libDn42: init with mkPeer functions

NuschtOS · Nov 8, 2024 · b5f6c0f · b5f6c0f
1 parent 17c4032
commit b5f6c0f
Show file tree

Hide file tree

Showing 3 changed files with 138 additions and 41 deletions.
diff --git a/flake.nix b/flake.nix
@@ -16,6 +16,7 @@
         dn42 = {
           imports = [ ./modules ];
           nixpkgs.overlays = [ self.overlays.default ];
+          _module.args = { inherit (self) libDn42; };
         };
         default = dn42;
       };
@@ -55,5 +56,9 @@
         };
         default = dn42;
       };
+
+      libDn42 = {
+        inherit (import ./lib/dn42.nix { inherit (nixpkgs) lib; }) mkPeerV4 mkPeerV6;
+      };
     };
 }
diff --git a/lib/dn42.nix b/lib/dn42.nix
@@ -0,0 +1,101 @@
+{
+  lib,
+  ...
+}:
+let
+  template = ownAs: ''
+    local as ${toString ownAs};
+
+    enforce first as on;
+    graceful restart on;
+    long lived graceful restart on;
+    advertise hostname on;
+    prefer older on;
+
+    # defaults
+    enable route refresh on;
+    interpret communities on;
+    default bgp_local_pref 100;
+  '';
+in
+{
+  mkPeerV4 =
+    {
+      name,
+      ownAs,
+      remoteAs,
+      ownIp,
+      remoteIp,
+
+      # bgp communities
+      latency,
+      bandwidth,
+      crypto,
+      transit,
+    }:
+    ''
+      protocol bgp ${name}_4 {
+        local as ${builtins.toString ownAs};
+
+        ${template ownAs}
+
+        neighbor ${remoteIp} as ${builtins.toString remoteAs};
+        source address ${ownIp};
+
+        ipv4 {
+          import limit 9000 action block;
+          import table on;
+
+          import where dn_import_filter4(${toString latency}, ${toString bandwidth}, ${toString crypto});
+          export where dn_export_filter4(${toString latency}, ${toString bandwidth}, ${toString crypto}, ${lib.boolToString transit});
+        };
+      }
+    '';
+  mkPeerV6 =
+    {
+      name,
+      ownAs,
+      remoteAs,
+      ownIp,
+      remoteIp,
+      ownInterface,
+
+      # bgp communities
+      latency,
+      bandwidth,
+      crypto,
+      transit,
+
+      # whether ipv4 session should be configured for the ipv6 neighbor
+      extendedNextHop,
+    }:
+    ''
+      protocol bgp ${name}_6 {
+        ${template ownAs}
+
+        ${lib.optionalString extendedNextHop ''
+          enable extended messages on;
+
+          ipv4 {
+            import limit 9000 action block;
+            import table on;
+
+            extended next hop on;
+            import where dn_import_filter4(${toString latency}, ${toString bandwidth}, ${toString crypto});
+            export where dn_export_filter4(${toString latency}, ${toString bandwidth}, ${toString crypto}, ${lib.boolToString transit});
+          };
+        ''}
+
+        ipv6 {
+          import limit 9000 action block;
+          import table on;
+
+          import where dn_import_filter6(${toString latency}, ${toString bandwidth}, ${toString crypto});
+          export where dn_export_filter6(${toString latency}, ${toString bandwidth}, ${toString crypto}, ${lib.boolToString transit});
+        };
+
+        neighbor ${remoteIp}%'${ownInterface}' as ${toString remoteAs};
+        source address ${ownIp};
+      }
+    '';
+}
diff --git a/modules/bird2.nix b/modules/bird2.nix
@@ -1,4 +1,4 @@
-{ config, lib, ... }:
+{ config, lib, libDn42, ... }:
 
 let
   cfg = config.networking.dn42;
@@ -136,46 +136,37 @@ in
         ${builtins.concatStringsSep "\n" (builtins.attrValues
           (builtins.mapAttrs
             (name: conf: ''
-              ${lib.optionalString (!conf.extendedNextHop) ''
-                protocol bgp ${name}_4 from dnpeers {
-                  neighbor ${conf.addr.v4} as ${builtins.toString conf.as};
-                  source address ${conf.srcAddr.v4};
-
-                  ipv4 {
-                    import limit 9000 action block;
-                    import table on;
-
-                    import where dn_import_filter4(${toString conf.latency}, ${toString conf.bandwidth}, ${toString conf.crypto});
-                    export where dn_export_filter4(${toString conf.latency}, ${toString conf.bandwidth}, ${toString conf.crypto}, ${lib.boolToString conf.transit});
-                  };
-                }
-              ''}
-
-              protocol bgp ${name}_6 from dnpeers {
-                ${lib.optionalString conf.extendedNextHop ''
-                  enable extended messages on;
-
-                  ipv4 {
-                    import limit 9000 action block;
-                    import table on;
-
-                    extended next hop on;
-                    import where dn_import_filter4(${toString conf.latency}, ${toString conf.bandwidth}, ${toString conf.crypto});
-                    export where dn_export_filter4(${toString conf.latency}, ${toString conf.bandwidth}, ${toString conf.crypto}, ${lib.boolToString conf.transit});
-                  };
-                ''}
-
-                ipv6 {
-                  import limit 9000 action block;
-                  import table on;
-
-                  import where dn_import_filter6(${toString conf.latency}, ${toString conf.bandwidth}, ${toString conf.crypto});
-                  export where dn_export_filter6(${toString conf.latency}, ${toString conf.bandwidth}, ${toString conf.crypto}, ${lib.boolToString conf.transit});
-                };
-
-                neighbor ${conf.addr.v6}%'${conf.interface}' as ${builtins.toString conf.as};
-                source address ${conf.srcAddr.v6};
-              }
+              ${lib.optionalString (!conf.extendedNextHop) (
+              libDn42.mkPeerV4 {
+                inherit name;
+                ownAs = cfg.as;
+                remoteAs = conf.as;
+                ownIp = conf.srcAddr.v4;
+                remoteIp = conf.addr.v4;
+                
+                # bgp communities
+                latency = conf.latency;
+                bandwidth = conf.bandwidth;
+                crypto = conf.crypto;
+                transit = conf.transit;
+              })};
+
+              ${libDn42.mkPeerV6 {
+                inherit name;
+                ownAs = cfg.as;
+                remoteAs = conf.as;
+                ownIp = conf.srcAddr.v6;
+                remoteIp = conf.addr.v6;
+                ownInterface = conf.interface;
+                
+                # bgp communities
+                latency = conf.latency;
+                bandwidth = conf.bandwidth;
+                crypto = conf.crypto;
+                transit = conf.transit;
+
+                extendedNextHop = true;
+              }};
             '')
           cfg.peers))}