add fr1 and ca1 nodes, update things

bird-babel.j2

@@ -11,14 +11,18 @@ protocol direct {
         export where net ~ [ fd00::/8+ ];
     };
     interface "igp-dummy*";
+    {% if not (shared_net|default(false)) %}
     interface "host0";
     interface "host0*";
+    {% endif %}
     interface "ztwfugvwdo";
+    {% if not (shared_net|default(false)) %}
     interface "en*";
     interface "br*";
     interface "int-*";
     interface "bond*";
     interface "eth*";
+    {% endif %}
 };
 
 protocol babel int_babel {
@@ -39,6 +43,7 @@ protocol babel int_babel {
     interface "ztwfugvwdo" {
         type tunnel;
     };
+    {% if not (shared_net|default(false)) %}
     interface "host0*" {
         type wired;
     };
@@ -51,13 +56,16 @@ protocol babel int_babel {
     interface "br*" {
         type wired;
     };
+    {% endif %}
     interface "int-*" {
         type tunnel;
     };
+    {% if not (shared_net|default(false)) %}
     interface "bond*" {
         type wired;
     };
     interface "wl*" {
         type wireless;
     };
+    {% endif %}
 };

ext-peer.bgp.conf.j2

@@ -1,4 +1,5 @@
 {% if item.mp|default(true) %}
+{% if item.remote_llv6 is defined %}
 protocol bgp dn42_{{ item['remotename'] }} from dnpeers {
 	neighbor {{ item['remote_llv6'] }} % {% if item.ifacename is defined %}{{ item.ifacename }}{% else %}'dn42{{ item['remotename'] }}'{% endif %} as {{ item['asn'] }};
 {% if item.extmsg|default(true) %}
@@ -18,6 +19,7 @@ protocol bgp dn42_{{ item['remotename'] }} from dnpeers {
 	};
 {% endif %}
 }
+{% endif %}
 {% else %}
 {% if item.needs_v4|default(true) %}
 protocol bgp dn42_{{ item['remotename'] }}_v4 from dnpeers {

ext-peer.network.j2

@@ -12,14 +12,20 @@ Description=DN42 peering with AS{{ item.asn }}{% if item.wireguard|default(true)
 
 [Address]
 {% if item['llv6'] is defined %}
-Address={{ item['llv6'] }}/128
+Address={{ item['llv6'] }}/{% if item.remote_llv6 is defined %}128{% else %}64{% endif %}
+
 {% else %}
-Address={{ llv6 }}/128
+Address={{ llv6 }}/{% if item.remote_llv6 is defined %}128{% else %}64{% endif %}
+
 {% endif %}
+
+{% if item.remote_llv6 is defined %}
 Peer={{ item['remote_llv6'] }}/128
+{% endif %}
 
 [Address]
 Address={{ unicastv4 }}/32
+
 {% if item['remote_unicastv4'] is defined %}
 Peer={{ item['remote_unicastv4'] }}
 {% endif %}

igp-dummy-def.netdev

@@ -0,0 +1,3 @@
+[NetDev]
+Name=igp-dummy-def
+Kind=dummy

igp-dummy-def.network.j2

@@ -0,0 +1,10 @@
+[Match]
+Name=igp-dummy-def
+
+[Network]
+{% if unicastv4 is defined %}
+Address={{ unicastv4 }}/32
+{% endif %}
+{% if unicastv6 is defined %}
+Address={{ unicastv6 }}/128
+{% endif %}

inventory.yml

@@ -44,6 +44,7 @@ routers:
       llv6: fe80::2002:5
       pop_loc: kix
       solanum_sid: '9R5'
+      shared_net: true
     genesis.routers.9pfs.dn42:
       ansible_python_interpreter: "/usr/bin/python3"
       machine_type: container
@@ -53,11 +54,29 @@ routers:
       pop_loc: genesis
       solanum_sid: '9R6'
       ibgp_passive: true
+    fr1.routers.9pfs.dn42:
+      machine_type: vm
+      unicastv4: 172.22.161.7
+      unicastv6: fd32:6b0:70a6:179::7
+      llv6: fe80::2002:7
+      pop_loc: fr1
+      solanum_sid: '9R7'
+      ansible_host: 84.235.232.147
+      ansible_python_interpreter: "/usr/bin/python3"
+    ca1.routers.9pfs.dn42:
+      machine_type: vm
+      unicastv4: 172.22.161.8
+      unicastv6: fd32:6b0:70a6:179::8
+      llv6: fe80::2002:8
+      pop_loc: ca1
+      solanum_sid: '9R8'
+      ansible_python_interpreter: "/usr/bin/python3"
+      shared_net: true
 services:
   hosts:
     mail.9pfs.dn42:
       ansible_python_interpreter: "/usr/bin/python3"
-      machine_type: vm
+      machine_type: vm 
   children:
     nameservers:
 nameservers:
@@ -74,6 +93,8 @@ irc-servers:
     uk1.routers.9pfs.dn42:
     us3.routers.9pfs.dn42:
     kix.routers.9pfs.dn42:
+    fr1.routers.9pfs.dn42:
+    ca1.routers.9pfs.dn42:
 
 # Same host list as irc-servers, genesis shouldn't run a lg because it goes down frequently
 lg-hosts:
@@ -83,3 +104,5 @@ lg-hosts:
     uk1.routers.9pfs.dn42:
     us3.routers.9pfs.dn42:
     kix.routers.9pfs.dn42:
+    fr1.routers.9pfs.dn42:
+    ca1.routers.9pfs.dn42:

lg.yml

@@ -20,7 +20,7 @@
       when: ansible_distribution == 'Debian'
     - name: Add Arch build dependencies
       ansible.builtin.pacman:
-        name: base-devel,go
+        name: base-devel,go,git
         state: present
       when: ansible_distribution == 'Archlinux'
     - name: Make bird-lg-go directory in /opt

mkpeerkey.sh

@@ -0,0 +1,6 @@
+#!/bin/bash
+set -x
+cd /etc/systemd/network && \
+wg genkey|tee "$1".key|wg pubkey > "$1".pub && \
+chmod o-rwx "$1".key && \
+chown root:systemd-network "$1".key

peerings/ca1.yaml

@@ -0,0 +1,15 @@
+peers:
+  - remotename: hpg
+    asn: 4242420965
+    wireguard: false
+    ifacename: ens19
+    remote_llv6: fe80::108
+  - remotename: burble
+    asn: 4242422601
+    remotehost: dn42-ca-bhs1.burble.com
+    remoteip: 2607:5300:60:7a9c::1
+    remoteport: 22002
+    publickey: WrUM5mGtrq5Rai3cW5P7aMIijnSPCLV4MPhwn82vylw=
+    remote_llv6: fe80::42:2601:2c:1
+    localport: 22601
+    keypath: /etc/systemd/network/burble.key

peerings/fr1.yaml

@@ -0,0 +1,27 @@
+---
+peers:
+  - remotename: routedbits
+    asn: 4242420207
+    remotehost: router.mil1.routedbits.com
+    remoteip: 172.232.192.193
+    remoteport: 52002
+    publickey: 3PKBRR7RmQcoIaO/66ulJVNgGqOsEYy2YIdHMuloQxE=
+    remote_llv6: fe80::207
+    keypath: /etc/systemd/network/routedbits.key
+  - remotename: cdubs
+    asn: 4242420566
+    remotehost: dn12.par.surgebytes.com
+    remoteip: 2a12:5e40:1:6cb8:46e2:6c4d:cae9:f126
+    remoteport: 32002
+    publickey: BUwcekndEXomkkK05fsqE14PswqnFTre6c99FrJXJ2o=
+    remote_llv6: fe80::566:12
+    keypath: /etc/systemd/network/cdubs.key
+  - remotename: burble
+    asn: 4242422601
+    remotehost: dn42-fr-rbx1.burble.com
+    remoteip: 51.254.198.204
+    remoteport: 22002
+    publickey: T12uXw8D5/GY66cEIz1EE9H7OJo1bL7kFYcFQKHVFhk=
+    remote_llv6: fe80::42:2601:26:1
+    keypath: /etc/systemd/network/burble.key
+    localport: 22601

peerings/uk1.yaml

@@ -179,6 +179,9 @@ peers:
     publickey: XdkBTEDibA+HeyXbElr+7uhWaZoXrmk94zraDae+6n8= 
     remote_llv6: fe80::2936
     localport: 22936
+    mp: false
+    enh: false
+    remote_unicastv4: 172.20.43.131
   - remotename: lantian
     asn: 4242422547
     remotehost: buyvm.lantian.pub

setup.yml

@@ -2,6 +2,16 @@
   hosts: routers
   remote_user: root
   tasks:
+    - name: Install bird on Arch
+      ansible.builtin.package:
+        name: bird
+        state: present
+      when: ansible_distribution == 'Archlinux'
+    - name: Install bird on Debian
+      ansible.builtin.package:
+        name: bird2
+        state: present
+      when: ansible_distribution == 'Debian'
     - name: Create bird directory
       ansible.builtin.file:
         path: /etc/bird
@@ -51,6 +61,22 @@
         dest: /etc/systemd/system/dn42-roa.timer
         mode: '0644'
       when: ansible_service_mgr == 'systemd'
+    - name: Add igp-dummy-def.netdev
+      ansible.builtin.copy:
+        src: igp-dummy-def.netdev
+        dest: /etc/systemd/network/igp-dummy-def.netdev
+        mode: '0644'
+      when: ansible_service_mgr == 'systemd'
+    - name: Add igp-dummy-def.network
+      ansible.builtin.template:
+        src: igp-dummy-def.network.j2
+        dest: /etc/systemd/network/igp-dummy-def.network
+        mode: '0644'
+      when: ansible_service_mgr == 'systemd'
+    - name: reload systemd-networkd
+      ansible.builtin.command:
+        cmd: networkctl reload
+      when: ansible_service_mgr == 'systemd'
     - name: Enable+start dn42-roa.timer
       ansible.builtin.systemd_service:
         name: dn42-roa.timer
@@ -78,3 +104,8 @@
     - name: load sysctl configs
       command: sysctl --system
       ignore_errors: true
+    - name: Push mkpeerkey.sh to hosts
+      ansible.builtin.copy:
+        src: mkpeerkey.sh
+        dest: /usr/local/bin/mkpeerkey.sh
+        mode: '0755'