dummy

10
igp-dummy-def.network.j2 Normal file
View file

@ -0,0 +1,10 @@
[Match]
Name=igp-dummy-def
[Network]
{% if unicastv4 is defined %}
Address={{ unicastv4 }}/32
{% endif %}
{% if unicastv6 is defined %}
Address={{ unicastv6 }}/128
{% endif %}

25
inventory.yml
View file

@ -44,6 +44,7 @@ routers:
llv6: fe80::2002:5
pop_loc: kix
solanum_sid: '9R5'
shared_net: true
genesis.routers.9pfs.dn42:
ansible_python_interpreter: "/usr/bin/python3"
machine_type: container
@ -53,11 +54,29 @@ routers:
pop_loc: genesis
solanum_sid: '9R6'
ibgp_passive: true
fr1.routers.9pfs.dn42:
machine_type: vm
unicastv4: 172.22.161.7
unicastv6: fd32:6b0:70a6:179::7
llv6: fe80::2002:7
pop_loc: fr1
solanum_sid: '9R7'
ansible_host: 84.235.232.147
ansible_python_interpreter: "/usr/bin/python3"
ca1.routers.9pfs.dn42:
machine_type: vm
unicastv4: 172.22.161.8
unicastv6: fd32:6b0:70a6:179::8
llv6: fe80::2002:8
pop_loc: ca1
solanum_sid: '9R8'
ansible_python_interpreter: "/usr/bin/python3"
shared_net: true
services:
hosts:
mail.9pfs.dn42:
ansible_python_interpreter: "/usr/bin/python3"
machine_type: vm
machine_type: vm
children:
nameservers:
nameservers:
@ -74,6 +93,8 @@ irc-servers:
uk1.routers.9pfs.dn42:
us3.routers.9pfs.dn42:
kix.routers.9pfs.dn42:
fr1.routers.9pfs.dn42:
ca1.routers.9pfs.dn42:
# Same host list as irc-servers, genesis shouldn't run a lg because it goes down frequently
lg-hosts:
@ -83,3 +104,5 @@ lg-hosts:
uk1.routers.9pfs.dn42:
us3.routers.9pfs.dn42:
kix.routers.9pfs.dn42:
fr1.routers.9pfs.dn42:
ca1.routers.9pfs.dn42:

2
lg.yml
View file

@ -20,7 +20,7 @@
when: ansible_distribution == 'Debian'
- name: Add Arch build dependencies
ansible.builtin.pacman:
name: base-devel,go
name: base-devel,go,git
state: present
when: ansible_distribution == 'Archlinux'
- name: Make bird-lg-go directory in /opt

6
mkpeerkey.sh Normal file
View file

@ -0,0 +1,6 @@
#!/bin/bash
set -x
cd /etc/systemd/network && \
wg genkey|tee "$1".key|wg pubkey > "$1".pub && \
chmod o-rwx "$1".key && \
chown root:systemd-network "$1".key

15
peerings/ca1.yaml Normal file
View file

@ -0,0 +1,15 @@
peers:
- remotename: hpg
asn: 4242420965
wireguard: false
ifacename: ens19
remote_llv6: fe80::108
- remotename: burble
asn: 4242422601
remotehost: dn42-ca-bhs1.burble.com
remoteip: 2607:5300:60:7a9c::1
remoteport: 22002
publickey: WrUM5mGtrq5Rai3cW5P7aMIijnSPCLV4MPhwn82vylw=
remote_llv6: fe80::42:2601:2c:1
localport: 22601
keypath: /etc/systemd/network/burble.key

27
peerings/fr1.yaml Normal file
View file

@ -0,0 +1,27 @@
---
peers:
- remotename: routedbits
asn: 4242420207
remotehost: router.mil1.routedbits.com
remoteip: 172.232.192.193
remoteport: 52002
publickey: 3PKBRR7RmQcoIaO/66ulJVNgGqOsEYy2YIdHMuloQxE=
remote_llv6: fe80::207
keypath: /etc/systemd/network/routedbits.key
- remotename: cdubs
asn: 4242420566
remotehost: dn12.par.surgebytes.com
remoteip: 2a12:5e40:1:6cb8:46e2:6c4d:cae9:f126
remoteport: 32002
publickey: BUwcekndEXomkkK05fsqE14PswqnFTre6c99FrJXJ2o=
remote_llv6: fe80::566:12
keypath: /etc/systemd/network/cdubs.key
- remotename: burble
asn: 4242422601
remotehost: dn42-fr-rbx1.burble.com
remoteip: 51.254.198.204
remoteport: 22002
publickey: T12uXw8D5/GY66cEIz1EE9H7OJo1bL7kFYcFQKHVFhk=
remote_llv6: fe80::42:2601:26:1
keypath: /etc/systemd/network/burble.key
localport: 22601

3
peerings/uk1.yaml
View file

@ -179,6 +179,9 @@ peers:
publickey: XdkBTEDibA+HeyXbElr+7uhWaZoXrmk94zraDae+6n8=
remote_llv6: fe80::2936
localport: 22936
mp: false
enh: false
remote_unicastv4: 172.20.43.131
- remotename: lantian
asn: 4242422547
remotehost: buyvm.lantian.pub

31
setup.yml
View file

@ -2,6 +2,16 @@
hosts: routers
remote_user: root
tasks:
- name: Install bird on Arch
ansible.builtin.package:
name: bird
state: present
when: ansible_distribution == 'Archlinux'
- name: Install bird on Debian
ansible.builtin.package:
name: bird2
state: present
when: ansible_distribution == 'Debian'
- name: Create bird directory
ansible.builtin.file:
path: /etc/bird
@ -51,6 +61,22 @@
dest: /etc/systemd/system/dn42-roa.timer
mode: '0644'
when: ansible_service_mgr == 'systemd'
- name: Add igp-dummy-def.netdev
ansible.builtin.copy:
src: igp-dummy-def.netdev
dest: /etc/systemd/network/igp-dummy-def.netdev
mode: '0644'
when: ansible_service_mgr == 'systemd'
- name: Add igp-dummy-def.network
ansible.builtin.template:
src: igp-dummy-def.network.j2
dest: /etc/systemd/network/igp-dummy-def.network
mode: '0644'
when: ansible_service_mgr == 'systemd'
- name: reload systemd-networkd
ansible.builtin.command:
cmd: networkctl reload
when: ansible_service_mgr == 'systemd'
- name: Enable+start dn42-roa.timer
ansible.builtin.systemd_service:
name: dn42-roa.timer
@ -78,3 +104,8 @@
- name: load sysctl configs
command: sysctl --system
ignore_errors: true
- name: Push mkpeerkey.sh to hosts
ansible.builtin.copy:
src: mkpeerkey.sh
dest: /usr/local/bin/mkpeerkey.sh
mode: '0755'