From 4052d5117d3a2393ed7cf016abc0fbcc72d9906a Mon Sep 17 00:00:00 2001 From: Max Audron Date: Wed, 12 Feb 2025 11:05:57 +0100 Subject: update dns servers --- modules/bgp/default.nix | 110 +++++++++++++++++++++---------------------- modules/powerdns/primary.nix | 1 + 2 files changed, 55 insertions(+), 56 deletions(-) diff --git a/modules/bgp/default.nix b/modules/bgp/default.nix index 1f33aad..5a726b6 100644 --- a/modules/bgp/default.nix +++ b/modules/bgp/default.nix @@ -29,63 +29,61 @@ }; services.frr = { - bgp = { - enable = true; - config = '' - router bgp 64716 - bgp router-id ${config.deploy.host} - bgp ebgp-requires-policy - no bgp default ipv4-unicast - no bgp network import-check + bgpd.enable = true; + config = '' + router bgp 64716 + bgp router-id ${config.deploy.host} + bgp ebgp-requires-policy + no bgp default ipv4-unicast + no bgp network import-check - neighbor V4 peer-group - neighbor V4 remote-as 64515 - neighbor V4 ebgp-multihop 2 - neighbor 169.254.169.254 peer-group V4 - neighbor 169.254.169.254 password IpXzIJIsJxABeNdi4mPBbt7XD + neighbor V4 peer-group + neighbor V4 remote-as 64515 + neighbor V4 ebgp-multihop 2 + neighbor 169.254.169.254 peer-group V4 + neighbor 169.254.169.254 password IpXzIJIsJxABeNdi4mPBbt7XD - neighbor V6 peer-group - neighbor V6 remote-as 64515 - neighbor V6 ebgp-multihop 2 - neighbor 2001:19f0:ffff::1 peer-group V6 - neighbor 2001:19f0:ffff::1 password IpXzIJIsJxABeNdi4mPBbt7XD - ! - address-family ipv4 unicast - network 209.250.238.254/32 - network 217.163.29.14/32 - neighbor V4 activate - neighbor V4 route-map IMPORT in - neighbor V4 route-map EXPORT out - neighbor V6 activate - neighbor V6 route-map IMPORT in - neighbor V6 route-map EXPORT out - exit-address-family - ! - address-family ipv6 unicast - network 2a0f:9400:8020::/48 - neighbor V4 activate - neighbor V4 route-map IMPORT in - neighbor V4 route-map EXPORT out - neighbor V6 activate - neighbor V6 route-map IMPORT in - neighbor V6 route-map EXPORT out - exit-address-family - ! - ip prefix-list internal seq 5 permit 209.250.238.254/32 - ip prefix-list internal seq 10 permit 217.163.29.14/32 - ipv6 prefix-list external seq 5 permit 2a0f:9400:8020::/48 - ! - route-map EXPORT deny 100 - ! - route-map EXPORT permit 2 - match ipv6 address prefix-list external - ! - route-map EXPORT permit 1 - match ip address prefix-list internal - ! - route-map IMPORT deny 1 - ! - ''; - }; + neighbor V6 peer-group + neighbor V6 remote-as 64515 + neighbor V6 ebgp-multihop 2 + neighbor 2001:19f0:ffff::1 peer-group V6 + neighbor 2001:19f0:ffff::1 password IpXzIJIsJxABeNdi4mPBbt7XD + ! + address-family ipv4 unicast + network 209.250.238.254/32 + network 217.163.29.14/32 + neighbor V4 activate + neighbor V4 route-map IMPORT in + neighbor V4 route-map EXPORT out + neighbor V6 activate + neighbor V6 route-map IMPORT in + neighbor V6 route-map EXPORT out + exit-address-family + ! + address-family ipv6 unicast + network 2a0f:9400:8020::/48 + neighbor V4 activate + neighbor V4 route-map IMPORT in + neighbor V4 route-map EXPORT out + neighbor V6 activate + neighbor V6 route-map IMPORT in + neighbor V6 route-map EXPORT out + exit-address-family + ! + ip prefix-list internal seq 5 permit 209.250.238.254/32 + ip prefix-list internal seq 10 permit 217.163.29.14/32 + ipv6 prefix-list external seq 5 permit 2a0f:9400:8020::/48 + ! + route-map EXPORT deny 100 + ! + route-map EXPORT permit 2 + match ipv6 address prefix-list external + ! + route-map EXPORT permit 1 + match ip address prefix-list internal + ! + route-map IMPORT deny 1 + ! + ''; }; } diff --git a/modules/powerdns/primary.nix b/modules/powerdns/primary.nix index 2f0f95b..60abfce 100644 --- a/modules/powerdns/primary.nix +++ b/modules/powerdns/primary.nix @@ -42,6 +42,7 @@ }; systemd.services.powerdns-admin.serviceConfig = { + ExecStartPre = lib.mkForce "${pkgs.coreutils}/bin/env FLASK_APP=${pkgs.powerdns-admin}/share/powerdnsadmin/__init__.py SESSION_TYPE=sqlalchemy ${pkgs.python3Packages.flask}/bin/flask db upgrade -d ${pkgs.powerdns-admin}/share/migrations"; BindPaths = [ "/run/postgresql" ]; }; -- cgit v1.2.3