From 61ed660df90c0c46cd0906e6464abf30ef48ab06 Mon Sep 17 00:00:00 2001 From: h <9pfs@amcforum.wiki> Date: Sun, 19 Jan 2025 22:09:11 -0800 Subject: [PATCH] change lots of things --- bird-babel.j2 | 6 +----- ext-peer.bgp.conf.j2 | 2 +- ext-peer.netdev.j2 | 4 ++++ ext-peer.network.j2 | 4 ++-- int-bgp.j2 | 3 +++ inventory.yml | 1 + lg.yml | 2 +- peerings/genesis.yaml | 16 ++++++++++++++++ peerings/kix.yaml | 26 ++++++++++++++++++++++++-- peerings/uk1.yaml | 30 ++++++++++++++++++++++++++++++ peerings/us1.yaml | 9 +++++++++ peerings/us3.yaml | 23 ++++++++++++++++++++++- solanum.yml | 2 +- yggdrasil.yml | 11 +++++++---- 14 files changed, 122 insertions(+), 17 deletions(-) create mode 100644 peerings/genesis.yaml diff --git a/bird-babel.j2 b/bird-babel.j2 index caef34f..d8976ee 100644 --- a/bird-babel.j2 +++ b/bird-babel.j2 @@ -13,13 +13,12 @@ protocol direct { interface "igp-dummy*"; interface "host0"; interface "host0*"; - interface "zt*"; + interface "ztwfugvwdo"; interface "en*"; interface "br*"; interface "int-*"; interface "bond*"; interface "eth*"; - interface "intbr0"; }; protocol babel int_babel { @@ -46,9 +45,6 @@ protocol babel int_babel { interface "host0" { type wired; }; - interface "zt*" { - type tunnel; - }; interface "en*" { type wired; }; diff --git a/ext-peer.bgp.conf.j2 b/ext-peer.bgp.conf.j2 index 426156a..aca832d 100644 --- a/ext-peer.bgp.conf.j2 +++ b/ext-peer.bgp.conf.j2 @@ -1,5 +1,5 @@ protocol bgp dn42_{{ item['remotename'] }} from dnpeers { - neighbor {{ item['remote_llv6'] }} % 'dn42{{ item['remotename'] }}' as {{ item['asn'] }}; + neighbor {{ item['remote_llv6'] }} % {% if item.ifacename is defined %}{{ item.ifacename }}{% else %}'dn42{{ item['remotename'] }}'{% endif %} as {{ item['asn'] }}; {% if item.extmsg|default(true) %} enable extended messages on; {% endif %} diff --git a/ext-peer.netdev.j2 b/ext-peer.netdev.j2 index 2847d4f..e2ab928 100644 --- a/ext-peer.netdev.j2 +++ b/ext-peer.netdev.j2 @@ -1,3 +1,4 @@ +{% if item.wireguard|default(true) %} [NetDev] Name=dn42{{ item['remotename'] }} Kind=wireguard @@ -29,3 +30,6 @@ AllowedIPs=fe80::/64 fd00::/8 172.20.0.0/14 172.31.0.0/16 10.0.0.0/8 {% if item.pskpath is defined %} PresharedKeyFile={{ item.pskpath }} {% endif %} +{% else %} +# This peering does not use wireguard, so there's nothing here. +{% endif %} \ No newline at end of file diff --git a/ext-peer.network.j2 b/ext-peer.network.j2 index 28b13a6..e0b7cf0 100644 --- a/ext-peer.network.j2 +++ b/ext-peer.network.j2 @@ -1,5 +1,5 @@ [Match] -Name=dn42{{ item['remotename'] }} +Name=dn42{% if ifacename is defined %}{{ item.ifacename }}{% else %}{{ item['remotename'] }}{% endif %} [Network] DHCP=false @@ -8,7 +8,7 @@ IPv4Forwarding=true IPv6Forwarding=true KeepConfiguration=true IPv4ReversePathFilter=no -Description=DN42 peering with AS{{ item.asn }} @ {% if item.remotehost is defined %}{{ item.remotehost }}[{{ item.remoteip }}]:{{ item.remoteport }}{% else %}[{{ item.remoteip }}]:{{ item.remoteport }}{% endif %} +Description=DN42 peering with AS{{ item.asn }}{% if item.wireguard|default(true) %} @ {% if item.remotehost is defined %}{{ item.remotehost }}[{{ item.remoteip }}]:{{ item.remoteport }}{% else %}[{{ item.remoteip }}]:{{ item.remoteport }}{% endif %} {% endif %} [Address] {% if item['llv6'] is defined %} diff --git a/int-bgp.j2 b/int-bgp.j2 index d0cdb52..675104e 100644 --- a/int-bgp.j2 +++ b/int-bgp.j2 @@ -22,6 +22,9 @@ template bgp intpeers { {% for host in groups['routers'] %} {% if host != inventory_hostname %} protocol bgp int_{{ hostvars[host]['pop_loc'] }} from intpeers { + {% if hostvars[host]['ibgp_passive']|default(false) %} + passive on; + {% endif %} neighbor {{ hostvars[host]['unicastv6'] }} as OWNAS; } {% endif %} diff --git a/inventory.yml b/inventory.yml index f6e8771..bf47a61 100644 --- a/inventory.yml +++ b/inventory.yml @@ -52,6 +52,7 @@ routers: llv6: fe80::2002:6 pop_loc: genesis solanum_sid: '9R6' + ibgp_passive: true services: hosts: mail.9pfs.dn42: diff --git a/lg.yml b/lg.yml index 9827bf4..3bc9c03 100644 --- a/lg.yml +++ b/lg.yml @@ -1,5 +1,5 @@ - name: Configure bird-lg-go on routers - hosts: routers + hosts: lg-hosts remote_user: root tasks: - name: Build looking glass destinations list diff --git a/peerings/genesis.yaml b/peerings/genesis.yaml new file mode 100644 index 0000000..84e8dfb --- /dev/null +++ b/peerings/genesis.yaml @@ -0,0 +1,16 @@ +--- +peers: + - remotename: jlu5 + asn: 4242421080 + remotehost: yvr.peer.highdef.network + remoteip: 104.129.181.124 + remoteport: 22002 + publickey: O4qWRgbJVdOM8ktyUQyT1s11WkR16JTgtnn42m9A2R8= + remote_llv6: fe80::1080:35 + keypath: /etc/systemd/network/jlu5.key + - remotename: sol + asn: 4242422444 + wireguard: false + remote_llv6: fc5f:98e2:a198:8ddf:7d5d::1 + ifacename: ztt2t2xn3a + llv6: fc5f:98e2:a1f1:25ec:4c4d::1 \ No newline at end of file diff --git a/peerings/kix.yaml b/peerings/kix.yaml index 40321ef..67720b0 100644 --- a/peerings/kix.yaml +++ b/peerings/kix.yaml @@ -17,7 +17,7 @@ peers: - remotename: jlu5 asn: 4242421080 remotehost: chi.peer.highdef.network - remoteip: 64.44.131.204 + remoteip: 134.195.88.97 remoteport: 22002 publickey: u4WJMAoCHIOeh/+6NWMytNygp+/wrMogB+rwyVzXoEg= remote_llv6: fe80::113 @@ -59,4 +59,26 @@ peers: remoteip: 64.176.218.85 remoteport: 42002 publickey: 86/CxSzDM6ppIAxgvjsfXnUoKd29BS1v1ltAaYYVUxQ= - remote_llv6: fe80::3703:236 \ No newline at end of file + remote_llv6: fe80::3703:236 + - remotename: mk16 + asn: 4242422923 + remotehost: aurora.mk16.de + remoteip: 74.208.212.195 + remoteport: 52002 + publickey: R4hP0xcQJeFOb/A/tHIZsyi3QaKHAgBdxLyab9aupEk= + pskpath: /etc/systemd/network/mk16.psk + remote_llv6: fe80::2923 + - remotename: chaox + asn: 4242422596 + remotehost: racknerd.chaox.ro + remoteip: 192.3.209.71 + remoteport: 22002 + publickey: rZYo5BZ4D8Y5VSwCoAI+qDvtBM+HuRtG6YVvR0cZ3gs= + remote_llv6: fe80::2596:7 + - remotename: lantian + asn: 4242422547 + remotehost: virmach-ny1g.lantian.pub + remoteip: 45.42.214.121 + remoteport: 22002 + publickey: a+zL2tDWjwxBXd2bho2OjR/BEmRe2tJF9DHFmZIE+Rk= + remote_llv6: fe80::2547 \ No newline at end of file diff --git a/peerings/uk1.yaml b/peerings/uk1.yaml index baa0bf1..0bba81c 100644 --- a/peerings/uk1.yaml +++ b/peerings/uk1.yaml @@ -156,3 +156,33 @@ peers: remoteport: 22002 publickey: N9rGceoiFcc/obnHrqMAmVlrb/E2Br55+doekTKwNF8= remote_llv6: fe80::129:2 + - remotename: mk16 + asn: 4242422923 + remotehost: silvermoon.mk16.de + remoteip: 185.175.59.174 + remoteport: 52002 + publickey: 3Cbi4y/rsuH17UTMcqm4v8lL7YO3kq4QRjjDdAusLGo= + pskpath: /etc/systemd/network/mk16.psk + remote_llv6: fe80::2923 + - remotename: chaox + asn: 4242422596 + remotehost: polarian.chaox.ro + remoteip: 217.169.18.59 + remoteport: 22002 + publickey: sZppTfJNf/BdC92Uw/xjsx4IGyQpTRU/8wtmuwkEHAg= + remote_llv6: fe80::2596:6 + - remotename: charlie + asn: 4242422936 + remotehost: rtr-uksouth2.dn42.i-am.cool + remoteip: 132.145.33.139 + remoteport: 42252 + publickey: XdkBTEDibA+HeyXbElr+7uhWaZoXrmk94zraDae+6n8= + remote_llv6: fe80::2936 + localport: 22936 + - remotename: lantian + asn: 4242422547 + remotehost: buyvm.lantian.pub + remoteip: 107.189.12.254 + remoteport: 22002 + publickey: DkmSBCIgrxPPZmT07DraoCSD/jSByjPkYqHJWfVZ5hM= + remote_llv6: fe80::2547 \ No newline at end of file diff --git a/peerings/us1.yaml b/peerings/us1.yaml index f66b9b6..74df941 100644 --- a/peerings/us1.yaml +++ b/peerings/us1.yaml @@ -24,3 +24,12 @@ peers: remoteport: 52002 publickey: 8clbJPxK5ylOhFDNGdn/CL5zRWQdf7rXbLeF7j8czFI= remote_llv6: fe80::207 + - remotename: mk16 + asn: 4242422923 + remotehost: trolljaeger.mk16.de + remoteip: 165.140.142.42 + remoteport: 52002 + publickey: oglSOlDk4EwVtGdv5O8PUvGnrahvZQEwRo//C0Kl7VE= + pskpath: /etc/systemd/network/mk16.psk + remote_llv6: fe80::2923 + \ No newline at end of file diff --git a/peerings/us3.yaml b/peerings/us3.yaml index 5f7463f..204eb90 100644 --- a/peerings/us3.yaml +++ b/peerings/us3.yaml @@ -96,4 +96,25 @@ peers: publickey: vKYOjO3D/liyslRdvKHEwfUnAzMR19OM5gku7eKrJDc= remote_llv6: fe80::1197 localport: 21197 - mtu: 1400 \ No newline at end of file + mtu: 1400 + - remotename: mk16 + asn: 4242422923 + remotehost: stricker.mk16.de + remoteip: 51.81.139.248 + remoteport: 52002 + publickey: djVxzb+bhCaihwFtO1LlQFkAksdDBymJc1ZfAKCBX1k= + pskpath: /etc/systemd/network/mk16.psk + remote_llv6: fe80::2923 + - remotename: lantian + asn: 4242422547 + remotehost: bwg-lax.lantian.pub + remoteip: 64.64.231.82 + remoteport: 22002 + publickey: zyATu8FW392WFFNAz7ZH6+4TUutEYEooPPirwcoIiXo= + remote_llv6: fe80::2547 + - remotename: sol + asn: 4242422444 + wireguard: false + remote_llv6: fc5f:98e2:a198:8ddf:7d5d::1 + ifacename: ztt2t2xn3a + llv6: fc5f:98e2:a115:6d16:a46e::1 \ No newline at end of file diff --git a/solanum.yml b/solanum.yml index 88e1445..e2bcd67 100644 --- a/solanum.yml +++ b/solanum.yml @@ -13,7 +13,7 @@ when: ansible_distribution == 'Debian' and solanum_already_built.stat.exists == False - name: Add Arch build dependencies ansible.builtin.pacman: - name: base-devel,autoconf,automake,libtool + name: base-devel,autoconf,automake,libtool,git state: present when: ansible_distribution == 'Archlinux' and solanum_already_built.stat.exists == False - name: Create solanum user diff --git a/yggdrasil.yml b/yggdrasil.yml index 8734a2a..798e8a3 100644 --- a/yggdrasil.yml +++ b/yggdrasil.yml @@ -1,14 +1,17 @@ - hosts: routers remote_user: root tasks: - - name: fetch gpg key locally - ansible.builtin.command: gpg --fetch-keys https://neilalexander.s3.dualstack.eu-west-2.amazonaws.com/deb/key.txt - delegate_to: 127.0.0.1 - run_once: true - name: See if gpg key exists already ansible.builtin.stat: path: yggdrasil/yggdrasil-keyring.gpg register: gpg_key_exists + delegate_to: 127.0.0.1 + run_once: true + - name: fetch gpg key locally + ansible.builtin.command: gpg --fetch-keys https://neilalexander.s3.dualstack.eu-west-2.amazonaws.com/deb/key.txt + delegate_to: 127.0.0.1 + run_once: true + when: gpg_key_exists.stat.exists == False - name: export gpg key ansible.builtin.command: gpg --output yggdrasil/yggdrasil-keyring.gpg --export BC1BF63BD10B8F1A delegate_to: 127.0.0.1