{ config, lib, pkgs, ... }: { networking.interfaces.lo = { ipv4.addresses = [ { address = "217.163.29.14"; prefixLength = 32; } { # dns address = "45.76.88.149"; prefixLength = 32; } { # cdn address = "209.250.238.254"; prefixLength = 32; } ]; ipv6.addresses = [ { address = "2a0f:9400:8020::200"; prefixLength = 128; } { address = "2a0f:9400:8020::100"; prefixLength = 128; } { address = "2a0f:9400:8020::"; prefixLength = 48; } ]; }; services.frr = { bgpd.enable = true; config = '' router bgp 64716 bgp router-id ${config.deploy.host} bgp ebgp-requires-policy no bgp default ipv4-unicast no bgp network import-check neighbor V4 peer-group neighbor V4 remote-as 64515 neighbor V4 ebgp-multihop 2 neighbor 169.254.169.254 peer-group V4 neighbor 169.254.169.254 password IpXzIJIsJxABeNdi4mPBbt7XD neighbor V6 peer-group neighbor V6 remote-as 64515 neighbor V6 ebgp-multihop 2 neighbor 2001:19f0:ffff::1 peer-group V6 neighbor 2001:19f0:ffff::1 password IpXzIJIsJxABeNdi4mPBbt7XD ! address-family ipv4 unicast network 209.250.238.254/32 network 45.76.88.149/32 neighbor V4 activate neighbor V4 route-map IMPORT in neighbor V4 route-map EXPORT out neighbor V6 activate neighbor V6 route-map IMPORT in neighbor V6 route-map EXPORT out exit-address-family ! address-family ipv6 unicast network 2a0f:9400:8020::/48 neighbor V4 activate neighbor V4 route-map IMPORT in neighbor V4 route-map EXPORT out neighbor V6 activate neighbor V6 route-map IMPORT in neighbor V6 route-map EXPORT out exit-address-family ! ip prefix-list internal seq 5 permit 209.250.238.254/32 ip prefix-list internal seq 10 permit 45.76.88.149/32 ipv6 prefix-list external seq 5 permit 2a0f:9400:8020::/48 ! route-map EXPORT deny 100 ! route-map EXPORT permit 2 match ipv6 address prefix-list external ! route-map EXPORT permit 1 match ip address prefix-list internal ! route-map IMPORT deny 1 ! ''; }; services.prometheus.exporters.frr = { enable = false; enabledCollectors = [ "BGP" ]; disabledCollectors = [ "OSPFv4" "BFD" "Route" ]; }; }