Update build.sh, README.md, bird/bird.conf.tmpl, tinc/subnet-down.tmpl, tinc/subnet-up.tmpl, tinc/tinc-up.tmpl, tinc/tinc.conf.tmpl, docker-compose.yml files

Deleted gortr/roas.json, tinc/lixonet/hosts/daltx_nurd_lixo, tinc/lixonet/hosts/denco_mane_lixo, tinc/lixonet/hosts/inwwv_nurd_lixo, tinc/lixonet/hosts/lkwco_mane_lixo, tinc/lixonet/hosts/manva_nurd_lixo, tinc/lixonet/subnet-down.tmpl, tinc/lixonet/subnet-up.tmpl, tinc/lixonet/tinc-up.tmpl, tinc/lixonet/tinc.conf.tmpl, bird/rpki/hosts/denco_mane_lixo, bird/rpki/known_hosts, bird/neighbors/daltx_nurd_lixo, bird/neighbors/denco_mane_lixo, bird/neighbors/glaz_nurd_lixo, bird/neighbors/lkwco_mane_lixo, bird/neighbors/phxaz_nurd_lixo files
2020-05-21 21:22:04 +00:00 · 2020-05-21 21:22:04 +00:00 · 67141ab30d
commit 67141ab30d
parent ff26404500
22 changed files with 72 additions and 206 deletions
--- a/README.md
+++ b/README.md
@ -53,7 +53,7 @@ You **MUST** specify these options, or Lixonet will not work.
 * `netmask`: router netmask: defaults to `255.255.255.0` (`/24`); _SHOULD_ be the bitmask that corresponds to the `router_prefix`
 #### Tinc options
- * `tinc_interface_name` - The name of the interface that Tinc should create when it's started.  Defaults to `lixonet`.  Set this for multiple networks.
+ * `network_name` - The name of the interface that Tinc should create when it's started.  Defaults to `lixonet`.  Set this for multiple networks.
 * `tinc_bind_address` - The address that Tinc should bind to to _listen_ for incoming WAN-sided connections (i.e. 10.0.0.1).  This is _not_ the Lixonet router IP (i.e. 172.31.0.8).  Use this if you have an `eth1` that you _don't_ want to use for binding tinc to, and would prefer to bind tinc exclusivley to `eth0` instead.
 * `tinc_connect_to` - A comma-separated list of well-known/pre-defined hosts to connect to (i.e. `denco_mane_lixo`).  If not supplied, this is automatically set to all core routers that aren't yourself (`name`).
--- a/bird/bird.conf.tmpl
+++ b/bird/bird.conf.tmpl
@ -12,11 +12,11 @@
 log stderr all;         # Using docker; defer logging to stderr (to Docker logs)
 debug protocols all;    # Enable debugging (this should be switched off in prod)
-router id ${address};
+router id ${tinc_peer_address};
 # Custom routing tables
 # See: https://bird.network.cz/?get_doc&v=20&f=bird-2.html (recommended read)
-ipv4 table lixonet_v4;
+ipv4 table ${network_name:-lixonet}_v4;
 roa4 table r4; # ROA RPKI
 # RPKI
@ -120,13 +120,13 @@ filter kernel_export_filter_v4
 # See how dn42 does it; we're very similar: https://dn42.net/howto/Bird
 protocol static {
    ipv4 {
-        table lixonet_v4;
+        table ${network_name:-lixonet}_v4;
        import all;
        export none;
    };
    # Announced networks
-    {{ if len "${routes:-}" }}{{ range "$routes" | split "," }}route {{.}} reject;
+    {{ if len "${bgp_routes:-}" }}{{ range "$bgp_routes" | split "," }}route {{.}} reject;
    {{ end }}{{ end }}
 };
@ -136,8 +136,8 @@ protocol static {
 # This prevents BGP from listening on eth0/off-network
 protocol device {
    scan time 10;       # Scan the interfaces often
-    interface "lixonet" {
+    interface "${network_name:-lixonet}" {
-        preferred ${address};
+        preferred ${tinc_peer_address};
    };
 };
@ -155,7 +155,7 @@ protocol kernel {               # Primary routing table
    persist;                # Don't remove routes on bird shutdown
    scan time 10;           # Scan kernel routing table every 10 seconds
    ipv4 {
-        table lixonet_v4;
+        table ${network_name:-lixonet}_v4;
        import none;                        # Don't try to import any routes from the kernel
        export filter kernel_export_filter_v4; # Export everything we are told to the kernel
    };
@ -168,10 +168,10 @@ protocol kernel {               # Primary routing table
 # individual neighbor configurations where per-neighbor configurations (such as their
 # ASN) are applied.
 template bgp lixonet_client {
-    local as ${asn};                # Local AS advertised to peers, read from lixonet.conf
+    local as ${bgp_asn};                    # Local AS advertised to peers
-    source address ${address};      # What local IP address we use for any outbound TCP
+    source address ${tinc_peer_address};    # What local IP address we use for any outbound TCP
-                                    #  connections on port 179
+                                            #  connections on port 179
    path metric ${bgp_path_metric:-1}; # 1 = Prefer routes with shorter paths (like Cisco does)
@ -180,7 +180,7 @@ template bgp lixonet_client {
    # BGP IPv4 channel settings
    ipv4 {
-        table lixonet_v4;
+        table ${network_name:-lixonet}_v4;
        # Always advertise our own local address as a next hop, even in cases where the
        # current Next Hop attribute should be used unchanged.
@ -204,8 +204,8 @@ template bgp lixonet_client {
 };
 # Neighbors
-{{ range files "bird/neighbors" }} {{ if ne . "${name}" }}
+{{ range files "bird/neighbors" }} {{ if ne . "${tinc_peer_name}" }}
 protocol bgp {{ . }} from lixonet_client {
-    description "Lixonet BGP link from ${address} (ASN: ${asn}) to {{ . }}";
+    description "Lixonet BGP link to {{ . }}";
    {{ include (print "bird/neighbors/" .) }}
 };{{ end }}{{ end }}
--- a/bird/neighbors/daltx_nurd_lixo
+++ b/bird/neighbors/daltx_nurd_lixo
@ -1,2 +0,0 @@
 neighbor 172.31.0.212 as 4206969212;
 {{ if len "${bgp_passwd_daltx_nurd_lixo:-}" }}password "${bgp_passwd_daltx_nurd_lixo}";{{ end }}
--- a/bird/neighbors/denco_mane_lixo
+++ b/bird/neighbors/denco_mane_lixo
@ -1,2 +0,0 @@
 neighbor 172.31.0.8 as 4206969008;
 {{ if len "${bgp_passwd_denco_mane_lixo:-}" }}password "${bgp_passwd_denco_mane_lixo}";{{ end }}
--- a/bird/neighbors/glaz_nurd_lixo
+++ b/bird/neighbors/glaz_nurd_lixo
@ -1,2 +0,0 @@
 neighbor 172.31.0.200 as 4206969200;
 {{ if len "${bgp_passwd_glaz_nurd_lixo:-}" }}password "${bgp_passwd_glaz_nurd_lixo}";{{ end }}
--- a/bird/neighbors/lkwco_mane_lixo
+++ b/bird/neighbors/lkwco_mane_lixo
@ -1,2 +0,0 @@
 neighbor 172.31.0.16 as 4206969016;
 {{ if len "${bgp_passwd_lkwco_mane_lixo:-}" }}password "${bgp_passwd_lkwco_mane_lixo}";{{ end }}
--- a/bird/neighbors/phxaz_nurd_lixo
+++ b/bird/neighbors/phxaz_nurd_lixo
@ -1,2 +0,0 @@
 neighbor 172.31.0.208 as 4206969208;
 {{ if len "${bgp_passwd_phxaz_nurd_lixo:-}" }}password "${bgp_passwd_phxaz_nurd_lixo}";{{ end }}
--- a/bird/rpki/hosts/denco_mane_lixo
+++ b/bird/rpki/hosts/denco_mane_lixo
@ -1 +0,0 @@
 remote 172.31.0.8 port 8282;
--- a/bird/rpki/known_hosts
+++ b/bird/rpki/known_hosts
--- a/build.sh
+++ b/build.sh
@ -1,37 +1,55 @@
 #!/bin/ash
-# Tinc
+topdir=`pwd`
 #  Remove existing configuration
 rm -v -rf /etc/tinc/*
 #  Copy all tinc default files to /etc/(tinc)
 find tinc -type d | xargs -I '{}' mkdir --verbose -p /etc/{}
 find tinc -type f | xargs -I '{}' cp --verbose {} /etc/{}
 #  Fill out templates and remove them after
 find /etc/tinc/ -type f -name '*.tmpl' -exec sh -c 'sigil -f {} -p $(cat /etc/lixonet/lixonet.conf | tr "\\n" " ") > "$(dirname {})/$(basename {} .tmpl)"' {} \;
 find /etc/tinc/ -type f -name '*.tmpl' | xargs -I '{}' rm -f {}
 #  Copy private key
 cp /etc/lixonet/tinc.key /etc/tinc/lixonet/rsa_key.priv
 #  Set permissions for tinc scripts
 chmod +x /etc/tinc/lixonet/tinc-up
 chmod +x /etc/tinc/lixonet/tinc-down
 chmod +x /etc/tinc/lixonet/subnet-up
 chmod +x /etc/tinc/lixonet/subnet-down
-# Bird
+for dir in /etc/lixonet/*/     # list directories in the form "/tmp/dirname/"
-#  Remove existing configuration
+do
-rm -v -rf /etc/bird/*
+    # Pop directory
-#  Copy all tinc default files to /etc/(bird)
+    cd $topdir
 find bird -type d | xargs -I '{}' mkdir --verbose -p /etc/{}
 find bird -type f | xargs -I '{}' cp --verbose {} /etc/{}
 #  Fill out templates and remove them after
 find /etc/bird/ -type f -name '*.tmpl' -exec sh -c 'sigil -f {} -p $(cat /etc/lixonet/lixonet.conf | tr "\\n" " ") > "$(dirname {})/$(basename {} .tmpl)"' {} \;
 find /etc/bird/ -type f -name '*.tmpl' | xargs -I '{}' rm -f {}
-# GoRTR
+    dir=${dir%*/}      # remove the trailing "/"
-#  Remove existing configuration
+    netname=${dir##*/}    # print everything after the final "/"
 rm -v -rf /etc/gortr/*
 #  Copy all gortr default files to /etc/(gortr)
 find gortr -type d | xargs -I '{}' mkdir --verbose -p /etc/{}
 find gortr -type f | xargs -I '{}' cp --verbose {} /etc/{}
-docker-compose up -d --build
+    # Load relevant environment variables from lixonet.conf
    unset git
    source $dir/lixonet.conf
    echo "Configuring Lixonet3 network $netname from $git..."
    # Clone and enter the repository
    git clone $git
    cd "$(basename "$git" .git)"
    # Copy default files
    cp -r ../tinc/* tinc/
    cp -r ../bird/* bird/
    # Tinc
    #  Remove existing configuration
    rm -v -rf /etc/tinc/$netname/*
    #  Copy all tinc default files to /etc/(tinc)
    find tinc -type d | sed -e "s@tinc@tinc/${netname}@g" | xargs -I '{}' mkdir --verbose -p /etc/{}
    find tinc -type f | sed -e "s@tinc@tinc/${netname}@g" | xargs -I '{}' cp --verbose {} /etc/{}
    #  Fill out templates and remove them after
    find /etc/tinc/$netname/ -type f -name '*.tmpl' -exec sh -c 'sigil -f {} -p $(cat /etc/lixonet/$netname/lixonet.conf | tr "\\n" " ") > "$(dirname {})/$(basename {} .tmpl)"' {} \;
    find /etc/tinc/$netname/ -type f -name '*.tmpl' | xargs -I '{}' rm -f {}
    #  Copy private key
    cp /etc/lixonet/$netname/tinc.key /etc/tinc/$netname/rsa_key.priv
    #  Set permissions for tinc scripts
    chmod +x /etc/tinc/$netname/tinc-up
    chmod +x /etc/tinc/$netname/tinc-down
    chmod +x /etc/tinc/$netname/subnet-up
    chmod +x /etc/tinc/$netname/subnet-down
    # Bird
    #  Remove existing configuration
    rm -v -rf /etc/bird/$netname/*
    #  Copy all tinc default files to /etc/(bird)
    find bird -type d | sed -e "s@bird@bird/${netname}@g" | xargs -I '{}' mkdir --verbose -p /etc/{}
    find bird -type f | sed -e "s@bird@bird/${netname}@g" | xargs -I '{}' cp --verbose {} /etc/{}
    #  Fill out templates and remove them after
    find /etc/bird/$netname/ -type f -name '*.tmpl' -exec sh -c 'sigil -f {} -p $(cat /etc/lixonet/$netname/lixonet.conf | tr "\\n" " ") > "$(dirname {})/$(basename {} .tmpl)"' {} \;
    find /etc/bird/$netname/ -type f -name '*.tmpl' | xargs -I '{}' rm -f {}
    #docker-compose up -d --build
 done
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -9,10 +9,10 @@ services:
      - "655:655/tcp"
      - "655:655/udp"
    volumes:
-      - /etc/tinc:/etc/tinc
+      - /etc/tinc/${NETNAME}:/etc/tinc/${NETNAME}
    environment:
      - RUNMODE=server
-      - NETNAME=lixonet
+      - NETNAME=${NETNAME}
    cap_add:
      - NET_ADMIN
    devices:
@ -26,7 +26,7 @@ services:
    ports:
      - "179:179/tcp"
    volumes:
-      - /etc/bird:/etc/bird
+      - /etc/bird/${NETNAME}:/etc/bird/${NETNAME}
    cap_add:
      - NET_ADMIN
    restart: always
--- a/gortr/roas.json
+++ b/gortr/roas.json
@ -1,58 +0,0 @@
 {
  "roas": [
    {
      "comment": "denco.mane.lixo",
      "asn": "AS4206969008",
      "prefix": "172.31.8.0/21",
      "maxLength": 21
    },
    {
      "comment": "lkwco.mane.lixo",
      "asn": "AS4206969016",
      "prefix": "172.31.16.0/21",
      "maxLength": 21
    },
    {
      "comment": "inwwv.nurd.lixo",
      "asn": "AS4206969200",
      "prefix": "172.31.200.0/21",
      "maxLength": 21
    },
    {
      "comment": "manva.nurd.lixo",
      "asn": "AS4206969208",
      "prefix": "172.31.208.0/22",
      "maxLength": 22
    },
    {
      "comment": "daltx.nurd.lixo",
      "asn": "AS4206969212",
      "prefix": "172.31.212.0/22",
      "maxLength": 22
    },
    {
      "comment": "phxaz.nurd.lixo",
      "asn": "AS4206969216",
      "prefix": "172.31.216.0/21",
      "maxLength": 21
    },
    {
      "comment": "anycast denco.mane.lixo",
      "asn": "AS4206969008",
      "prefix": "172.31.254.0/24",
      "maxLength": 24
    },
    {
      "comment": "anycast manva.nurd.lixo",
      "asn": "AS4206969208",
      "prefix": "172.31.254.0/24",
      "maxLength": 24
    },
    {
      "comment": "anycast phxaz.nurd.lixo",
      "asn": "AS4206969216",
      "prefix": "172.31.254.0/24",
      "maxLength": 24
    }
  ]
 }
--- a/tinc/lixonet/hosts/daltx_nurd_lixo
+++ b/tinc/lixonet/hosts/daltx_nurd_lixo
@ -1,15 +0,0 @@
 Address = daltx.needs.vodka
 Port = 9993
 Cipher = blowfish
 Digest = sha1
 Subnet = 172.31.0.212/32
 -----BEGIN RSA PUBLIC KEY-----
 MIIBCgKCAQEA8p5Pyqe/jSht3wO2QYR/Oyxw+kZGBzeXlmESg+UM3XobOf5v60JE
 08Xb+KTuykSSdsPTKjKi5ulg6oYUGeSHcne1Kg1/sri5G+r8QTGYJ+wF4FlkUmkp
 JasriArrUPCg/IRcsWlRzG3i8sotzgfD78ryGN1tnNYUUT7qBguJEl/XpSLdrugH
 caL/MtXdQ1WIKtRjZdqUrwdNUmpsAgDd7Oc/xJx9bdg00OltX8cJHLExHT9wl8Dy
 kmAGi+C2ncyVBisWKAo0W2a6IUe/G0aZLfoIABanPBUHAvERv2AaS5sbRWJDVa5Z
 umoF2QtkfrgGu0Wftu6coG58wgxgtjv9jwIDAQAB
 -----END RSA PUBLIC KEY-----
--- a/tinc/lixonet/hosts/denco_mane_lixo
+++ b/tinc/lixonet/hosts/denco_mane_lixo
@ -1,15 +0,0 @@
 Address = tunnel.teamlixo.net
 Port = 9993
 Cipher = blowfish
 Digest = sha1
 Subnet = 172.31.0.8/32
 -----BEGIN RSA PUBLIC KEY-----
 MIIBCgKCAQEAlo0meA9kqA/IgUxiXaAqEteSBo5g2EHwdZOGpdS0FMggQDg0DsG9
 je7xDsCsoelDoWXGvivRGp5vzovYMkd1KeT+alMJVsKcM+6UNjBSZ75s9TOp0/Pw
 FkkhlzibiFpQ+BVng3SVnR/ZnfFTT0zn1egxlT1OPp40GcpCMf8ZFSseyWBLItxo
 GXFXAZZfg/OjtnKFfnEtYpMdN/uZFk8fe9v6V2z+lcfg7wo0v2EvLnV53LBG+Rjv
 TAUrE1Mkb/tET0vc5NP3fYJxCrBnMY+V+XDEb4eh/FVVwaJwK7IeM1IENpnCNMVi
 m1wFyBI0inVplKvQSrBF22rW6/ccqyUv/QIDAQAB
 -----END RSA PUBLIC KEY-----
--- a/tinc/lixonet/hosts/inwwv_nurd_lixo
+++ b/tinc/lixonet/hosts/inwwv_nurd_lixo
@ -1,19 +0,0 @@
 # This is a local node; no direct connections are possible as it
 # is behind a dynamic host.  Therefore, we set the host address
 # to 0.0.0.0
 Address = 0.0.0.0
 Port = 9993
 Cipher = blowfish
 Digest = sha1
 Subnet = 172.31.0.200/32
 -----BEGIN RSA PUBLIC KEY-----
 MIIBCgKCAQEAqMJesuX07HCLjDI+DuWCvZvWk9CoTLdjlYiDkHWkeyy6vkkHH+mP
 qqo4mo1vPiIwQJoBxAdjO1qN1CMBA1SR/JtRLXpo2tvLHlW96vN4XbKtOuOa3rNy
 OH1UGC+JOagYAAxoHQfZWmmYs8hM80g9J80jP99wuwY+ZQJELxtLpOl3hwMbFx8I
 LqjiFPEMflz3wJDiFoI4dSRd+IvwIIzTUqId6yNgDpZLalZ73DvTj2GKUWZu525k
 oAyWxuFit1f55tLNa0SgKf8VefDIXl4uCuQN4SUHTGQo0H/luUh92OFE+hhG1EMj
 Ja45AZ+3+DYFX0eLVyTq/OCjHugHsBOAPwIDAQAB
 -----END RSA PUBLIC KEY-----
--- a/tinc/lixonet/hosts/lkwco_mane_lixo
+++ b/tinc/lixonet/hosts/lkwco_mane_lixo
@ -1,19 +0,0 @@
 # This is a local node; no direct connections are possible as it
 # is behind a dynamic host.  Therefore, we set the host address
 # to 0.0.0.0
 Address = 0.0.0.0
 Port = 9993
 Cipher = blowfish
 Digest = sha1
 Subnet = 172.31.0.16/32
 -----BEGIN RSA PUBLIC KEY-----
 MIIBCgKCAQEAo2NyYsNCAKl0xMlyMxKfK9oJ0MV1xkotQGKXAt22wB3G23M979nz
 5A/FSUaTKoiuZlGU67A+4d4VXWMXjxkaEn3xTASqv1wmrZbV5i7VIpoIbIekJ8iS
 VW1e2NXgYkSECNafubMGyScUaauMU3mAAn8gcO4hLVrmXaRIElViUoFP1U/5kLik
 vfDNTBdEdgy8z7Nq9nkGmq18TGVPfDSbf0DjG0jLoaBbKZwCw6dkTyCeRbjkwh+i
 jVLP0vWt1B9RIrzdyRzEka81yGFDFPgDZPkql4pZdVoTG2A8953oonxPPa+HBF/d
 bKAsu4QRGLCPI+AaIRxaoS2EaM9oBEqdHQIDAQAB
 -----END RSA PUBLIC KEY-----
--- a/tinc/lixonet/hosts/manva_nurd_lixo
+++ b/tinc/lixonet/hosts/manva_nurd_lixo
@ -1,15 +0,0 @@
 Address = paperbag.needs.vodka
 Port = 9993
 Cipher = blowfish
 Digest = sha1
 Subnet = 172.31.0.208/32
 -----BEGIN RSA PUBLIC KEY-----
 MIIBCgKCAQEApp+DSQCFowhht6YW3+uWynL3CH1NHvoZvWpI1Rb94z2sez32bMwD
 PijqlTLYjbCf9xjV2IeGJk41QHhZs29kJmaO9BARYzl44GlmfnwQVbJVRot13r10
 efa6au2gaRm6IucLB6qrExhstGfZtOfsLE3ydoeTeKq4uPy07X0GU91hXNRbrvUX
 bzfvDUhLw0sd84g/15lEtm+wrUMfMhWuoVe0o3F/4x23pE+w57feK5jDxQUbE5LB
 ICt0z+hzNKVqC1GKQ3sCqtMSEm9Tl/SXdCxVuWbBb2q241wgqjQZvczdbcYHkL9B
 9qJWQ+Y63sm0gMRZL6tR7cXBnWF1nLEYqwIDAQAB
 -----END RSA PUBLIC KEY-----
--- a/tinc/lixonet/tinc-up.tmpl
+++ b/tinc/lixonet/tinc-up.tmpl
@ -1,2 +0,0 @@
 #!/bin/sh
 ifconfig \$INTERFACE ${address} netmask ${netmask:-255.255.255.0}
--- a/tinc/lixonet/subnet-down.tmpl
+++ b/tinc/lixonet/subnet-down.tmpl
--- a/tinc/lixonet/subnet-up.tmpl
+++ b/tinc/lixonet/subnet-up.tmpl
--- a/tinc/tinc-up.tmpl
+++ b/tinc/tinc-up.tmpl
@ -0,0 +1,2 @@
 #!/bin/sh
 ifconfig \$INTERFACE ${tinc_peer_address} netmask ${netmask:-255.255.255.0}
--- a/tinc/lixonet/tinc.conf.tmpl
+++ b/tinc/lixonet/tinc.conf.tmpl
@ -6,7 +6,7 @@
 # This is a configuration file for Lixonet that is already pre-configured for
 # you.  Please refer to your lixonet.conf file for changing parameters.
-Name = ${name}
+Name = ${tinc_peer_name}
 # Do not change these.  Lixonet runs over port 9993 by standard.
 {{ if len "${tinc_bind_interface:-}" }}
@ -17,7 +17,7 @@ BindToAddress ${tinc_bind_address}
 {{ end }}
 Port = ${tinc_bind_port:-9994}
-# Device is named "lixonet" by Tinc and visible directly in host kernel
+# Device is named "${network_name:-lixonet}" by Tinc and visible directly in host kernel
 DeviceType = ${tinc_device_type:-tap}
 Device = ${tinc_device:-/dev/net/tun}
 Mode = ${tinc_mode:-switch}
@ -41,7 +41,7 @@ DirectOnly = ${tinc_direct_only:-yes}
 ConnectTo = {{.}}
 {{ end }}
 {{ else }}
-{{ range files "tinc/lixonet/hosts" }}{{ if ne . "${name}" }}{{ if ne . "server" }}
+{{ range files "tinc/hosts" }}{{ if ne . "${tinc_peer_name}" }}{{ if ne . "server" }}
 ConnectTo = {{.}}
 {{ end }}{{ end }}{{ end }}
 {{ end }}
		`@ -1,2 +0,0 @@`
			`neighbor 172.31.0.212 as 4206969212;`
			`{{ if len "${bgp_passwd_daltx_nurd_lixo:-}" }}password "${bgp_passwd_daltx_nurd_lixo}";{{ end }}`
		`@ -1,2 +0,0 @@`
			`neighbor 172.31.0.8 as 4206969008;`
			`{{ if len "${bgp_passwd_denco_mane_lixo:-}" }}password "${bgp_passwd_denco_mane_lixo}";{{ end }}`
		`@ -1,2 +0,0 @@`
			`neighbor 172.31.0.200 as 4206969200;`
			`{{ if len "${bgp_passwd_glaz_nurd_lixo:-}" }}password "${bgp_passwd_glaz_nurd_lixo}";{{ end }}`
		`@ -1,2 +0,0 @@`
			`neighbor 172.31.0.16 as 4206969016;`
			`{{ if len "${bgp_passwd_lkwco_mane_lixo:-}" }}password "${bgp_passwd_lkwco_mane_lixo}";{{ end }}`
		`@ -1,2 +0,0 @@`
			`neighbor 172.31.0.208 as 4206969208;`
			`{{ if len "${bgp_passwd_phxaz_nurd_lixo:-}" }}password "${bgp_passwd_phxaz_nurd_lixo}";{{ end }}`
		`@ -1,2 +0,0 @@`
			`#!/bin/sh`
			`ifconfig \$INTERFACE ${address} netmask ${netmask:-255.255.255.0}`
		`@ -0,0 +1,2 @@`
							`#!/bin/sh`
							`ifconfig \$INTERFACE ${tinc_peer_address} netmask ${netmask:-255.255.255.0}`