change lots of things
This commit is contained in:
parent
a2325973ed
commit
61ed660df9
SSH key fingerprint:
SHA256:jgJ8oy3dFgbNXEiRdZlbUhItY8fbh4UvvJ2qhxoOC88
14 changed files with 122 additions and 17 deletions
|
|
@ -13,13 +13,12 @@ protocol direct {
|
|||
interface "igp-dummy*";
|
||||
interface "host0";
|
||||
interface "host0*";
|
||||
interface "zt*";
|
||||
interface "ztwfugvwdo";
|
||||
interface "en*";
|
||||
interface "br*";
|
||||
interface "int-*";
|
||||
interface "bond*";
|
||||
interface "eth*";
|
||||
interface "intbr0";
|
||||
};
|
||||
|
||||
protocol babel int_babel {
|
||||
|
|
@ -46,9 +45,6 @@ protocol babel int_babel {
|
|||
interface "host0" {
|
||||
type wired;
|
||||
};
|
||||
interface "zt*" {
|
||||
type tunnel;
|
||||
};
|
||||
interface "en*" {
|
||||
type wired;
|
||||
};
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
protocol bgp dn42_{{ item['remotename'] }} from dnpeers {
|
||||
neighbor {{ item['remote_llv6'] }} % 'dn42{{ item['remotename'] }}' as {{ item['asn'] }};
|
||||
neighbor {{ item['remote_llv6'] }} % {% if item.ifacename is defined %}{{ item.ifacename }}{% else %}'dn42{{ item['remotename'] }}'{% endif %} as {{ item['asn'] }};
|
||||
{% if item.extmsg|default(true) %}
|
||||
enable extended messages on;
|
||||
{% endif %}
|
||||
|
|
|
|||
|
|
@ -1,3 +1,4 @@
|
|||
{% if item.wireguard|default(true) %}
|
||||
[NetDev]
|
||||
Name=dn42{{ item['remotename'] }}
|
||||
Kind=wireguard
|
||||
|
|
@ -29,3 +30,6 @@ AllowedIPs=fe80::/64 fd00::/8 172.20.0.0/14 172.31.0.0/16 10.0.0.0/8
|
|||
{% if item.pskpath is defined %}
|
||||
PresharedKeyFile={{ item.pskpath }}
|
||||
{% endif %}
|
||||
{% else %}
|
||||
# This peering does not use wireguard, so there's nothing here.
|
||||
{% endif %}
|
||||
|
|
@ -1,5 +1,5 @@
|
|||
[Match]
|
||||
Name=dn42{{ item['remotename'] }}
|
||||
Name=dn42{% if ifacename is defined %}{{ item.ifacename }}{% else %}{{ item['remotename'] }}{% endif %}
|
||||
|
||||
[Network]
|
||||
DHCP=false
|
||||
|
|
@ -8,7 +8,7 @@ IPv4Forwarding=true
|
|||
IPv6Forwarding=true
|
||||
KeepConfiguration=true
|
||||
IPv4ReversePathFilter=no
|
||||
Description=DN42 peering with AS{{ item.asn }} @ {% if item.remotehost is defined %}{{ item.remotehost }}[{{ item.remoteip }}]:{{ item.remoteport }}{% else %}[{{ item.remoteip }}]:{{ item.remoteport }}{% endif %}
|
||||
Description=DN42 peering with AS{{ item.asn }}{% if item.wireguard|default(true) %} @ {% if item.remotehost is defined %}{{ item.remotehost }}[{{ item.remoteip }}]:{{ item.remoteport }}{% else %}[{{ item.remoteip }}]:{{ item.remoteport }}{% endif %} {% endif %}
|
||||
|
||||
[Address]
|
||||
{% if item['llv6'] is defined %}
|
||||
|
|
|
|||
|
|
@ -22,6 +22,9 @@ template bgp intpeers {
|
|||
{% for host in groups['routers'] %}
|
||||
{% if host != inventory_hostname %}
|
||||
protocol bgp int_{{ hostvars[host]['pop_loc'] }} from intpeers {
|
||||
{% if hostvars[host]['ibgp_passive']|default(false) %}
|
||||
passive on;
|
||||
{% endif %}
|
||||
neighbor {{ hostvars[host]['unicastv6'] }} as OWNAS;
|
||||
}
|
||||
{% endif %}
|
||||
|
|
|
|||
|
|
@ -52,6 +52,7 @@ routers:
|
|||
llv6: fe80::2002:6
|
||||
pop_loc: genesis
|
||||
solanum_sid: '9R6'
|
||||
ibgp_passive: true
|
||||
services:
|
||||
hosts:
|
||||
mail.9pfs.dn42:
|
||||
|
|
|
|||
2
lg.yml
2
lg.yml
|
|
@ -1,5 +1,5 @@
|
|||
- name: Configure bird-lg-go on routers
|
||||
hosts: routers
|
||||
hosts: lg-hosts
|
||||
remote_user: root
|
||||
tasks:
|
||||
- name: Build looking glass destinations list
|
||||
|
|
|
|||
16
peerings/genesis.yaml
Normal file
16
peerings/genesis.yaml
Normal file
|
|
@ -0,0 +1,16 @@
|
|||
---
|
||||
peers:
|
||||
- remotename: jlu5
|
||||
asn: 4242421080
|
||||
remotehost: yvr.peer.highdef.network
|
||||
remoteip: 104.129.181.124
|
||||
remoteport: 22002
|
||||
publickey: O4qWRgbJVdOM8ktyUQyT1s11WkR16JTgtnn42m9A2R8=
|
||||
remote_llv6: fe80::1080:35
|
||||
keypath: /etc/systemd/network/jlu5.key
|
||||
- remotename: sol
|
||||
asn: 4242422444
|
||||
wireguard: false
|
||||
remote_llv6: fc5f:98e2:a198:8ddf:7d5d::1
|
||||
ifacename: ztt2t2xn3a
|
||||
llv6: fc5f:98e2:a1f1:25ec:4c4d::1
|
||||
|
|
@ -17,7 +17,7 @@ peers:
|
|||
- remotename: jlu5
|
||||
asn: 4242421080
|
||||
remotehost: chi.peer.highdef.network
|
||||
remoteip: 64.44.131.204
|
||||
remoteip: 134.195.88.97
|
||||
remoteport: 22002
|
||||
publickey: u4WJMAoCHIOeh/+6NWMytNygp+/wrMogB+rwyVzXoEg=
|
||||
remote_llv6: fe80::113
|
||||
|
|
@ -60,3 +60,25 @@ peers:
|
|||
remoteport: 42002
|
||||
publickey: 86/CxSzDM6ppIAxgvjsfXnUoKd29BS1v1ltAaYYVUxQ=
|
||||
remote_llv6: fe80::3703:236
|
||||
- remotename: mk16
|
||||
asn: 4242422923
|
||||
remotehost: aurora.mk16.de
|
||||
remoteip: 74.208.212.195
|
||||
remoteport: 52002
|
||||
publickey: R4hP0xcQJeFOb/A/tHIZsyi3QaKHAgBdxLyab9aupEk=
|
||||
pskpath: /etc/systemd/network/mk16.psk
|
||||
remote_llv6: fe80::2923
|
||||
- remotename: chaox
|
||||
asn: 4242422596
|
||||
remotehost: racknerd.chaox.ro
|
||||
remoteip: 192.3.209.71
|
||||
remoteport: 22002
|
||||
publickey: rZYo5BZ4D8Y5VSwCoAI+qDvtBM+HuRtG6YVvR0cZ3gs=
|
||||
remote_llv6: fe80::2596:7
|
||||
- remotename: lantian
|
||||
asn: 4242422547
|
||||
remotehost: virmach-ny1g.lantian.pub
|
||||
remoteip: 45.42.214.121
|
||||
remoteport: 22002
|
||||
publickey: a+zL2tDWjwxBXd2bho2OjR/BEmRe2tJF9DHFmZIE+Rk=
|
||||
remote_llv6: fe80::2547
|
||||
|
|
@ -156,3 +156,33 @@ peers:
|
|||
remoteport: 22002
|
||||
publickey: N9rGceoiFcc/obnHrqMAmVlrb/E2Br55+doekTKwNF8=
|
||||
remote_llv6: fe80::129:2
|
||||
- remotename: mk16
|
||||
asn: 4242422923
|
||||
remotehost: silvermoon.mk16.de
|
||||
remoteip: 185.175.59.174
|
||||
remoteport: 52002
|
||||
publickey: 3Cbi4y/rsuH17UTMcqm4v8lL7YO3kq4QRjjDdAusLGo=
|
||||
pskpath: /etc/systemd/network/mk16.psk
|
||||
remote_llv6: fe80::2923
|
||||
- remotename: chaox
|
||||
asn: 4242422596
|
||||
remotehost: polarian.chaox.ro
|
||||
remoteip: 217.169.18.59
|
||||
remoteport: 22002
|
||||
publickey: sZppTfJNf/BdC92Uw/xjsx4IGyQpTRU/8wtmuwkEHAg=
|
||||
remote_llv6: fe80::2596:6
|
||||
- remotename: charlie
|
||||
asn: 4242422936
|
||||
remotehost: rtr-uksouth2.dn42.i-am.cool
|
||||
remoteip: 132.145.33.139
|
||||
remoteport: 42252
|
||||
publickey: XdkBTEDibA+HeyXbElr+7uhWaZoXrmk94zraDae+6n8=
|
||||
remote_llv6: fe80::2936
|
||||
localport: 22936
|
||||
- remotename: lantian
|
||||
asn: 4242422547
|
||||
remotehost: buyvm.lantian.pub
|
||||
remoteip: 107.189.12.254
|
||||
remoteport: 22002
|
||||
publickey: DkmSBCIgrxPPZmT07DraoCSD/jSByjPkYqHJWfVZ5hM=
|
||||
remote_llv6: fe80::2547
|
||||
|
|
@ -24,3 +24,12 @@ peers:
|
|||
remoteport: 52002
|
||||
publickey: 8clbJPxK5ylOhFDNGdn/CL5zRWQdf7rXbLeF7j8czFI=
|
||||
remote_llv6: fe80::207
|
||||
- remotename: mk16
|
||||
asn: 4242422923
|
||||
remotehost: trolljaeger.mk16.de
|
||||
remoteip: 165.140.142.42
|
||||
remoteport: 52002
|
||||
publickey: oglSOlDk4EwVtGdv5O8PUvGnrahvZQEwRo//C0Kl7VE=
|
||||
pskpath: /etc/systemd/network/mk16.psk
|
||||
remote_llv6: fe80::2923
|
||||
|
||||
|
|
@ -97,3 +97,24 @@ peers:
|
|||
remote_llv6: fe80::1197
|
||||
localport: 21197
|
||||
mtu: 1400
|
||||
- remotename: mk16
|
||||
asn: 4242422923
|
||||
remotehost: stricker.mk16.de
|
||||
remoteip: 51.81.139.248
|
||||
remoteport: 52002
|
||||
publickey: djVxzb+bhCaihwFtO1LlQFkAksdDBymJc1ZfAKCBX1k=
|
||||
pskpath: /etc/systemd/network/mk16.psk
|
||||
remote_llv6: fe80::2923
|
||||
- remotename: lantian
|
||||
asn: 4242422547
|
||||
remotehost: bwg-lax.lantian.pub
|
||||
remoteip: 64.64.231.82
|
||||
remoteport: 22002
|
||||
publickey: zyATu8FW392WFFNAz7ZH6+4TUutEYEooPPirwcoIiXo=
|
||||
remote_llv6: fe80::2547
|
||||
- remotename: sol
|
||||
asn: 4242422444
|
||||
wireguard: false
|
||||
remote_llv6: fc5f:98e2:a198:8ddf:7d5d::1
|
||||
ifacename: ztt2t2xn3a
|
||||
llv6: fc5f:98e2:a115:6d16:a46e::1
|
||||
|
|
@ -13,7 +13,7 @@
|
|||
when: ansible_distribution == 'Debian' and solanum_already_built.stat.exists == False
|
||||
- name: Add Arch build dependencies
|
||||
ansible.builtin.pacman:
|
||||
name: base-devel,autoconf,automake,libtool
|
||||
name: base-devel,autoconf,automake,libtool,git
|
||||
state: present
|
||||
when: ansible_distribution == 'Archlinux' and solanum_already_built.stat.exists == False
|
||||
- name: Create solanum user
|
||||
|
|
|
|||
|
|
@ -1,14 +1,17 @@
|
|||
- hosts: routers
|
||||
remote_user: root
|
||||
tasks:
|
||||
- name: fetch gpg key locally
|
||||
ansible.builtin.command: gpg --fetch-keys https://neilalexander.s3.dualstack.eu-west-2.amazonaws.com/deb/key.txt
|
||||
delegate_to: 127.0.0.1
|
||||
run_once: true
|
||||
- name: See if gpg key exists already
|
||||
ansible.builtin.stat:
|
||||
path: yggdrasil/yggdrasil-keyring.gpg
|
||||
register: gpg_key_exists
|
||||
delegate_to: 127.0.0.1
|
||||
run_once: true
|
||||
- name: fetch gpg key locally
|
||||
ansible.builtin.command: gpg --fetch-keys https://neilalexander.s3.dualstack.eu-west-2.amazonaws.com/deb/key.txt
|
||||
delegate_to: 127.0.0.1
|
||||
run_once: true
|
||||
when: gpg_key_exists.stat.exists == False
|
||||
- name: export gpg key
|
||||
ansible.builtin.command: gpg --output yggdrasil/yggdrasil-keyring.gpg --export BC1BF63BD10B8F1A
|
||||
delegate_to: 127.0.0.1
|
||||
|
|
|
|||
Loading…
Reference in a new issue