Add kix, rebuild us2, prepare for adding bird-lg-go everywhere.

2024-12-01 19:42:10 -08:00 · 2024-12-01 19:42:10 -08:00 · db131bd02a
commit db131bd02a
parent f9562a3b93
7 changed files with 137 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1 +1,2 @@
 .*.swp
+bin/
--- a/bird-babel.j2
+++ b/bird-babel.j2
@ -0,0 +1,61 @@
+# Babel does not have the concept of stub areas. Instead, we should use Bird's
+# "direct" protocol to read prefixes attached to interfaces and send them across
+# the network.
+protocol direct {
+    ipv4;
+    ipv6;
+    interface "igp-dummy*";
+    interface "host0";
+    interface "host0*";
+    interface "zt*";
+    interface "en*";
+    interface "br*";
+    interface "int-*";
+    interface "bond*";
+    interface "eth*";
+	interface "intbr0";
+};
+
+protocol babel int_babel {
+    randomize router id on;
+    ipv4 {
+        import where source != RTS_BGP && (is_self_net() || is_my_anycast_v4());
+        export where source != RTS_BGP && (is_self_net() || is_my_anycast_v4());
+    };
+    ipv6 {
+        import where source != RTS_BGP && (is_self_net_v6() || is_my_anycast_v6());
+        export where source != RTS_BGP && (is_self_net_v6() || is_my_anycast_v6());
+    };
+
+	interface "intbr0" {
+		type wired;
+	};
+
+    interface "ztwfugvwdo" {
+        type tunnel;
+    };
+    interface "host0*" {
+        type wired;
+    };
+    interface "host0" {
+        type wired;
+    };
+    interface "zt*" {
+        type tunnel;
+    };
+    interface "en*" {
+        type wired;
+    };
+    interface "br*" {
+        type wired;
+    };
+    interface "int-*" {
+        type tunnel;
+    };
+    interface "bond*" {
+        type wired;
+    };
+    interface "wl*" {
+        type wireless;
+    };
+};
--- a/dn42-roa.service
+++ b/dn42-roa.service
@ -0,0 +1,8 @@
+[Unit]
+Description=Update DN42 ROA
+
+[Service]
+Type=oneshot
+ExecStart=curl -sfSLR -o /etc/bird/roa_dn42.conf -z /etc/bird/roa_dn42.conf https://dn42.burble.com/roa/dn42_roa_bird2_4.conf
+ExecStart=curl -sfSLR -o /etc/bird/roa_dn42_v6.conf -z /etc/bird/roa_dn42_v6.conf https://dn42.burble.com/roa/dn42_roa_bird2_6.conf
+ExecStart=birdc configure
--- a/dn42-roa.timer
+++ b/dn42-roa.timer
@ -0,0 +1,10 @@
+[Unit]
+Description=Update DN42 ROA periodically
+
+[Timer]
+OnBootSec=2m
+OnUnitActiveSec=15m
+AccuracySec=1m
+
+[Install]
+WantedBy=timers.target
--- a/inventory.yml
+++ b/inventory.yml
@ -32,6 +32,13 @@ routers:
      unicastv6: fd32:6b0:70a6:179::3
      pop_loc: uk01
      solanum_sid: '9R3'
+    kix.routers.9pfs.dn42:
+      ansible_python_interpreter: "/usr/bin/python3"
+      machine_type: container
+      unicastv4: 172.22.161.5
+      unicastv6: fd32:6b0:70a6:179::5
+      pop_loc: kix
+      solanum_sid: '9R5'
 services:
  hosts:
    mail.9pfs.dn42:
--- a/setup.yml
+++ b/setup.yml
@ -2,6 +2,16 @@
  hosts: routers
  remote_user: root
  tasks:
+    - name: Create bird directory
+      ansible.builtin.file:
+        path: /etc/bird
+        state: directory
+        mode: '0755'
+    - name: Create bird peers directory
+      ansible.builtin.file:
+        path: /etc/bird/peers
+        state: directory
+        mode: '0755'
    - name: Add internal bgp peers
      ansible.builtin.template:
        src: int-bgp.j2
@ -12,6 +22,11 @@
        src: collector.conf
        dest: /etc/bird/peers/collector.conf
        mode: '0644'
+    - name: Add babel.conf
+      ansible.builtin.template:
+        src: bird-babel.j2
+        dest: /etc/bird/babel.conf
+        mode: '0644'
    - name: Add bird.conf in arch location
      ansible.builtin.template:
        src: bird-conf.j2
@ -24,9 +39,37 @@
        dest: /etc/bird/bird.conf
        mode: '0644'
      when: ansible_distribution == 'Debian'
+    - name: Add dn42-roa.service
+      ansible.builtin.copy:
+        src: dn42-roa.service
+        dest: /etc/systemd/system/dn42-roa.service
+        mode: '0644'
+    - name: Add dn42-roa.timer
+      ansible.builtin.copy:
+        src: dn42-roa.timer
+        dest: /etc/systemd/system/dn42-roa.timer
+        mode: '0644'
+    - name: Enable+start dn42-roa.timer
+      ansible.builtin.systemd_service:
+        name: dn42-roa.timer
+        enabled: true
+        state: started
+    - name: Start dn42-roa.service, but ignore failures
+      ansible.builtin.systemd_service:
+        name: dn42-roa.service
+        state: started
+      ignore_errors: true
    - name: Reload bird
      ansible.builtin.systemd_service:
        name: bird.service
        enabled: true
        state: reloaded
      when: ansible_service_mgr == 'systemd'
+    - name: add sysctl files
+      ansible.builtin.copy:
+        src: sysctl-dn42.conf
+        dest: /etc/sysctl.d/sysctl-dn42.conf
+        mode: '0644'
+    - name: load sysctl configs
+      command: sysctl --system
+      ignore_errors: true
--- a/sysctl-dn42.conf
+++ b/sysctl-dn42.conf
@ -0,0 +1,7 @@
+net.ipv4.conf.all.forwarding=1
+net.ipv4.conf.default.forwarding=1
+net.ipv6.conf.all.forwarding=1
+net.ipv6.conf.default.forwarding=1
+net.ipv4.ip_forward=1
+net.ipv4.conf.all.rp_filter=1
+net.ipv4.conf.default.rp_filter=1