From 0d18a3a441a5465a6a1775576bb0815419643aa9 Mon Sep 17 00:00:00 2001
From: Max Audron <audron@cocaine.farm>
Date: Thu, 5 Oct 2023 14:42:50 +0200
Subject: deploy powerdns and bgp config

---
 modules/bgp/default.nix | 105 +++++++++++++++++++++++++++++++++++++++---------
 1 file changed, 85 insertions(+), 20 deletions(-)

(limited to 'modules/bgp/default.nix')

diff --git a/modules/bgp/default.nix b/modules/bgp/default.nix
index 712f003..5a5f88a 100644
--- a/modules/bgp/default.nix
+++ b/modules/bgp/default.nix
@@ -1,25 +1,90 @@
 { config, lib, pkgs, ... }:
 
 {
-  networking.interfaces.eth0.ipv4.addresses = [
-    {
-      address = "217.163.29.14";
-      prefixLength = 32;
-    }
-    {
-      address = "209.250.238.254";
-      prefixLength = 32;
-    }
-  ];
+  networking.interfaces.lo = {
+    ipv4.addresses = [
+      {
+        address = "217.163.29.14";
+        prefixLength = 32;
+      }
+      {
+        address = "209.250.238.254";
+        prefixLength = 32;
+      }
+    ];
+    ipv6.addresses = [
+      {
+        address = "2a0f:9400:8020::200";
+        prefixLength = 128;
+      }
+      {
+        address = "2a0f:9400:8020::100";
+        prefixLength = 128;
+      }
+      {
+        address = "2a0f:9400:8020::";
+        prefixLength = 48;
+      }
+    ];
+  };
 
-  networking.interfaces.eth0.ipv6.addresses = [
-    {
-      address = "2a0f:9400:8020::200";
-      prefixLength = 128;
-    }
-    {
-      address = "2a0f:9400:8020::100";
-      prefixLength = 128;
-    }
-  ];
+  services.frr = {
+    bgp = {
+      enable = true;
+      config = ''
+        router bgp 64716
+          bgp ebgp-requires-policy
+          no bgp default ipv4-unicast
+          no bgp network import-check
+
+          neighbor V4 peer-group
+          neighbor V4 remote-as 64515
+          neighbor V4 ebgp-multihop 2
+          neighbor 169.254.169.254 peer-group V4
+          neighbor 169.254.169.254 password IpXzIJIsJxABeNdi4mPBbt7XD
+
+          neighbor V6 peer-group
+          neighbor V6 remote-as 64515
+          neighbor V6 ebgp-multihop 2
+          neighbor 2001:19f0:ffff::1 peer-group V6
+          neighbor 2001:19f0:ffff::1 password IpXzIJIsJxABeNdi4mPBbt7XD
+          !
+          address-family ipv4 unicast
+            network 209.250.238.254/32
+            network 217.163.29.14/32
+            neighbor V4 activate
+            neighbor V4 route-map IMPORT in
+            neighbor V4 route-map EXPORT out
+            neighbor V6 activate
+            neighbor V6 route-map IMPORT in
+            neighbor V6 route-map EXPORT out
+          exit-address-family
+          !
+          address-family ipv6 unicast
+            network 2a0f:9400:8020::/48
+            neighbor V4 activate
+            neighbor V4 route-map IMPORT in
+            neighbor V4 route-map EXPORT out
+            neighbor V6 activate
+            neighbor V6 route-map IMPORT in
+            neighbor V6 route-map EXPORT out
+          exit-address-family
+          !
+          ip prefix-list internal seq 5 permit 209.250.238.254/32
+          ip prefix-list internal seq 10 permit 217.163.29.14/32
+          ipv6 prefix-list external seq 5 permit 2a0f:9400:8020::/48
+          !
+          route-map EXPORT deny 100
+          !
+          route-map EXPORT permit 2
+            match ipv6 address prefix-list external
+          !
+          route-map EXPORT permit 1
+            match ip address prefix-list internal
+          !
+          route-map IMPORT deny 1
+          !
+      '';
+    };
+  };
 }
-- 
cgit v1.2.3