Add ibj peering files, modify upgrade script and inventory

.gitignore

@@ -1,3 +1,7 @@
 .*.swp
 bin/
 src/
+wgkeys.txt
+nodeinfo.txt
+peering-request.txt
+planned-peerings.txt

ibj-peerings/ibj.conf

@@ -0,0 +1,9 @@
+protocol bgp dn42_ibj from dnpeers {
+	neighbor fe80::157 % 'dn42ibj' as 4242420157;
+	ipv4 {
+		extended next hop on;
+	};
+	ipv6 {
+		extended next hop on;
+	};
+}

ibj-peerings/setup.yml

@@ -0,0 +1,32 @@
+- name: Configure ibj peerings
+  hosts: uk1.routers.9pfs.dn42 us3.routers.9pfs.dn42 kix.routers.9pfs.dn42
+  remote_user: root
+  tasks:
+    - name: Add netdev
+      ansible.builtin.template:
+        src: wg-netdev.j2
+        dest: /etc/systemd/network/dn42ibj.netdev
+        mode: '0644'
+    - name: Add network
+      ansible.builtin.template:
+        src: wg-network.j2
+        dest: /etc/systemd/network/dn42ibj.network
+        mode: '0644'
+    - name: Add peering config
+      ansible.builtin.copy:
+        src: ibj.conf
+        dest: /etc/bird/peers/ibj.conf
+        mode: '0644'
+    - name: Reload systemd-networkd
+      ansible.builtin.systemd_service:
+        name: systemd-networkd.service
+        enabled: true
+        state: reloaded
+      when: ansible_service_mgr == 'systemd'
+
+    - name: Reload bird
+      ansible.builtin.systemd_service:
+        name: bird.service
+        enabled: true
+        state: reloaded
+      when: ansible_service_mgr == 'systemd'

ibj-peerings/wg-netdev.j2

@@ -0,0 +1,22 @@
+[NetDev]
+Name=dn42ibj
+Kind=wireguard
+
+[WireGuard]
+PrivateKeyFile=/etc/systemd/network/wg.key
+
+[WireGuardPeer]
+{% if inventory_hostname == 'us3.routers.9pfs.dn42' %}
+PublicKey=sl9vN6wmKuB3aGjBYx2ukjABc66EAn0p5VJsg0XjjjM=
+Endpoint=107.174.192.228:32002
+{% endif %}
+{% if inventory_hostname == 'kix.routers.9pfs.dn42' %}
+PublicKey=PfhGU0DMRu5Wnf0JfNQnnOWpyiqNjZ+wUCG2p6zwui8=
+Endpoint=107.175.0.120:32002
+{% endif %}
+{% if inventory_hostname == 'uk1.routers.9pfs.dn42' %}
+PublicKey=HwnW9T5AgETDfPi4EqExeBzi0j6EeKEV/M5Nb0iUQEU=
+Endpoint=23.95.225.107:32002
+{% endif %}
+PersistentKeepalive=15
+AllowedIPs=fd00::/8 fe80::/64 172.16.0.0/12 10.0.0.0/8

ibj-peerings/wg-network.j2

@@ -0,0 +1,16 @@
+[Match]
+Name=dn42ibj
+
+[Network]
+DHCP=false
+IPv6AcceptRA=false
+IPv4Forwarding=true
+IPv6Forwarding=true
+KeepConfiguration=true
+
+[Address]
+Address={{ llv6 }}/128
+Peer=fe80::157/128
+
+[Address]
+Address={{ unicastv4 }}/32

inventory.yml

@@ -8,6 +8,7 @@ routers:
       ansible_python_interpreter: "/usr/bin/python3"
       unicastv4: 172.22.161.1
       unicastv6: fd32:6b0:70a6:179::1
+      llv6: fe80::2002:1
       machine_type: vm
       pop_loc: us01
       solanum_sid: '9R1'
@@ -16,6 +17,7 @@ routers:
       machine_type: container
       unicastv4: 172.22.161.2
       unicastv6: fd32:6b0:70a6:179::2
+      llv6: fe80::2002:2
       pop_loc: us02
       solanum_sid: '9R2'
     us3.routers.9pfs.dn42:
@@ -23,6 +25,7 @@ routers:
       machine_type: container
       unicastv4: 172.22.161.4
       unicastv6: fd32:6b0:70a6:179::4
+      llv6: fe80::2002:4
       pop_loc: us03
       solanum_sid: '9R4'
     uk1.routers.9pfs.dn42:
@@ -30,6 +33,7 @@ routers:
       machine_type: container
       unicastv4: 172.22.161.3
       unicastv6: fd32:6b0:70a6:179::3
+      llv6: fe80::2002:3
       pop_loc: uk01
       solanum_sid: '9R3'
     kix.routers.9pfs.dn42:
@@ -37,6 +41,7 @@ routers:
       machine_type: container
       unicastv4: 172.22.161.5
       unicastv6: fd32:6b0:70a6:179::5
+      llv6: fe80::2002:5
       pop_loc: kix
       solanum_sid: '9R5'
 services:
@@ -50,4 +55,5 @@ nameservers:
   hosts:
     us1.ns.9pfs.dn42:
       machine_type: container
-    us2.ns.9pfs.dn42:
+    #us2.ns.9pfs.dn42:
+    uk1.ns.9pfs.dn42:

upgrade.yml

@@ -7,3 +7,8 @@
         upgrade: dist
         cache_valid_time: 3600
       when: ansible_distribution == 'Debian'
+    - name: upgrade arch systems
+      ansible.builtin.pacman:
+        update_cache: true
+        upgrade: true
+      when: ansible_distribution == 'Archlinux'