Update build.sh, README.md, bird/bird.conf.tmpl, tinc/subnet-down.tmpl, tinc/subnet-up.tmpl, tinc/tinc-up.tmpl, tinc/tinc.conf.tmpl, docker-compose.yml files

Deleted gortr/roas.json, tinc/lixonet/hosts/daltx_nurd_lixo, tinc/lixonet/hosts/denco_mane_lixo, tinc/lixonet/hosts/inwwv_nurd_lixo, tinc/lixonet/hosts/lkwco_mane_lixo, tinc/lixonet/hosts/manva_nurd_lixo, tinc/lixonet/subnet-down.tmpl, tinc/lixonet/subnet-up.tmpl, tinc/lixonet/tinc-up.tmpl, tinc/lixonet/tinc.conf.tmpl, bird/rpki/hosts/denco_mane_lixo, bird/rpki/known_hosts, bird/neighbors/daltx_nurd_lixo, bird/neighbors/denco_mane_lixo, bird/neighbors/glaz_nurd_lixo, bird/neighbors/lkwco_mane_lixo, bird/neighbors/phxaz_nurd_lixo files

README.md

@@ -53,7 +53,7 @@ You **MUST** specify these options, or Lixonet will not work.
  * `netmask`: router netmask: defaults to `255.255.255.0` (`/24`); _SHOULD_ be the bitmask that corresponds to the `router_prefix`
 
 #### Tinc options
- * `tinc_interface_name` - The name of the interface that Tinc should create when it's started.  Defaults to `lixonet`.  Set this for multiple networks.
+ * `network_name` - The name of the interface that Tinc should create when it's started.  Defaults to `lixonet`.  Set this for multiple networks.
  * `tinc_bind_address` - The address that Tinc should bind to to _listen_ for incoming WAN-sided connections (i.e. 10.0.0.1).  This is _not_ the Lixonet router IP (i.e. 172.31.0.8).  Use this if you have an `eth1` that you _don't_ want to use for binding tinc to, and would prefer to bind tinc exclusivley to `eth0` instead.
  * `tinc_connect_to` - A comma-separated list of well-known/pre-defined hosts to connect to (i.e. `denco_mane_lixo`).  If not supplied, this is automatically set to all core routers that aren't yourself (`name`).
 

bird/bird.conf.tmpl

@@ -12,11 +12,11 @@
 
 log stderr all;         # Using docker; defer logging to stderr (to Docker logs)
 debug protocols all;    # Enable debugging (this should be switched off in prod)
-router id ${address};
+router id ${tinc_peer_address};
 
 # Custom routing tables
 # See: https://bird.network.cz/?get_doc&v=20&f=bird-2.html (recommended read)
-ipv4 table lixonet_v4;
+ipv4 table ${network_name:-lixonet}_v4;
 roa4 table r4; # ROA RPKI
 
 # RPKI
@@ -120,13 +120,13 @@ filter kernel_export_filter_v4
 # See how dn42 does it; we're very similar: https://dn42.net/howto/Bird
 protocol static {
     ipv4 {
-        table lixonet_v4;
+        table ${network_name:-lixonet}_v4;
         import all;
         export none;
     };
 
     # Announced networks
-    {{ if len "${routes:-}" }}{{ range "$routes" | split "," }}route {{.}} reject;
+    {{ if len "${bgp_routes:-}" }}{{ range "$bgp_routes" | split "," }}route {{.}} reject;
     {{ end }}{{ end }}
 };
 
@@ -136,8 +136,8 @@ protocol static {
 # This prevents BGP from listening on eth0/off-network
 protocol device {
     scan time 10;       # Scan the interfaces often
-    interface "lixonet" {
-        preferred ${address};
+    interface "${network_name:-lixonet}" {
+        preferred ${tinc_peer_address};
     };
 };
 
@@ -155,7 +155,7 @@ protocol kernel {               # Primary routing table
     persist;                # Don't remove routes on bird shutdown
     scan time 10;           # Scan kernel routing table every 10 seconds
     ipv4 {
-        table lixonet_v4;
+        table ${network_name:-lixonet}_v4;
         import none;                        # Don't try to import any routes from the kernel
         export filter kernel_export_filter_v4; # Export everything we are told to the kernel
     };
@@ -168,10 +168,10 @@ protocol kernel {               # Primary routing table
 # individual neighbor configurations where per-neighbor configurations (such as their
 # ASN) are applied.
 template bgp lixonet_client {
-    local as ${asn};                # Local AS advertised to peers, read from lixonet.conf
+    local as ${bgp_asn};                    # Local AS advertised to peers
 
-    source address ${address};      # What local IP address we use for any outbound TCP
-                                    #  connections on port 179
+    source address ${tinc_peer_address};    # What local IP address we use for any outbound TCP
+                                            #  connections on port 179
 
     path metric ${bgp_path_metric:-1}; # 1 = Prefer routes with shorter paths (like Cisco does)
 
@@ -180,7 +180,7 @@ template bgp lixonet_client {
 
     # BGP IPv4 channel settings
     ipv4 {
-        table lixonet_v4;
+        table ${network_name:-lixonet}_v4;
 
         # Always advertise our own local address as a next hop, even in cases where the
         # current Next Hop attribute should be used unchanged.
@@ -204,8 +204,8 @@ template bgp lixonet_client {
 };
 
 # Neighbors
-{{ range files "bird/neighbors" }} {{ if ne . "${name}" }}
+{{ range files "bird/neighbors" }} {{ if ne . "${tinc_peer_name}" }}
 protocol bgp {{ . }} from lixonet_client {
-    description "Lixonet BGP link from ${address} (ASN: ${asn}) to {{ . }}";
+    description "Lixonet BGP link to {{ . }}";
     {{ include (print "bird/neighbors/" .) }}
 };{{ end }}{{ end }}

bird/neighbors/daltx_nurd_lixo

@@ -1,2 +0,0 @@
-neighbor 172.31.0.212 as 4206969212;
-{{ if len "${bgp_passwd_daltx_nurd_lixo:-}" }}password "${bgp_passwd_daltx_nurd_lixo}";{{ end }}

bird/neighbors/denco_mane_lixo

@@ -1,2 +0,0 @@
-neighbor 172.31.0.8 as 4206969008;
-{{ if len "${bgp_passwd_denco_mane_lixo:-}" }}password "${bgp_passwd_denco_mane_lixo}";{{ end }}

bird/neighbors/glaz_nurd_lixo

@@ -1,2 +0,0 @@
-neighbor 172.31.0.200 as 4206969200;
-{{ if len "${bgp_passwd_glaz_nurd_lixo:-}" }}password "${bgp_passwd_glaz_nurd_lixo}";{{ end }}

bird/neighbors/lkwco_mane_lixo

@@ -1,2 +0,0 @@
-neighbor 172.31.0.16 as 4206969016;
-{{ if len "${bgp_passwd_lkwco_mane_lixo:-}" }}password "${bgp_passwd_lkwco_mane_lixo}";{{ end }}

bird/neighbors/phxaz_nurd_lixo

@@ -1,2 +0,0 @@
-neighbor 172.31.0.208 as 4206969208;
-{{ if len "${bgp_passwd_phxaz_nurd_lixo:-}" }}password "${bgp_passwd_phxaz_nurd_lixo}";{{ end }}

bird/rpki/hosts/denco_mane_lixo

@@ -1 +0,0 @@
-remote 172.31.0.8 port 8282;

build.sh

@@ -1,37 +1,55 @@
 #!/bin/ash
 
-# Tinc
-#  Remove existing configuration
-rm -v -rf /etc/tinc/*
-#  Copy all tinc default files to /etc/(tinc)
-find tinc -type d | xargs -I '{}' mkdir --verbose -p /etc/{}
-find tinc -type f | xargs -I '{}' cp --verbose {} /etc/{}
-#  Fill out templates and remove them after
-find /etc/tinc/ -type f -name '*.tmpl' -exec sh -c 'sigil -f {} -p $(cat /etc/lixonet/lixonet.conf | tr "\\n" " ") > "$(dirname {})/$(basename {} .tmpl)"' {} \;
-find /etc/tinc/ -type f -name '*.tmpl' | xargs -I '{}' rm -f {}
-#  Copy private key
-cp /etc/lixonet/tinc.key /etc/tinc/lixonet/rsa_key.priv
-#  Set permissions for tinc scripts
-chmod +x /etc/tinc/lixonet/tinc-up
-chmod +x /etc/tinc/lixonet/tinc-down
-chmod +x /etc/tinc/lixonet/subnet-up
-chmod +x /etc/tinc/lixonet/subnet-down
+topdir=`pwd`
 
-# Bird
-#  Remove existing configuration
-rm -v -rf /etc/bird/*
-#  Copy all tinc default files to /etc/(bird)
-find bird -type d | xargs -I '{}' mkdir --verbose -p /etc/{}
-find bird -type f | xargs -I '{}' cp --verbose {} /etc/{}
-#  Fill out templates and remove them after
-find /etc/bird/ -type f -name '*.tmpl' -exec sh -c 'sigil -f {} -p $(cat /etc/lixonet/lixonet.conf | tr "\\n" " ") > "$(dirname {})/$(basename {} .tmpl)"' {} \;
-find /etc/bird/ -type f -name '*.tmpl' | xargs -I '{}' rm -f {}
+for dir in /etc/lixonet/*/     # list directories in the form "/tmp/dirname/"
+do
+    # Pop directory
+    cd $topdir
 
-# GoRTR
-#  Remove existing configuration
-rm -v -rf /etc/gortr/*
-#  Copy all gortr default files to /etc/(gortr)
-find gortr -type d | xargs -I '{}' mkdir --verbose -p /etc/{}
-find gortr -type f | xargs -I '{}' cp --verbose {} /etc/{}
+    dir=${dir%*/}      # remove the trailing "/"
+    netname=${dir##*/}    # print everything after the final "/"
 
-docker-compose up -d --build
+    # Load relevant environment variables from lixonet.conf
+    unset git
+    source $dir/lixonet.conf
+
+    echo "Configuring Lixonet3 network $netname from $git..."
+
+    # Clone and enter the repository
+    git clone $git
+    cd "$(basename "$git" .git)"
+
+    # Copy default files
+    cp -r ../tinc/* tinc/
+    cp -r ../bird/* bird/
+
+    # Tinc
+    #  Remove existing configuration
+    rm -v -rf /etc/tinc/$netname/*
+    #  Copy all tinc default files to /etc/(tinc)
+    find tinc -type d | sed -e "s@tinc@tinc/${netname}@g" | xargs -I '{}' mkdir --verbose -p /etc/{}
+    find tinc -type f | sed -e "s@tinc@tinc/${netname}@g" | xargs -I '{}' cp --verbose {} /etc/{}
+    #  Fill out templates and remove them after
+    find /etc/tinc/$netname/ -type f -name '*.tmpl' -exec sh -c 'sigil -f {} -p $(cat /etc/lixonet/$netname/lixonet.conf | tr "\\n" " ") > "$(dirname {})/$(basename {} .tmpl)"' {} \;
+    find /etc/tinc/$netname/ -type f -name '*.tmpl' | xargs -I '{}' rm -f {}
+    #  Copy private key
+    cp /etc/lixonet/$netname/tinc.key /etc/tinc/$netname/rsa_key.priv
+    #  Set permissions for tinc scripts
+    chmod +x /etc/tinc/$netname/tinc-up
+    chmod +x /etc/tinc/$netname/tinc-down
+    chmod +x /etc/tinc/$netname/subnet-up
+    chmod +x /etc/tinc/$netname/subnet-down
+
+    # Bird
+    #  Remove existing configuration
+    rm -v -rf /etc/bird/$netname/*
+    #  Copy all tinc default files to /etc/(bird)
+    find bird -type d | sed -e "s@bird@bird/${netname}@g" | xargs -I '{}' mkdir --verbose -p /etc/{}
+    find bird -type f | sed -e "s@bird@bird/${netname}@g" | xargs -I '{}' cp --verbose {} /etc/{}
+    #  Fill out templates and remove them after
+    find /etc/bird/$netname/ -type f -name '*.tmpl' -exec sh -c 'sigil -f {} -p $(cat /etc/lixonet/$netname/lixonet.conf | tr "\\n" " ") > "$(dirname {})/$(basename {} .tmpl)"' {} \;
+    find /etc/bird/$netname/ -type f -name '*.tmpl' | xargs -I '{}' rm -f {}
+
+    #docker-compose up -d --build
+done

docker-compose.yml

@@ -9,10 +9,10 @@ services:
       - "655:655/tcp"
       - "655:655/udp"
     volumes:
-      - /etc/tinc:/etc/tinc
+      - /etc/tinc/${NETNAME}:/etc/tinc/${NETNAME}
     environment:
       - RUNMODE=server
-      - NETNAME=lixonet
+      - NETNAME=${NETNAME}
     cap_add:
       - NET_ADMIN
     devices:
@@ -26,7 +26,7 @@ services:
     ports:
       - "179:179/tcp"
     volumes:
-      - /etc/bird:/etc/bird
+      - /etc/bird/${NETNAME}:/etc/bird/${NETNAME}
     cap_add:
       - NET_ADMIN
     restart: always

gortr/roas.json

@@ -1,58 +0,0 @@
-{
-  "roas": [
-    {
-      "comment": "denco.mane.lixo",
-      "asn": "AS4206969008",
-      "prefix": "172.31.8.0/21",
-      "maxLength": 21
-    },
-    {
-      "comment": "lkwco.mane.lixo",
-      "asn": "AS4206969016",
-      "prefix": "172.31.16.0/21",
-      "maxLength": 21
-    },
-    {
-      "comment": "inwwv.nurd.lixo",
-      "asn": "AS4206969200",
-      "prefix": "172.31.200.0/21",
-      "maxLength": 21
-    },
-    {
-      "comment": "manva.nurd.lixo",
-      "asn": "AS4206969208",
-      "prefix": "172.31.208.0/22",
-      "maxLength": 22
-    },
-    {
-      "comment": "daltx.nurd.lixo",
-      "asn": "AS4206969212",
-      "prefix": "172.31.212.0/22",
-      "maxLength": 22
-    },
-    {
-      "comment": "phxaz.nurd.lixo",
-      "asn": "AS4206969216",
-      "prefix": "172.31.216.0/21",
-      "maxLength": 21
-    },
-    {
-      "comment": "anycast denco.mane.lixo",
-      "asn": "AS4206969008",
-      "prefix": "172.31.254.0/24",
-      "maxLength": 24
-    },
-    {
-      "comment": "anycast manva.nurd.lixo",
-      "asn": "AS4206969208",
-      "prefix": "172.31.254.0/24",
-      "maxLength": 24
-    },
-    {
-      "comment": "anycast phxaz.nurd.lixo",
-      "asn": "AS4206969216",
-      "prefix": "172.31.254.0/24",
-      "maxLength": 24
-    }
-  ]
-}

tinc/lixonet/hosts/daltx_nurd_lixo

@@ -1,15 +0,0 @@
-Address = daltx.needs.vodka
-Port = 9993
-Cipher = blowfish
-Digest = sha1
-
-Subnet = 172.31.0.212/32
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA8p5Pyqe/jSht3wO2QYR/Oyxw+kZGBzeXlmESg+UM3XobOf5v60JE
-08Xb+KTuykSSdsPTKjKi5ulg6oYUGeSHcne1Kg1/sri5G+r8QTGYJ+wF4FlkUmkp
-JasriArrUPCg/IRcsWlRzG3i8sotzgfD78ryGN1tnNYUUT7qBguJEl/XpSLdrugH
-caL/MtXdQ1WIKtRjZdqUrwdNUmpsAgDd7Oc/xJx9bdg00OltX8cJHLExHT9wl8Dy
-kmAGi+C2ncyVBisWKAo0W2a6IUe/G0aZLfoIABanPBUHAvERv2AaS5sbRWJDVa5Z
-umoF2QtkfrgGu0Wftu6coG58wgxgtjv9jwIDAQAB
------END RSA PUBLIC KEY-----

tinc/lixonet/hosts/denco_mane_lixo

@@ -1,15 +0,0 @@
-Address = tunnel.teamlixo.net
-Port = 9993
-Cipher = blowfish
-Digest = sha1
-
-Subnet = 172.31.0.8/32
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAlo0meA9kqA/IgUxiXaAqEteSBo5g2EHwdZOGpdS0FMggQDg0DsG9
-je7xDsCsoelDoWXGvivRGp5vzovYMkd1KeT+alMJVsKcM+6UNjBSZ75s9TOp0/Pw
-FkkhlzibiFpQ+BVng3SVnR/ZnfFTT0zn1egxlT1OPp40GcpCMf8ZFSseyWBLItxo
-GXFXAZZfg/OjtnKFfnEtYpMdN/uZFk8fe9v6V2z+lcfg7wo0v2EvLnV53LBG+Rjv
-TAUrE1Mkb/tET0vc5NP3fYJxCrBnMY+V+XDEb4eh/FVVwaJwK7IeM1IENpnCNMVi
-m1wFyBI0inVplKvQSrBF22rW6/ccqyUv/QIDAQAB
------END RSA PUBLIC KEY-----

tinc/lixonet/hosts/inwwv_nurd_lixo

@@ -1,19 +0,0 @@
-# This is a local node; no direct connections are possible as it
-# is behind a dynamic host.  Therefore, we set the host address
-# to 0.0.0.0
-
-Address = 0.0.0.0
-Port = 9993
-Cipher = blowfish
-Digest = sha1
-
-Subnet = 172.31.0.200/32
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAqMJesuX07HCLjDI+DuWCvZvWk9CoTLdjlYiDkHWkeyy6vkkHH+mP
-qqo4mo1vPiIwQJoBxAdjO1qN1CMBA1SR/JtRLXpo2tvLHlW96vN4XbKtOuOa3rNy
-OH1UGC+JOagYAAxoHQfZWmmYs8hM80g9J80jP99wuwY+ZQJELxtLpOl3hwMbFx8I
-LqjiFPEMflz3wJDiFoI4dSRd+IvwIIzTUqId6yNgDpZLalZ73DvTj2GKUWZu525k
-oAyWxuFit1f55tLNa0SgKf8VefDIXl4uCuQN4SUHTGQo0H/luUh92OFE+hhG1EMj
-Ja45AZ+3+DYFX0eLVyTq/OCjHugHsBOAPwIDAQAB
------END RSA PUBLIC KEY-----

tinc/lixonet/hosts/lkwco_mane_lixo

@@ -1,19 +0,0 @@
-# This is a local node; no direct connections are possible as it
-# is behind a dynamic host.  Therefore, we set the host address
-# to 0.0.0.0
-
-Address = 0.0.0.0
-Port = 9993
-Cipher = blowfish
-Digest = sha1
-
-Subnet = 172.31.0.16/32
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAo2NyYsNCAKl0xMlyMxKfK9oJ0MV1xkotQGKXAt22wB3G23M979nz
-5A/FSUaTKoiuZlGU67A+4d4VXWMXjxkaEn3xTASqv1wmrZbV5i7VIpoIbIekJ8iS
-VW1e2NXgYkSECNafubMGyScUaauMU3mAAn8gcO4hLVrmXaRIElViUoFP1U/5kLik
-vfDNTBdEdgy8z7Nq9nkGmq18TGVPfDSbf0DjG0jLoaBbKZwCw6dkTyCeRbjkwh+i
-jVLP0vWt1B9RIrzdyRzEka81yGFDFPgDZPkql4pZdVoTG2A8953oonxPPa+HBF/d
-bKAsu4QRGLCPI+AaIRxaoS2EaM9oBEqdHQIDAQAB
------END RSA PUBLIC KEY-----

tinc/lixonet/hosts/manva_nurd_lixo

@@ -1,15 +0,0 @@
-Address = paperbag.needs.vodka
-Port = 9993
-Cipher = blowfish
-Digest = sha1
-
-Subnet = 172.31.0.208/32
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEApp+DSQCFowhht6YW3+uWynL3CH1NHvoZvWpI1Rb94z2sez32bMwD
-PijqlTLYjbCf9xjV2IeGJk41QHhZs29kJmaO9BARYzl44GlmfnwQVbJVRot13r10
-efa6au2gaRm6IucLB6qrExhstGfZtOfsLE3ydoeTeKq4uPy07X0GU91hXNRbrvUX
-bzfvDUhLw0sd84g/15lEtm+wrUMfMhWuoVe0o3F/4x23pE+w57feK5jDxQUbE5LB
-ICt0z+hzNKVqC1GKQ3sCqtMSEm9Tl/SXdCxVuWbBb2q241wgqjQZvczdbcYHkL9B
-9qJWQ+Y63sm0gMRZL6tR7cXBnWF1nLEYqwIDAQAB
------END RSA PUBLIC KEY-----

tinc/lixonet/tinc-up.tmpl

@@ -1,2 +0,0 @@
-#!/bin/sh
-ifconfig \$INTERFACE ${address} netmask ${netmask:-255.255.255.0}

tinc/tinc-up.tmpl

@@ -0,0 +1,2 @@
+#!/bin/sh
+ifconfig \$INTERFACE ${tinc_peer_address} netmask ${netmask:-255.255.255.0}

tinc/tinc.conf.tmpl

@@ -6,7 +6,7 @@
 # This is a configuration file for Lixonet that is already pre-configured for
 # you.  Please refer to your lixonet.conf file for changing parameters.
 
-Name = ${name}
+Name = ${tinc_peer_name}
 
 # Do not change these.  Lixonet runs over port 9993 by standard.
 {{ if len "${tinc_bind_interface:-}" }}
@@ -17,7 +17,7 @@ BindToAddress ${tinc_bind_address}
 {{ end }}
 Port = ${tinc_bind_port:-9994}
 
-# Device is named "lixonet" by Tinc and visible directly in host kernel
+# Device is named "${network_name:-lixonet}" by Tinc and visible directly in host kernel
 DeviceType = ${tinc_device_type:-tap}
 Device = ${tinc_device:-/dev/net/tun}
 Mode = ${tinc_mode:-switch}
@@ -41,7 +41,7 @@ DirectOnly = ${tinc_direct_only:-yes}
 ConnectTo = {{.}}
 {{ end }}
 {{ else }}
-{{ range files "tinc/lixonet/hosts" }}{{ if ne . "${name}" }}{{ if ne . "server" }}
+{{ range files "tinc/hosts" }}{{ if ne . "${tinc_peer_name}" }}{{ if ne . "server" }}
 ConnectTo = {{.}}
 {{ end }}{{ end }}{{ end }}
 {{ end }}