diff --git a/.gitignore b/.gitignore index a01ee28..2cb30a6 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ .*.swp +bin/ diff --git a/bird-babel.j2 b/bird-babel.j2 new file mode 100644 index 0000000..249c6e4 --- /dev/null +++ b/bird-babel.j2 @@ -0,0 +1,61 @@ +# Babel does not have the concept of stub areas. Instead, we should use Bird's +# "direct" protocol to read prefixes attached to interfaces and send them across +# the network. +protocol direct { + ipv4; + ipv6; + interface "igp-dummy*"; + interface "host0"; + interface "host0*"; + interface "zt*"; + interface "en*"; + interface "br*"; + interface "int-*"; + interface "bond*"; + interface "eth*"; + interface "intbr0"; +}; + +protocol babel int_babel { + randomize router id on; + ipv4 { + import where source != RTS_BGP && (is_self_net() || is_my_anycast_v4()); + export where source != RTS_BGP && (is_self_net() || is_my_anycast_v4()); + }; + ipv6 { + import where source != RTS_BGP && (is_self_net_v6() || is_my_anycast_v6()); + export where source != RTS_BGP && (is_self_net_v6() || is_my_anycast_v6()); + }; + + interface "intbr0" { + type wired; + }; + + interface "ztwfugvwdo" { + type tunnel; + }; + interface "host0*" { + type wired; + }; + interface "host0" { + type wired; + }; + interface "zt*" { + type tunnel; + }; + interface "en*" { + type wired; + }; + interface "br*" { + type wired; + }; + interface "int-*" { + type tunnel; + }; + interface "bond*" { + type wired; + }; + interface "wl*" { + type wireless; + }; +}; diff --git a/dn42-roa.service b/dn42-roa.service new file mode 100644 index 0000000..1578395 --- /dev/null +++ b/dn42-roa.service @@ -0,0 +1,8 @@ +[Unit] +Description=Update DN42 ROA + +[Service] +Type=oneshot +ExecStart=curl -sfSLR -o /etc/bird/roa_dn42.conf -z /etc/bird/roa_dn42.conf https://dn42.burble.com/roa/dn42_roa_bird2_4.conf +ExecStart=curl -sfSLR -o /etc/bird/roa_dn42_v6.conf -z /etc/bird/roa_dn42_v6.conf https://dn42.burble.com/roa/dn42_roa_bird2_6.conf +ExecStart=birdc configure diff --git a/dn42-roa.timer b/dn42-roa.timer new file mode 100644 index 0000000..a5ab76c --- /dev/null +++ b/dn42-roa.timer @@ -0,0 +1,10 @@ +[Unit] +Description=Update DN42 ROA periodically + +[Timer] +OnBootSec=2m +OnUnitActiveSec=15m +AccuracySec=1m + +[Install] +WantedBy=timers.target diff --git a/inventory.yml b/inventory.yml index 07d5cd7..72f591e 100644 --- a/inventory.yml +++ b/inventory.yml @@ -32,6 +32,13 @@ routers: unicastv6: fd32:6b0:70a6:179::3 pop_loc: uk01 solanum_sid: '9R3' + kix.routers.9pfs.dn42: + ansible_python_interpreter: "/usr/bin/python3" + machine_type: container + unicastv4: 172.22.161.5 + unicastv6: fd32:6b0:70a6:179::5 + pop_loc: kix + solanum_sid: '9R5' services: hosts: mail.9pfs.dn42: diff --git a/setup.yml b/setup.yml index 9ce70bf..5fa02c4 100644 --- a/setup.yml +++ b/setup.yml @@ -2,6 +2,16 @@ hosts: routers remote_user: root tasks: + - name: Create bird directory + ansible.builtin.file: + path: /etc/bird + state: directory + mode: '0755' + - name: Create bird peers directory + ansible.builtin.file: + path: /etc/bird/peers + state: directory + mode: '0755' - name: Add internal bgp peers ansible.builtin.template: src: int-bgp.j2 @@ -12,6 +22,11 @@ src: collector.conf dest: /etc/bird/peers/collector.conf mode: '0644' + - name: Add babel.conf + ansible.builtin.template: + src: bird-babel.j2 + dest: /etc/bird/babel.conf + mode: '0644' - name: Add bird.conf in arch location ansible.builtin.template: src: bird-conf.j2 @@ -24,9 +39,37 @@ dest: /etc/bird/bird.conf mode: '0644' when: ansible_distribution == 'Debian' + - name: Add dn42-roa.service + ansible.builtin.copy: + src: dn42-roa.service + dest: /etc/systemd/system/dn42-roa.service + mode: '0644' + - name: Add dn42-roa.timer + ansible.builtin.copy: + src: dn42-roa.timer + dest: /etc/systemd/system/dn42-roa.timer + mode: '0644' + - name: Enable+start dn42-roa.timer + ansible.builtin.systemd_service: + name: dn42-roa.timer + enabled: true + state: started + - name: Start dn42-roa.service, but ignore failures + ansible.builtin.systemd_service: + name: dn42-roa.service + state: started + ignore_errors: true - name: Reload bird ansible.builtin.systemd_service: name: bird.service enabled: true state: reloaded when: ansible_service_mgr == 'systemd' + - name: add sysctl files + ansible.builtin.copy: + src: sysctl-dn42.conf + dest: /etc/sysctl.d/sysctl-dn42.conf + mode: '0644' + - name: load sysctl configs + command: sysctl --system + ignore_errors: true diff --git a/sysctl-dn42.conf b/sysctl-dn42.conf new file mode 100644 index 0000000..6d7ff1e --- /dev/null +++ b/sysctl-dn42.conf @@ -0,0 +1,7 @@ +net.ipv4.conf.all.forwarding=1 +net.ipv4.conf.default.forwarding=1 +net.ipv6.conf.all.forwarding=1 +net.ipv6.conf.default.forwarding=1 +net.ipv4.ip_forward=1 +net.ipv4.conf.all.rp_filter=1 +net.ipv4.conf.default.rp_filter=1