pyrox.dev
1{ pkgs, lib, ... }:
2let
3 script = pkgs.writeShellScriptBin "update-roa" ''
4 mkdir -p /etc/bird/
5 ${pkgs.curl}/bin/curl -sfSLR {-o,-z}/etc/bird/roa_dn42_v6.conf https://dn42.burble.com/roa/dn42_roa_bird2_6.conf
6 ${pkgs.curl}/bin/curl -sfSLR {-o,-z}/etc/bird/roa_dn42.conf https://dn42.burble.com/roa/dn42_roa_bird2_4.conf
7 ${pkgs.bird2}/bin/birdc c
8 ${pkgs.bird2}/bin/birdc reload in all
9 '';
10 bgp = import ./bgp.nix { };
11in
12{
13 systemd = {
14 timers.dn42-roa = {
15 description = "Trigger a ROA table update";
16
17 timerConfig = {
18 OnBootSec = "5m";
19 OnUnitInactiveSec = "1h";
20 Unit = "dn42-roa.service";
21 };
22
23 wantedBy = [ "timers.target" ];
24 before = [ "bird.service" ];
25 };
26 services = {
27 dn42-roa = {
28 after = [ "network.target" ];
29 description = "DN42 ROA Updated";
30 unitConfig = {
31 Type = "one-shot";
32 };
33 serviceConfig = {
34 ExecStart = "${script}/bin/update-roa";
35 };
36 };
37 };
38 };
39
40 services = {
41 bird = {
42 enable = true;
43 package = pkgs.bird2;
44 checkConfig = false;
45 config =
46 builtins.readFile ./bird.conf
47 + lib.concatStrings (
48 builtins.map (
49 x:
50 "\n protocol bgp ${x.name} from dnpeers {\n ${
51 if x.multihop then "multihop;" else ""
52 }\n ${
53 if x.gracefulRestart then "graceful restart on;" else ""
54 }\n neighbor ${x.neigh} as ${x.as};\n ${
55 if x.multi || x.v4 then
56 "\n ipv4 {\n extended next hop on;\n import where dn42_import_filter(${x.link},25,34);\n export where dn42_export_filter(${x.link},25,34);\n import keep filtered;\n };\n "
57 else
58 ""
59 }\n ${
60 if x.multi || x.v6 then
61 "\n ipv6 {\n extended next hop on;\n import where dn42_import_filter(${x.link},25,34);\n export where dn42_export_filter(${x.link},25,34);\n import keep filtered;\n };\n "
62 else
63 ""
64 }\n }\n "
65 ) bgp.sessions
66 )
67 + bgp.extraConfig;
68 };
69 };
70 users.users.thehedgehog.extraGroups = [ "bird2" ];
71}