change lots of things

bird-babel.j2

@@ -13,13 +13,12 @@ protocol direct {
     interface "igp-dummy*";
     interface "host0";
     interface "host0*";
-    interface "zt*";
+    interface "ztwfugvwdo";
     interface "en*";
     interface "br*";
     interface "int-*";
     interface "bond*";
     interface "eth*";
-	interface "intbr0";
 };
 
 protocol babel int_babel {
@@ -46,9 +45,6 @@ protocol babel int_babel {
     interface "host0" {
         type wired;
     };
-    interface "zt*" {
-        type tunnel;
-    };
     interface "en*" {
         type wired;
     };

ext-peer.bgp.conf.j2

@@ -1,5 +1,5 @@
 protocol bgp dn42_{{ item['remotename'] }} from dnpeers {
-	neighbor {{ item['remote_llv6'] }} % 'dn42{{ item['remotename'] }}' as {{ item['asn'] }};
+	neighbor {{ item['remote_llv6'] }} % {% if item.ifacename is defined %}{{ item.ifacename }}{% else %}'dn42{{ item['remotename'] }}'{% endif %} as {{ item['asn'] }};
 {% if item.extmsg|default(true) %}
 	enable extended messages on;
 {% endif %}

ext-peer.netdev.j2

@@ -1,3 +1,4 @@
+{% if item.wireguard|default(true) %}
 [NetDev]
 Name=dn42{{ item['remotename'] }}
 Kind=wireguard
@@ -29,3 +30,6 @@ AllowedIPs=fe80::/64 fd00::/8 172.20.0.0/14 172.31.0.0/16 10.0.0.0/8
 {% if item.pskpath is defined %}
 PresharedKeyFile={{ item.pskpath }}
 {% endif %}
+{% else %}
+# This peering does not use wireguard, so there's nothing here.
+{% endif %}

ext-peer.network.j2

@@ -1,5 +1,5 @@
 [Match]
-Name=dn42{{ item['remotename'] }}
+Name=dn42{% if ifacename is defined %}{{ item.ifacename }}{% else %}{{ item['remotename'] }}{% endif %}
 
 [Network]
 DHCP=false
@@ -8,7 +8,7 @@ IPv4Forwarding=true
 IPv6Forwarding=true
 KeepConfiguration=true
 IPv4ReversePathFilter=no
-Description=DN42 peering with AS{{ item.asn }} @ {% if item.remotehost is defined %}{{ item.remotehost }}[{{ item.remoteip }}]:{{ item.remoteport }}{% else %}[{{ item.remoteip }}]:{{ item.remoteport }}{% endif %}
+Description=DN42 peering with AS{{ item.asn }}{% if item.wireguard|default(true) %} @ {% if item.remotehost is defined %}{{ item.remotehost }}[{{ item.remoteip }}]:{{ item.remoteport }}{% else %}[{{ item.remoteip }}]:{{ item.remoteport }}{% endif %} {% endif %}
 
 [Address]
 {% if item['llv6'] is defined %}

int-bgp.j2

@@ -22,6 +22,9 @@ template bgp intpeers {
 {% for host in groups['routers'] %}
 {% if host != inventory_hostname %}
 protocol bgp int_{{ hostvars[host]['pop_loc'] }} from intpeers {
+    {% if hostvars[host]['ibgp_passive']|default(false) %}
+    passive on;
+    {% endif %}
     neighbor {{ hostvars[host]['unicastv6'] }} as OWNAS;
 }
 {% endif %}

inventory.yml

@@ -52,6 +52,7 @@ routers:
       llv6: fe80::2002:6
       pop_loc: genesis
       solanum_sid: '9R6'
+      ibgp_passive: true
 services:
   hosts:
     mail.9pfs.dn42:

lg.yml

@@ -1,5 +1,5 @@
 - name: Configure bird-lg-go on routers
-  hosts: routers
+  hosts: lg-hosts
   remote_user: root
   tasks:
     - name: Build looking glass destinations list

peerings/genesis.yaml

@@ -0,0 +1,16 @@
+---
+peers:
+  - remotename: jlu5
+    asn: 4242421080
+    remotehost: yvr.peer.highdef.network
+    remoteip: 104.129.181.124
+    remoteport: 22002
+    publickey: O4qWRgbJVdOM8ktyUQyT1s11WkR16JTgtnn42m9A2R8=
+    remote_llv6: fe80::1080:35
+    keypath: /etc/systemd/network/jlu5.key
+  - remotename: sol
+    asn: 4242422444
+    wireguard: false
+    remote_llv6: fc5f:98e2:a198:8ddf:7d5d::1
+    ifacename: ztt2t2xn3a
+    llv6: fc5f:98e2:a1f1:25ec:4c4d::1

peerings/kix.yaml

@@ -17,7 +17,7 @@ peers:
   - remotename: jlu5
     asn: 4242421080
     remotehost: chi.peer.highdef.network
-    remoteip: 64.44.131.204
+    remoteip: 134.195.88.97
     remoteport: 22002
     publickey: u4WJMAoCHIOeh/+6NWMytNygp+/wrMogB+rwyVzXoEg=
     remote_llv6: fe80::113
@@ -59,4 +59,26 @@ peers:
     remoteip: 64.176.218.85
     remoteport: 42002
     publickey: 86/CxSzDM6ppIAxgvjsfXnUoKd29BS1v1ltAaYYVUxQ=
-    remote_llv6: fe80::3703:236
+    remote_llv6: fe80::3703:236
+  - remotename: mk16
+    asn: 4242422923
+    remotehost: aurora.mk16.de
+    remoteip: 74.208.212.195
+    remoteport: 52002
+    publickey: R4hP0xcQJeFOb/A/tHIZsyi3QaKHAgBdxLyab9aupEk=
+    pskpath: /etc/systemd/network/mk16.psk
+    remote_llv6: fe80::2923
+  - remotename: chaox
+    asn: 4242422596
+    remotehost: racknerd.chaox.ro
+    remoteip: 192.3.209.71
+    remoteport: 22002
+    publickey: rZYo5BZ4D8Y5VSwCoAI+qDvtBM+HuRtG6YVvR0cZ3gs=
+    remote_llv6: fe80::2596:7
+  - remotename: lantian
+    asn: 4242422547
+    remotehost: virmach-ny1g.lantian.pub
+    remoteip: 45.42.214.121
+    remoteport: 22002
+    publickey: a+zL2tDWjwxBXd2bho2OjR/BEmRe2tJF9DHFmZIE+Rk=
+    remote_llv6: fe80::2547

peerings/uk1.yaml

@@ -156,3 +156,33 @@ peers:
     remoteport: 22002
     publickey: N9rGceoiFcc/obnHrqMAmVlrb/E2Br55+doekTKwNF8=
     remote_llv6: fe80::129:2
+  - remotename: mk16
+    asn: 4242422923
+    remotehost: silvermoon.mk16.de
+    remoteip: 185.175.59.174
+    remoteport: 52002
+    publickey: 3Cbi4y/rsuH17UTMcqm4v8lL7YO3kq4QRjjDdAusLGo=
+    pskpath: /etc/systemd/network/mk16.psk
+    remote_llv6: fe80::2923
+  - remotename: chaox
+    asn: 4242422596
+    remotehost: polarian.chaox.ro
+    remoteip: 217.169.18.59
+    remoteport: 22002
+    publickey: sZppTfJNf/BdC92Uw/xjsx4IGyQpTRU/8wtmuwkEHAg=
+    remote_llv6: fe80::2596:6
+  - remotename: charlie
+    asn: 4242422936
+    remotehost: rtr-uksouth2.dn42.i-am.cool
+    remoteip: 132.145.33.139
+    remoteport: 42252
+    publickey: XdkBTEDibA+HeyXbElr+7uhWaZoXrmk94zraDae+6n8= 
+    remote_llv6: fe80::2936
+    localport: 22936
+  - remotename: lantian
+    asn: 4242422547
+    remotehost: buyvm.lantian.pub
+    remoteip: 107.189.12.254
+    remoteport: 22002
+    publickey: DkmSBCIgrxPPZmT07DraoCSD/jSByjPkYqHJWfVZ5hM=
+    remote_llv6: fe80::2547

peerings/us1.yaml

@@ -24,3 +24,12 @@ peers:
     remoteport: 52002
     publickey: 8clbJPxK5ylOhFDNGdn/CL5zRWQdf7rXbLeF7j8czFI=
     remote_llv6: fe80::207
+  - remotename: mk16
+    asn: 4242422923
+    remotehost: trolljaeger.mk16.de
+    remoteip: 165.140.142.42
+    remoteport: 52002
+    publickey: oglSOlDk4EwVtGdv5O8PUvGnrahvZQEwRo//C0Kl7VE=
+    pskpath: /etc/systemd/network/mk16.psk
+    remote_llv6: fe80::2923
+  

peerings/us3.yaml

@@ -96,4 +96,25 @@ peers:
     publickey: vKYOjO3D/liyslRdvKHEwfUnAzMR19OM5gku7eKrJDc=
     remote_llv6: fe80::1197
     localport: 21197
-    mtu: 1400
+    mtu: 1400
+  - remotename: mk16
+    asn: 4242422923
+    remotehost: stricker.mk16.de
+    remoteip: 51.81.139.248
+    remoteport: 52002
+    publickey: djVxzb+bhCaihwFtO1LlQFkAksdDBymJc1ZfAKCBX1k=
+    pskpath: /etc/systemd/network/mk16.psk
+    remote_llv6: fe80::2923
+  - remotename: lantian
+    asn: 4242422547
+    remotehost: bwg-lax.lantian.pub
+    remoteip: 64.64.231.82
+    remoteport: 22002
+    publickey: zyATu8FW392WFFNAz7ZH6+4TUutEYEooPPirwcoIiXo=
+    remote_llv6: fe80::2547
+  - remotename: sol
+    asn: 4242422444
+    wireguard: false
+    remote_llv6: fc5f:98e2:a198:8ddf:7d5d::1
+    ifacename: ztt2t2xn3a
+    llv6: fc5f:98e2:a115:6d16:a46e::1

solanum.yml

@@ -13,7 +13,7 @@
       when: ansible_distribution == 'Debian' and solanum_already_built.stat.exists == False
     - name: Add Arch build dependencies
       ansible.builtin.pacman:
-        name: base-devel,autoconf,automake,libtool
+        name: base-devel,autoconf,automake,libtool,git
         state: present
       when: ansible_distribution == 'Archlinux' and solanum_already_built.stat.exists == False
     - name: Create solanum user

yggdrasil.yml

@@ -1,14 +1,17 @@
 - hosts: routers
   remote_user: root
   tasks:
-    - name: fetch gpg key locally
-      ansible.builtin.command: gpg --fetch-keys https://neilalexander.s3.dualstack.eu-west-2.amazonaws.com/deb/key.txt
-      delegate_to: 127.0.0.1
-      run_once: true
     - name: See if gpg key exists already
       ansible.builtin.stat:
         path: yggdrasil/yggdrasil-keyring.gpg
       register: gpg_key_exists
+      delegate_to: 127.0.0.1
+      run_once: true
+    - name: fetch gpg key locally
+      ansible.builtin.command: gpg --fetch-keys https://neilalexander.s3.dualstack.eu-west-2.amazonaws.com/deb/key.txt
+      delegate_to: 127.0.0.1
+      run_once: true
+      when: gpg_key_exists.stat.exists == False
     - name: export gpg key
       ansible.builtin.command: gpg --output yggdrasil/yggdrasil-keyring.gpg --export BC1BF63BD10B8F1A
       delegate_to: 127.0.0.1