harrison/dn42-ansible
1
0
Fork 0
forked from 9pfs/dn42-ansible
Code Pull requests Activity

Add kix, rebuild us2, prepare for adding bird-lg-go everywhere.

Browse source
This commit is contained in:
9pfs 2024-12-01 19:42:10 -08:00
parent f9562a3b93
commit db131bd02a
Signed by: 9pfs
SSH key fingerprint: SHA256:yVO09iotyiNaBzBBvVR8ZTx7SB9VpvJPgR1Ihy1bz3Q
7 changed files with 137 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
.gitignore vendored
View file

@ -1 +1,2 @@
.*.swp .*.swp
bin/

61
bird-babel.j2 Normal file
View file

@ -0,0 +1,61 @@
# Babel does not have the concept of stub areas. Instead, we should use Bird's
# "direct" protocol to read prefixes attached to interfaces and send them across
# the network.
protocol direct {
ipv4;
ipv6;
interface "igp-dummy*";
interface "host0";
interface "host0*";
interface "zt*";
interface "en*";
interface "br*";
interface "int-*";
interface "bond*";
interface "eth*";
interface "intbr0";
};
protocol babel int_babel {
randomize router id on;
ipv4 {
import where source != RTS_BGP && (is_self_net() || is_my_anycast_v4());
export where source != RTS_BGP && (is_self_net() || is_my_anycast_v4());
};
ipv6 {
import where source != RTS_BGP && (is_self_net_v6() || is_my_anycast_v6());
export where source != RTS_BGP && (is_self_net_v6() || is_my_anycast_v6());
};
interface "intbr0" {
type wired;
};
interface "ztwfugvwdo" {
type tunnel;
};
interface "host0*" {
type wired;
};
interface "host0" {
type wired;
};
interface "zt*" {
type tunnel;
};
interface "en*" {
type wired;
};
interface "br*" {
type wired;
};
interface "int-*" {
type tunnel;
};
interface "bond*" {
type wired;
};
interface "wl*" {
type wireless;
};
};

8
dn42-roa.service Normal file
View file

@ -0,0 +1,8 @@
[Unit]
Description=Update DN42 ROA
[Service]
Type=oneshot
ExecStart=curl -sfSLR -o /etc/bird/roa_dn42.conf -z /etc/bird/roa_dn42.conf https://dn42.burble.com/roa/dn42_roa_bird2_4.conf
ExecStart=curl -sfSLR -o /etc/bird/roa_dn42_v6.conf -z /etc/bird/roa_dn42_v6.conf https://dn42.burble.com/roa/dn42_roa_bird2_6.conf
ExecStart=birdc configure

10
dn42-roa.timer Normal file
View file

@ -0,0 +1,10 @@
[Unit]
Description=Update DN42 ROA periodically
[Timer]
OnBootSec=2m
OnUnitActiveSec=15m
AccuracySec=1m
[Install]
WantedBy=timers.target

7
inventory.yml
View file

@ -32,6 +32,13 @@ routers:
unicastv6: fd32:6b0:70a6:179::3 unicastv6: fd32:6b0:70a6:179::3
pop_loc: uk01 pop_loc: uk01
solanum_sid: '9R3' solanum_sid: '9R3'
kix.routers.9pfs.dn42:
ansible_python_interpreter: "/usr/bin/python3"
machine_type: container
unicastv4: 172.22.161.5
unicastv6: fd32:6b0:70a6:179::5
pop_loc: kix
solanum_sid: '9R5'
services: services:
hosts: hosts:
mail.9pfs.dn42: mail.9pfs.dn42:

43
setup.yml
View file

@ -2,6 +2,16 @@
hosts: routers hosts: routers
remote_user: root remote_user: root
tasks: tasks:
- name: Create bird directory
ansible.builtin.file:
path: /etc/bird
state: directory
mode: '0755'
- name: Create bird peers directory
ansible.builtin.file:
path: /etc/bird/peers
state: directory
mode: '0755'
- name: Add internal bgp peers - name: Add internal bgp peers
ansible.builtin.template: ansible.builtin.template:
src: int-bgp.j2 src: int-bgp.j2
@ -12,6 +22,11 @@
src: collector.conf src: collector.conf
dest: /etc/bird/peers/collector.conf dest: /etc/bird/peers/collector.conf
mode: '0644' mode: '0644'
- name: Add babel.conf
ansible.builtin.template:
src: bird-babel.j2
dest: /etc/bird/babel.conf
mode: '0644'
- name: Add bird.conf in arch location - name: Add bird.conf in arch location
ansible.builtin.template: ansible.builtin.template:
src: bird-conf.j2 src: bird-conf.j2
@ -24,9 +39,37 @@
dest: /etc/bird/bird.conf dest: /etc/bird/bird.conf
mode: '0644' mode: '0644'
when: ansible_distribution == 'Debian' when: ansible_distribution == 'Debian'
- name: Add dn42-roa.service
ansible.builtin.copy:
src: dn42-roa.service
dest: /etc/systemd/system/dn42-roa.service
mode: '0644'
- name: Add dn42-roa.timer
ansible.builtin.copy:
src: dn42-roa.timer
dest: /etc/systemd/system/dn42-roa.timer
mode: '0644'
- name: Enable+start dn42-roa.timer
ansible.builtin.systemd_service:
name: dn42-roa.timer
enabled: true
state: started
- name: Start dn42-roa.service, but ignore failures
ansible.builtin.systemd_service:
name: dn42-roa.service
state: started
ignore_errors: true
- name: Reload bird - name: Reload bird
ansible.builtin.systemd_service: ansible.builtin.systemd_service:
name: bird.service name: bird.service
enabled: true enabled: true
state: reloaded state: reloaded
when: ansible_service_mgr == 'systemd' when: ansible_service_mgr == 'systemd'
- name: add sysctl files
ansible.builtin.copy:
src: sysctl-dn42.conf
dest: /etc/sysctl.d/sysctl-dn42.conf
mode: '0644'
- name: load sysctl configs
command: sysctl --system
ignore_errors: true

7
sysctl-dn42.conf Normal file
View file

@ -0,0 +1,7 @@
net.ipv4.conf.all.forwarding=1
net.ipv4.conf.default.forwarding=1
net.ipv6.conf.all.forwarding=1
net.ipv6.conf.default.forwarding=1
net.ipv4.ip_forward=1
net.ipv4.conf.all.rp_filter=1
net.ipv4.conf.default.rp_filter=1