bundlewrap/bundles/bird/metadata.py

from ipaddress import ip_network
from bundlewrap.exceptions import NoSuchNode
from bundlewrap.metadata import atomic

defaults = {
    'apt': {
        'packages': {
            'bird2': {},
        },
    },
    'sysctl': {
        'options': {
            'net.ipv4.ip_forward': '1',
            'net.ipv6.conf.all.forwarding': '1',
        },
    },
}

@metadata_reactor.provides(
    'bird/bgp_neighbors',
)
def neighbor_info_from_wireguard(metadata):
    neighbors = {}
    my_as = repo.libs.s2s.AS_NUMBERS[metadata.get('location')]

    for name, config in metadata.get('wireguard/peers', {}).items():
        try:
            rnode = repo.get_node(name)
        except NoSuchNode:
            continue

        neighbors[name] = {
            'local_ip': config['my_ip'],
            'local_as': my_as,
            'neighbor_ip': config['their_ip'],
            'neighbor_as': repo.libs.s2s.AS_NUMBERS[rnode.metadata.get('location')],
        }

    return {
        'bird': {
            'bgp_neighbors': neighbors,
        },
    }


@metadata_reactor.provides(
    'bird/my_ip',
)
def my_ip(metadata):
    if node.has_bundle('wireguard'):
        my_ip = sorted(metadata.get('interfaces/wg0/ips'))[0].split('/')[0]
    else:
        my_ip = str(sorted(repo.libs.tools.resolve_identifier(repo, node.name))[0])

    return {
        'bird': {
            'my_ip': my_ip,
        },
    }


@metadata_reactor.provides(
    'firewall/port_rules',
)
def firewall(metadata):
    sources = set()
    for config in metadata.get('bird/bgp_neighbors', {}).values():
        sources.add(config['neighbor_ip'])

    return {
        'firewall': {
            'port_rules': {
                '179': atomic(sources),
            },
        },
    }
add bundle:bird 2021-09-29 17:45:18 +00:00			`from ipaddress import ip_network`
			`from bundlewrap.exceptions import NoSuchNode`
			`from bundlewrap.metadata import atomic`

			`defaults = {`
			`'apt': {`
			`'packages': {`
			`'bird2': {},`
			`},`
			`},`
			`'sysctl': {`
			`'options': {`
			`'net.ipv4.ip_forward': '1',`
			`'net.ipv6.conf.all.forwarding': '1',`
			`},`
			`},`
			`}`

			`@metadata_reactor.provides(`
			`'bird/bgp_neighbors',`
			`)`
			`def neighbor_info_from_wireguard(metadata):`
			`neighbors = {}`
			`my_as = repo.libs.s2s.AS_NUMBERS[metadata.get('location')]`

			`for name, config in metadata.get('wireguard/peers', {}).items():`
			`try:`
			`rnode = repo.get_node(name)`
			`except NoSuchNode:`
			`continue`

			`neighbors[name] = {`
			`'local_ip': config['my_ip'],`
			`'local_as': my_as,`
			`'neighbor_ip': config['their_ip'],`
			`'neighbor_as': repo.libs.s2s.AS_NUMBERS[rnode.metadata.get('location')],`
			`}`

			`return {`
			`'bird': {`
			`'bgp_neighbors': neighbors,`
			`},`
			`}`


			`@metadata_reactor.provides(`
			`'bird/my_ip',`
			`)`
			`def my_ip(metadata):`
			`if node.has_bundle('wireguard'):`
			`my_ip = sorted(metadata.get('interfaces/wg0/ips'))[0].split('/')[0]`
			`else:`
			`my_ip = str(sorted(repo.libs.tools.resolve_identifier(repo, node.name))[0])`

			`return {`
			`'bird': {`
			`'my_ip': my_ip,`
			`},`
			`}`


			`@metadata_reactor.provides(`
			`'firewall/port_rules',`
			`)`
			`def firewall(metadata):`
			`sources = set()`
			`for config in metadata.get('bird/bgp_neighbors', {}).values():`
			`sources.add(config['neighbor_ip'])`

			`return {`
			`'firewall': {`
			`'port_rules': {`
			`'179': atomic(sources),`
			`},`
			`},`
			`}`