diff options
Diffstat (limited to 'tnet')
| -rw-r--r-- | tnet/bird-deploy.yml | 5 | ||||
| -rw-r--r-- | tnet/bird-gen-password.yml | 1 | ||||
| -rw-r--r-- | tnet/bird-gen.yml | 17 | ||||
| -rw-r--r-- | tnet/files/lhn2pi/bird-tnet.conf | 48 | ||||
| -rw-r--r-- | tnet/files/node2/bird-tnet-pre.conf | 20 | ||||
| -rw-r--r-- | tnet/group_vars/all/bird.sops.yml | 45 | ||||
| -rw-r--r-- | tnet/host_vars/hash/bird.yml | 2 | ||||
| -rw-r--r-- | tnet/host_vars/hash/wg.yml | 6 | ||||
| -rw-r--r-- | tnet/host_vars/knot/bird.yml | 2 | ||||
| -rw-r--r-- | tnet/host_vars/knot/wg.yml | 16 | ||||
| -rw-r--r-- | tnet/host_vars/kv24ix/wg.yml | 3 | ||||
| -rw-r--r-- | tnet/host_vars/lhn2pi/bird.yml | 5 | ||||
| -rw-r--r-- | tnet/host_vars/lhn2pi/wg.yml | 7 | ||||
| -rw-r--r-- | tnet/keys/wg-kioubit_de2-knot.pub | 1 | ||||
| -rw-r--r-- | tnet/keys/wg-knot-kioubit_de2.pub | 1 | ||||
| -rw-r--r-- | tnet/keys/wg-knot-kioubit_de2.sops.key | 28 | ||||
| -rw-r--r-- | tnet/templates/akili/bird-tnet-pre.conf (renamed from tnet/files/akili/bird-tnet-pre.conf) | 0 | ||||
| -rw-r--r-- | tnet/templates/akili/bird-tnet.conf (renamed from tnet/files/akili/bird-tnet.conf) | 4 | ||||
| -rw-r--r-- | tnet/templates/astyanax/bird-tnet-pre.conf (renamed from tnet/files/astyanax/bird-tnet-pre.conf) | 0 | ||||
| -rw-r--r-- | tnet/templates/astyanax/bird-tnet.conf (renamed from tnet/files/astyanax/bird-tnet.conf) | 4 | ||||
| -rw-r--r-- | tnet/templates/bird-tnet.conf.j2 | 8 | ||||
| -rw-r--r-- | tnet/templates/conflatorio/bird-tnet-pre.conf (renamed from tnet/files/conflatorio/bird-tnet-pre.conf) | 0 | ||||
| -rw-r--r-- | tnet/templates/conflatorio/bird-tnet.conf (renamed from tnet/files/conflatorio/bird-tnet.conf) | 4 | ||||
| -rw-r--r-- | tnet/templates/coregonus/bird-tnet-pre.conf (renamed from tnet/files/coregonus/bird-tnet-pre.conf) | 0 | ||||
| -rw-r--r-- | tnet/templates/coregonus/bird-tnet.conf (renamed from tnet/files/coregonus/bird-tnet.conf) | 3 | ||||
| -rw-r--r-- | tnet/templates/hash/bird-tnet-pre.conf (renamed from tnet/files/hash/bird-tnet-pre.conf) | 0 | ||||
| -rw-r--r-- | tnet/templates/hash/bird-tnet.conf (renamed from tnet/files/hash/bird-tnet.conf) | 13 | ||||
| -rw-r--r-- | tnet/templates/knot/bird-tnet-pre.conf (renamed from tnet/files/knot/bird-tnet-pre.conf) | 0 | ||||
| -rw-r--r-- | tnet/templates/knot/bird-tnet.conf (renamed from tnet/files/knot/bird-tnet.conf) | 17 | ||||
| -rw-r--r-- | tnet/templates/node1/bird-tnet-pre.conf (renamed from tnet/files/lhn2pi/bird-tnet-pre.conf) | 0 | ||||
| -rw-r--r-- | tnet/templates/node1/bird-tnet.conf (renamed from tnet/files/node1/bird-tnet.conf) | 4 | ||||
| -rw-r--r-- | tnet/templates/node2/bird-tnet-pre.conf (renamed from tnet/files/node1/bird-tnet-pre.conf) | 0 | ||||
| -rw-r--r-- | tnet/templates/node2/bird-tnet.conf (renamed from tnet/files/node2/bird-tnet.conf) | 4 | ||||
| -rw-r--r-- | tnet/wg-links.yml | 1 |
34 files changed, 127 insertions, 142 deletions
diff --git a/tnet/bird-deploy.yml b/tnet/bird-deploy.yml index ed7cecf..9759c01 100644 --- a/tnet/bird-deploy.yml +++ b/tnet/bird-deploy.yml @@ -1,9 +1,9 @@ - hosts: tnet_bird tasks: - become: yes - copy: - dest: "/etc/bird/{{ item }}" + template: src: "{{ inventory_hostname }}/{{ item }}" + dest: "/etc/bird/{{ item }}" owner: bird group: bird mode: 0640 @@ -23,4 +23,3 @@ systemd: name: bird state: reloaded - diff --git a/tnet/bird-gen-password.yml b/tnet/bird-gen-password.yml new file mode 100644 index 0000000..501c5ef --- /dev/null +++ b/tnet/bird-gen-password.yml @@ -0,0 +1 @@ +- tasks: diff --git a/tnet/bird-gen.yml b/tnet/bird-gen.yml index 9fa71b1..74a83b1 100644 --- a/tnet/bird-gen.yml +++ b/tnet/bird-gen.yml @@ -1,25 +1,16 @@ -- name: Remove old configuration - hosts: localhost - connection: local - gather_facts: False - tasks: - - file: - path: files - state: absent - changed_when: False - - name: Generate Bird configuration hosts: tnet_bird connection: local gather_facts: False tasks: - - file: + - name: rmdir files/$hostname + file: path: files/{{ inventory_hostname }} - state: directory + state: absent changed_when: False - template: src: "{{ item }}.j2" - dest: "files/{{ inventory_hostname }}/{{ item }}" + dest: "templates/{{ inventory_hostname }}/{{ item }}" loop: - bird-tnet-pre.conf - bird-tnet.conf diff --git a/tnet/files/lhn2pi/bird-tnet.conf b/tnet/files/lhn2pi/bird-tnet.conf deleted file mode 100644 index 9f0ef8c..0000000 --- a/tnet/files/lhn2pi/bird-tnet.conf +++ /dev/null @@ -1,48 +0,0 @@ -# Set to true if this peer is directly connected to a dn42 peer -define is_dn42_peer = true; -# If we are connected directly to dn42, we don't want the dn42 routes from others -define import_dn42 = !is_dn42_peer; -define export_dn42 = is_dn42_peer; - -template bgp tnet_tpl { - local as 4242423538; - neighbor internal; - - direct; - - password "trygvis"; - - ipv6 { - next hop self; - import filter { - if is_tnet() then { - accept proto, ": (tnet) import accept, net=", net, ", from=", from, ", gw=", gw; - } else if import_dn42 && dn42_is_valid_network() then { - accept proto, ": (dn42) import accept, net=", net, ", from=", from, ", gw=", gw; - } else { - reject proto, ": import reject, reason=not tnet"; - } - }; - # newer bird's only - # import keep filtered; - export filter { - if is_tnet() then { - accept proto, ": (tnet) export accept, net=", net, ", from=", from, ", gw=", gw; - } else if export_dn42 && dn42_is_valid_network() then { - accept proto, ": (dn42) import accept, net=", net, ", from=", from, ", gw=", gw; - } else { - reject proto, ": export reject, reason=not tnet"; - } - }; - }; -} - -protocol bgp tnet_hash from tnet_tpl { - neighbor fe80:6195:1d43:9655:35f7:9dba:798c:26b8; - interface "tnet-hash"; -} - -protocol bgp tnet_knot from tnet_tpl { - neighbor fe80:d83a:350b:2162:6eda:1cc1:9cd7:80e8; - interface "tnet-knot"; -} diff --git a/tnet/files/node2/bird-tnet-pre.conf b/tnet/files/node2/bird-tnet-pre.conf deleted file mode 100644 index 74c981d..0000000 --- a/tnet/files/node2/bird-tnet-pre.conf +++ /dev/null @@ -1,20 +0,0 @@ -define tnet = fdb1:4242:3538:2000::/52; - -function is_tnet() -{ - return net ~ tnet; -} - -roa6 table dn42_roa; - -protocol static { - roa6 { table dn42_roa; }; - include "/etc/bird/dn42_roa_bird2_6.conf"; -}; - -function dn42_is_valid_network() -{ - return net ~ [ - fd00::/8{44,64} # ULA address space as per RFC 4193 - ]; -} diff --git a/tnet/group_vars/all/bird.sops.yml b/tnet/group_vars/all/bird.sops.yml new file mode 100644 index 0000000..c87f3c4 --- /dev/null +++ b/tnet/group_vars/all/bird.sops.yml @@ -0,0 +1,45 @@ +bgp_password: + conflatorio-knot: ENC[AES256_GCM,data:PBE4TnHXDw==,iv:Kj6SnVvwsYUrKt0Vqd76j6IaxufLP0Rf+Bw3i1M/3tI=,tag:9jPWHiqqTHSG8BMQ/k4pEw==,type:str] + coregonus-knot: ENC[AES256_GCM,data:WgO2B0FQVQ==,iv:zhaCbX6M7fMMHr63KgIrOcpnI9dmPJLTOlXJVqYkFb0=,tag:Y2H+RjuPGBMUFJJFEeL5Yw==,type:str] + hash-knot: ENC[AES256_GCM,data:SI2yYLIepg==,iv:Icky8rMsLQj77zu5vdqCZBWoHiYlNbIwlAvD5m+DH7A=,tag:9PImx9SXYuusNhZeWVPV7g==,type:str] + knot-kv24ix: ENC[AES256_GCM,data:z7SG+zuQ7g==,iv:APPjOs+MH9c0xfxmGEMoAQq00i847jGdbpoSkgwbpY0=,tag:jkgb7PlAF/kb50+i+3WEGw==,type:str] + knot-node1: ENC[AES256_GCM,data:rY0x5yu9zw==,iv:TyyhW1IwtkcU2q2y6ACgEqNEqMJ64PyMQ/kkkyCJB8E=,tag:fepqIEhEbrNFUr9f1iOMAQ==,type:str] + knot-node2: ENC[AES256_GCM,data:EE/JkIj23g==,iv:Gv1kd+lOFPir3z0TTlRdeOMffCQreBA5HiCHHwOUu+M=,tag:hwmABQCkbvQ6kSVchUZ6+g==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age13wv3rp0varlg4nvt3tca48fq8u9q3mc6yfdekjeapcmc7kaq4dysrzcmv3 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxb2RRcHh2UVN0U0ljeFgr + VndTMkRRR0Fzd042R0F5RnZpelZRNmVIcG1jCklHMkFoVjBhb3NrMjB5c3dMcjYv + Zkw5c3hIeElQOW54WDJ6a1MySDc2bGMKLS0tIEt3TTdLVkx4UFRCOU5WcWxjbXky + b05uMC94dUtxWE1qWHRTbVlubWQ4N1UKcPsMrAWryuaHar6qF/JL40hMkhkGoVsv + fj1FGz2xoI1FOtnqU8/LCOZF7ncUjzJS0m2GxiA/WDRLeLSWAi84vg== + -----END AGE ENCRYPTED FILE----- + - recipient: age1mvh832crygenu5tu5njtraraet656rzwnawuasjggvs999dc9ueqj9qclw + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6MEJWVjF4cm04UU44bU9N + VEpmVnVDN1VIcm5RVk1VcThqNjFQQ3EzNkdjCnFGcVBMb0NiTzFSUm1qckkzRjNR + WEo1ai95L1B2bEpCYnB2blNyOFBwR0kKLS0tIFEyWlRZbUZWdnR0dzVCc0NraHpj + OUxUbWp4T1E2TTBTN0NRSDdKaXlJd2cKMwUjax16RyxnQRpxtZDjnrJx7CX06Z37 + T5GfLprSS4vXGfQkuJTDn7a/v8DfftOBL9ubclIet9cOD8YzIcAiZw== + -----END AGE ENCRYPTED FILE----- + - recipient: age1teasctdpkatekpsa47q58d3ugwyyqcuj5v9udtusk7ca9sfv694sw057a5 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmZEdhUlBEV1FBeGhSNVNG + YkQ1dmlieWlVMmMvUERNTnJlcVpmV3lBa0JjCnBJUWJmUmp2d01ZdFRlR3M1ZUI0 + NHhnMmxYNmlHeFFGbjJnK0w4QU5HenMKLS0tIHd6aUk1NWR2SnFCMENzSGFES0hi + VzVzNmtJampuZ2tKQnU3Y3FTZFFhdkUKej0Hy9kOYDqg+8B+slMdGE2Krcvqr4uJ + X7GxDCdLV7sllK6OlHe2aQkXb16oT0iGG7N61LCzWBDOfx0hzdyFPA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-12-28T08:18:39Z" + mac: ENC[AES256_GCM,data:imlEN3/KxgOfZ8PKJHE6V6+1eMIVAZCTuGPMkocTgEqoKacpUbP6ap4lT3tm5I/YdeSJuRSYV3z89PPmkXXa31+c57RFewgX0bpvMYijEzI780xN4TXybETRqOKhUtv01RgAo2nZvmtVl7xi4tvr1NC22Af1ZzeheFI5rZt30vo=,iv:Zq7S3H+aBu1iuNdMw4AkvnjDh0spJJ3jLuJ0NVE3s5I=,tag:ClHvPDrAFfYNrppouOJJSw==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.1 diff --git a/tnet/host_vars/hash/bird.yml b/tnet/host_vars/hash/bird.yml index 2b4bb51..663f8e1 100644 --- a/tnet/host_vars/hash/bird.yml +++ b/tnet/host_vars/hash/bird.yml @@ -4,8 +4,6 @@ tnet_bird_peers: interface: tnet-confltrio knot: rr_client: true - lhn2pi: - rr_client: true node1: rr_client: true node2: diff --git a/tnet/host_vars/hash/wg.yml b/tnet/host_vars/hash/wg.yml index 5754f57..31707c9 100644 --- a/tnet/host_vars/hash/wg.yml +++ b/tnet/host_vars/hash/wg.yml @@ -7,9 +7,9 @@ tnet_wg: akili: port: 51002 address: fdb1:4242:3538:ffff:ca85:f812:3935:5fba - lhn2pi: - port: 51003 - address: fe80:6195:1d43:9655:35f7:9dba:798c:26b8 +# lhn2pi: +# port: 51003 +# address: fe80:6195:1d43:9655:35f7:9dba:798c:26b8 astyanax: port: 51004 address: fe80:a0fd:89e4:42c6:f617:7398:abf4:b516 diff --git a/tnet/host_vars/knot/bird.yml b/tnet/host_vars/knot/bird.yml index 94c610a..107df4c 100644 --- a/tnet/host_vars/knot/bird.yml +++ b/tnet/host_vars/knot/bird.yml @@ -12,8 +12,6 @@ tnet_bird_peers: rr_client: true node2: rr_client: true - lhn2pi: - rr_client: true routedbits_lon1: policy: dn42 as: 4242420207 diff --git a/tnet/host_vars/knot/wg.yml b/tnet/host_vars/knot/wg.yml index 9ad867e..fa91acb 100644 --- a/tnet/host_vars/knot/wg.yml +++ b/tnet/host_vars/knot/wg.yml @@ -6,16 +6,17 @@ tnet_wg: address: fe80:3b20:4cb0:5315:22a:c7de:a45b:8a7c lhn2ix: port: 51002 - address: fdb1:4242:3538:ffff:18b7:d3ec:5608:db9a +# address: fdb1:4242:3538:ffff:18b7:d3ec:5608:db9a + address: fdb1:4242:3538:2f02::a kv24ix: port: 51003 - address: fe80:fef1:078a:5b64:efd3:ae7b:d286:d7ce + address: fdb1:4242:3538:2f01::a akili: port: 51004 address: fdb1:4242:3538:ffff:59d7:cf77:8b5d:761a - lhn2pi: - port: 51005 - address: fe80:d83a:350b:2162:6eda:1cc1:9cd7:80e8 +# lhn2pi: +# port: 51005 +# address: fe80:d83a:350b:2162:6eda:1cc1:9cd7:80e8 astyanax: port: 51006 address: fe80:6728:53fc:fc81:40b3:9beb:8336:ba56 @@ -37,3 +38,8 @@ tnet_wg: if_name: coregonus port: 51011 address: fe80:ba82:77f0:f96d:7a85:a7fa:ef6f:37d2 + kioubit_de2: + if_name: kioubit_d2 + endpoint: de2.g-load.eu:23538 + port: 51012 + address: fe80::ade1 diff --git a/tnet/host_vars/kv24ix/wg.yml b/tnet/host_vars/kv24ix/wg.yml index 99c54b6..4a4c833 100644 --- a/tnet/host_vars/kv24ix/wg.yml +++ b/tnet/host_vars/kv24ix/wg.yml @@ -1,3 +1,4 @@ tnet_wg: knot: - address: fe80:fef1:078a:5b64:efd3:ae7b:d286:d7cf +# address: fdb1:4242:3538:ffff:18b7:d3ec:5608:db9b + address: fdb1:4242:3538:2f02::b/64 diff --git a/tnet/host_vars/lhn2pi/bird.yml b/tnet/host_vars/lhn2pi/bird.yml deleted file mode 100644 index 564c993..0000000 --- a/tnet/host_vars/lhn2pi/bird.yml +++ /dev/null @@ -1,5 +0,0 @@ -tnet_bird_peers: - hash: - knot: - -birdv: 2008 diff --git a/tnet/host_vars/lhn2pi/wg.yml b/tnet/host_vars/lhn2pi/wg.yml deleted file mode 100644 index c94745c..0000000 --- a/tnet/host_vars/lhn2pi/wg.yml +++ /dev/null @@ -1,7 +0,0 @@ -tnet_wg: - knot: - endpoint: knot.inamo.no:51005 - address: fe80:d83a:350b:2162:6eda:1cc1:9cd7:80e9 - hash: - endpoint: hash.trygvis.io:51003 - address: fe80:6195:1d43:9655:35f7:9dba:798c:26b9 diff --git a/tnet/keys/wg-kioubit_de2-knot.pub b/tnet/keys/wg-kioubit_de2-knot.pub new file mode 100644 index 0000000..aed317e --- /dev/null +++ b/tnet/keys/wg-kioubit_de2-knot.pub @@ -0,0 +1 @@ +B1xSG/XTJRLd+GrWDsB06BqnIq8Xud93YVh/LYYYtUY= diff --git a/tnet/keys/wg-knot-kioubit_de2.pub b/tnet/keys/wg-knot-kioubit_de2.pub new file mode 100644 index 0000000..a8d0922 --- /dev/null +++ b/tnet/keys/wg-knot-kioubit_de2.pub @@ -0,0 +1 @@ +7QJdCBlpvYWHyg33ifsifWmV/bV6RgUct4lh0ykCK1g= diff --git a/tnet/keys/wg-knot-kioubit_de2.sops.key b/tnet/keys/wg-knot-kioubit_de2.sops.key new file mode 100644 index 0000000..6f699b0 --- /dev/null +++ b/tnet/keys/wg-knot-kioubit_de2.sops.key @@ -0,0 +1,28 @@ +{ + "data": "ENC[AES256_GCM,data:pj1LPjdqo+M/GlgWA63LNH/lM7F5rOYeMF1a0qNuBm6/luo5PvRYBj2jyLxa,iv:qlIvXCBXd9dyC6tj9WH0mq3jomzSUc4maPg9zPIvDbM=,tag:cSHZFa18BISZ9owjkHVkVw==,type:str]", + "sops": { + "kms": null, + "gcp_kms": null, + "azure_kv": null, + "hc_vault": null, + "age": [ + { + "recipient": "age13wv3rp0varlg4nvt3tca48fq8u9q3mc6yfdekjeapcmc7kaq4dysrzcmv3", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2MTdPUUFNU0FXcTZWckZJ\nSXV2a3ZQVmE0T3BNTVByMGp0L3ZvZERyNEFjCmFjcmRpeXU5S2tlTnp3NXBPKzl4\nZ1doRVZ0TTYwZkkvSU5RNitySUJoTWsKLS0tIGlsNzJHL0FydVRXT3puT0RuR0R2\nZGZSaXFOWFB2YkoyMi8rZ0tBL2xxbjAKDPy+8yB95EZZq542FtuI3vo4NmcDrVO5\njOvYGmatpxqSZJ9Oy4HpMzKSWvSuKVkZwTcG7Zzrhi6qrhm/TKIRvQ==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1mvh832crygenu5tu5njtraraet656rzwnawuasjggvs999dc9ueqj9qclw", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0dGlteEludXNpampzd0lD\nTGtQYjIwV3dEbVlEYUJOTlRXZDJYTGNpM1dzCncxMWg4R0J4aVQxQWlvQXY2ZmFH\nWjlxckFWZ2IzMnNENDZHeGFPUlJtVXMKLS0tIHJET2RLL1dBVURwdHhMZGpiMHlW\nblFaQTlDRDE4TmN6SDBnbTVpa3d1eEkKReWQml+gnXRCFbQtF5tFm8vUrALnY+QB\n/dki/g35K2I4tzyPg7qPgKEdGGUYcPTfg1Fyf2m7Q7xXJ7Xg7T1flA==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1teasctdpkatekpsa47q58d3ugwyyqcuj5v9udtusk7ca9sfv694sw057a5", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrNTltblFtRGVLM2xSTGp1\nVjFNMzBaNHJ2WmZTeUlON25GZE5hSUF5QVdFCmFQb28xK2dDVFdzcS9hSTZGRnRv\nSDBDNWNGb3lWVFVmNk9VR1N5TTRkd1kKLS0tIHBhZVp3d3U4UzlDK0ZkaWRxdTA5\nelBrVFVId1IydVpOcXl2R2x3SDZlNlkKNB7tdDL9QdglbbN/za18BBbWDEEvgZcr\nIHEiz1UJZZYdKEsfk1w0LRE9IKhh7LdL11hCtfO/2uTVY/4ghDFHcA==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-06-30T17:13:23Z", + "mac": "ENC[AES256_GCM,data:zY63cqqaceaSuyIBi06jQcwuUaR/bD8h1EL0B+2M8SLTdPQAQ88cDzWze8NjpN2WqPYsxGNo2RYZe0YPXg3ymEJ9YeOvOBzALUZvf7geF7KOoNAqzzieWmIjt7K6Xmq8w1LmsEN3oM8oUU/vNiNoXLHpcD+/Yamu2d0CGr32TZU=,iv:Aj7Hop2etAvJrfsFrvoag0bvKlaMrJySdea3t4cK9c8=,tag:kN4Tn6kiKEwFy0RW6i/HDA==,type:str]", + "pgp": null, + "unencrypted_suffix": "_unencrypted", + "version": "3.9.1" + } +}
\ No newline at end of file diff --git a/tnet/files/akili/bird-tnet-pre.conf b/tnet/templates/akili/bird-tnet-pre.conf index 74c981d..74c981d 100644 --- a/tnet/files/akili/bird-tnet-pre.conf +++ b/tnet/templates/akili/bird-tnet-pre.conf diff --git a/tnet/files/akili/bird-tnet.conf b/tnet/templates/akili/bird-tnet.conf index 24c9b8e..d306fcc 100644 --- a/tnet/files/akili/bird-tnet.conf +++ b/tnet/templates/akili/bird-tnet.conf @@ -10,8 +10,6 @@ template bgp tnet_tpl { direct; - password "trygvis"; - ipv6 { next hop self; import filter { @@ -40,9 +38,11 @@ template bgp tnet_tpl { protocol bgp tnet_hash from tnet_tpl { neighbor fdb1:4242:3538:ffff:ca85:f812:3935:5fba; interface "tnet-hash"; + password "{{ bgp_password['akili-hash'] }}"; } protocol bgp tnet_knot from tnet_tpl { neighbor fdb1:4242:3538:ffff:59d7:cf77:8b5d:761a; interface "tnet-knot"; + password "{{ bgp_password['akili-knot'] }}"; } diff --git a/tnet/files/astyanax/bird-tnet-pre.conf b/tnet/templates/astyanax/bird-tnet-pre.conf index 74c981d..74c981d 100644 --- a/tnet/files/astyanax/bird-tnet-pre.conf +++ b/tnet/templates/astyanax/bird-tnet-pre.conf diff --git a/tnet/files/astyanax/bird-tnet.conf b/tnet/templates/astyanax/bird-tnet.conf index 3dbf4c9..496cebe 100644 --- a/tnet/files/astyanax/bird-tnet.conf +++ b/tnet/templates/astyanax/bird-tnet.conf @@ -10,8 +10,6 @@ template bgp tnet_tpl { direct; - password "trygvis"; - ipv6 { next hop self; import filter { @@ -40,9 +38,11 @@ template bgp tnet_tpl { protocol bgp tnet_hash from tnet_tpl { neighbor fe80:a0fd:89e4:42c6:f617:7398:abf4:b516; interface "tnet-hash"; + password "{{ bgp_password['astyanax-hash'] }}"; } protocol bgp tnet_knot from tnet_tpl { neighbor fe80:6728:53fc:fc81:40b3:9beb:8336:ba56; interface "tnet-knot"; + password "{{ bgp_password['astyanax-knot'] }}"; } diff --git a/tnet/templates/bird-tnet.conf.j2 b/tnet/templates/bird-tnet.conf.j2 index 2ba456b..1185014 100644 --- a/tnet/templates/bird-tnet.conf.j2 +++ b/tnet/templates/bird-tnet.conf.j2 @@ -10,8 +10,6 @@ template bgp tnet_tpl { direct; - password "trygvis"; - ipv6 { next hop self; import filter { @@ -48,6 +46,12 @@ protocol bgp tnet_{{ p }} from tnet_tpl { {% else %} interface "tnet-{{ p }}"; {% endif %} +{% if inventory_hostname < p %} +{% set password_var = inventory_hostname + "-" + p %} +{% else %} +{% set password_var = p + "-" + inventory_hostname %} +{% endif %} + password "{{ "{{ bgp_password['" + password_var + "'] }}" }}"; {% if peer.rr_client|default(False) %} rr client; diff --git a/tnet/files/conflatorio/bird-tnet-pre.conf b/tnet/templates/conflatorio/bird-tnet-pre.conf index d60e8df..d60e8df 100644 --- a/tnet/files/conflatorio/bird-tnet-pre.conf +++ b/tnet/templates/conflatorio/bird-tnet-pre.conf diff --git a/tnet/files/conflatorio/bird-tnet.conf b/tnet/templates/conflatorio/bird-tnet.conf index 02780a6..4ffcc7f 100644 --- a/tnet/files/conflatorio/bird-tnet.conf +++ b/tnet/templates/conflatorio/bird-tnet.conf @@ -10,8 +10,6 @@ template bgp tnet_tpl { direct; - password "trygvis"; - ipv6 { next hop self; import filter { @@ -40,9 +38,11 @@ template bgp tnet_tpl { protocol bgp tnet_hash from tnet_tpl { neighbor fe80:4540:476c:d432:2f32:818b:811b:bb61; interface "tnet-hash"; + password "{{ bgp_password['conflatorio-hash'] }}"; } protocol bgp tnet_knot from tnet_tpl { neighbor fe80:47fc:0660:b91f:1063:a6ae:46bb:7589; interface "tnet-knot"; + password "{{ bgp_password['conflatorio-knot'] }}"; } diff --git a/tnet/files/coregonus/bird-tnet-pre.conf b/tnet/templates/coregonus/bird-tnet-pre.conf index d60e8df..d60e8df 100644 --- a/tnet/files/coregonus/bird-tnet-pre.conf +++ b/tnet/templates/coregonus/bird-tnet-pre.conf diff --git a/tnet/files/coregonus/bird-tnet.conf b/tnet/templates/coregonus/bird-tnet.conf index 95ede41..2d2a573 100644 --- a/tnet/files/coregonus/bird-tnet.conf +++ b/tnet/templates/coregonus/bird-tnet.conf @@ -10,8 +10,6 @@ template bgp tnet_tpl { direct; - password "trygvis"; - ipv6 { next hop self; import filter { @@ -40,4 +38,5 @@ template bgp tnet_tpl { protocol bgp tnet_knot from tnet_tpl { neighbor fe80:ba82:77f0:f96d:7a85:a7fa:ef6f:37d2; interface "tnet-knot"; + password "{{ bgp_password['coregonus-knot'] }}"; } diff --git a/tnet/files/hash/bird-tnet-pre.conf b/tnet/templates/hash/bird-tnet-pre.conf index 74c981d..74c981d 100644 --- a/tnet/files/hash/bird-tnet-pre.conf +++ b/tnet/templates/hash/bird-tnet-pre.conf diff --git a/tnet/files/hash/bird-tnet.conf b/tnet/templates/hash/bird-tnet.conf index a570291..9a0eed0 100644 --- a/tnet/files/hash/bird-tnet.conf +++ b/tnet/templates/hash/bird-tnet.conf @@ -10,8 +10,6 @@ template bgp tnet_tpl { direct; - password "trygvis"; - ipv6 { next hop self; import filter { @@ -40,6 +38,7 @@ template bgp tnet_tpl { protocol bgp tnet_conflatorio from tnet_tpl { neighbor fe80:4540:476c:d432:2f32:818b:811b:bb60; interface "tnet-confltrio"; + password "{{ bgp_password['conflatorio-hash'] }}"; rr client; } @@ -47,13 +46,7 @@ protocol bgp tnet_conflatorio from tnet_tpl { protocol bgp tnet_knot from tnet_tpl { neighbor fe80:3b20:4cb0:5315:22a:c7de:a45b:8a7c; interface "tnet-knot"; - - rr client; -} - -protocol bgp tnet_lhn2pi from tnet_tpl { - neighbor fe80:6195:1d43:9655:35f7:9dba:798c:26b9; - interface "tnet-lhn2pi"; + password "{{ bgp_password['hash-knot'] }}"; rr client; } @@ -61,6 +54,7 @@ protocol bgp tnet_lhn2pi from tnet_tpl { protocol bgp tnet_node1 from tnet_tpl { neighbor fe80:a026:6ec2:b356:21c5:b51:22b9:a1df; interface "tnet-node1"; + password "{{ bgp_password['hash-node1'] }}"; rr client; } @@ -68,6 +62,7 @@ protocol bgp tnet_node1 from tnet_tpl { protocol bgp tnet_node2 from tnet_tpl { neighbor fe80:a7a6:c1a8:c261:232e:7d67:fc27:7c8d; interface "tnet-node2"; + password "{{ bgp_password['hash-node2'] }}"; rr client; } diff --git a/tnet/files/knot/bird-tnet-pre.conf b/tnet/templates/knot/bird-tnet-pre.conf index d60e8df..d60e8df 100644 --- a/tnet/files/knot/bird-tnet-pre.conf +++ b/tnet/templates/knot/bird-tnet-pre.conf diff --git a/tnet/files/knot/bird-tnet.conf b/tnet/templates/knot/bird-tnet.conf index f21be09..2cbbb75 100644 --- a/tnet/files/knot/bird-tnet.conf +++ b/tnet/templates/knot/bird-tnet.conf @@ -10,8 +10,6 @@ template bgp tnet_tpl { direct; - password "trygvis"; - ipv6 { next hop self; import filter { @@ -40,6 +38,7 @@ template bgp tnet_tpl { protocol bgp tnet_conflatorio from tnet_tpl { neighbor fe80:47fc:660:b91f:1063:a6ae:46bb:7588; interface "tnet-confltrio"; + password "{{ bgp_password['conflatorio-knot'] }}"; rr client; } @@ -47,6 +46,7 @@ protocol bgp tnet_conflatorio from tnet_tpl { protocol bgp tnet_coregonus from tnet_tpl { neighbor fe80:ba82:77f0:f96d:7a85:a7fa:ef6f:37d3; interface "tnet-coregonus"; + password "{{ bgp_password['coregonus-knot'] }}"; rr client; } @@ -54,20 +54,15 @@ protocol bgp tnet_coregonus from tnet_tpl { protocol bgp tnet_hash from tnet_tpl { neighbor fe80:3b20:4cb0:5315:22a:c7de:a45b:8a7d; interface "tnet-hash"; + password "{{ bgp_password['hash-knot'] }}"; rr client; } protocol bgp tnet_kv24ix from tnet_tpl { - neighbor fe80:fef1:078a:5b64:efd3:ae7b:d286:d7cf; + neighbor fdb1:4242:3538:2f02::b/64; interface "tnet-kv24ix"; - - rr client; -} - -protocol bgp tnet_lhn2pi from tnet_tpl { - neighbor fe80:d83a:350b:2162:6eda:1cc1:9cd7:80e9; - interface "tnet-lhn2pi"; + password "{{ bgp_password['knot-kv24ix'] }}"; rr client; } @@ -75,6 +70,7 @@ protocol bgp tnet_lhn2pi from tnet_tpl { protocol bgp tnet_node1 from tnet_tpl { neighbor fe80:58eb:3930:1815:2a6d:8918:70c9:96f3; interface "tnet-node1"; + password "{{ bgp_password['knot-node1'] }}"; rr client; } @@ -82,6 +78,7 @@ protocol bgp tnet_node1 from tnet_tpl { protocol bgp tnet_node2 from tnet_tpl { neighbor fe80:9dd8:abac:cf05:aea3:dc03:4c74:32db; interface "tnet-node2"; + password "{{ bgp_password['knot-node2'] }}"; rr client; } diff --git a/tnet/files/lhn2pi/bird-tnet-pre.conf b/tnet/templates/node1/bird-tnet-pre.conf index 74c981d..74c981d 100644 --- a/tnet/files/lhn2pi/bird-tnet-pre.conf +++ b/tnet/templates/node1/bird-tnet-pre.conf diff --git a/tnet/files/node1/bird-tnet.conf b/tnet/templates/node1/bird-tnet.conf index 6449582..bafb6de 100644 --- a/tnet/files/node1/bird-tnet.conf +++ b/tnet/templates/node1/bird-tnet.conf @@ -10,8 +10,6 @@ template bgp tnet_tpl { direct; - password "trygvis"; - ipv6 { next hop self; import filter { @@ -40,9 +38,11 @@ template bgp tnet_tpl { protocol bgp tnet_hash from tnet_tpl { neighbor fe80:a026:6ec2:b356:21c5:b51:22b9:a1de; interface "tnet-hash"; + password "{{ bgp_password['hash-node1'] }}"; } protocol bgp tnet_knot from tnet_tpl { neighbor fe80:58eb:3930:1815:2a6d:8918:70c9:96f2; interface "tnet-knot"; + password "{{ bgp_password['knot-node1'] }}"; } diff --git a/tnet/files/node1/bird-tnet-pre.conf b/tnet/templates/node2/bird-tnet-pre.conf index 74c981d..74c981d 100644 --- a/tnet/files/node1/bird-tnet-pre.conf +++ b/tnet/templates/node2/bird-tnet-pre.conf diff --git a/tnet/files/node2/bird-tnet.conf b/tnet/templates/node2/bird-tnet.conf index b9a2294..8a7b887 100644 --- a/tnet/files/node2/bird-tnet.conf +++ b/tnet/templates/node2/bird-tnet.conf @@ -10,8 +10,6 @@ template bgp tnet_tpl { direct; - password "trygvis"; - ipv6 { next hop self; import filter { @@ -40,9 +38,11 @@ template bgp tnet_tpl { protocol bgp tnet_hash from tnet_tpl { neighbor fe80:a7a6:c1a8:c261:232e:7d67:fc27:7c8c; interface "tnet-hash"; + password "{{ bgp_password['hash-node2'] }}"; } protocol bgp tnet_knot from tnet_tpl { neighbor fe80:9dd8:abac:cf05:aea3:dc03:4c74:32da; interface "tnet-knot"; + password "{{ bgp_password['knot-node2'] }}"; } diff --git a/tnet/wg-links.yml b/tnet/wg-links.yml index a050547..6613614 100644 --- a/tnet/wg-links.yml +++ b/tnet/wg-links.yml @@ -6,6 +6,7 @@ handlers: # Has to be restart for now, hash doesn't support reloading networkd - name: systemctl restart systemd-networkd + #when: false become: yes systemd: name: systemd-networkd |