From 2b9a71e8ecb41cc8e9b73735837f07c9b1351ff7 Mon Sep 17 00:00:00 2001
From: uvok cheetah
Date: Sun, 21 Apr 2024 15:50:35 +0200
Subject: Changed to bird tole

- rename prefixes to clear_prefixes
- add router id
- add config files
- add handler "change"
---
 host_vars/netcup                           |  7 -------
 host_vars/netcup/tinc                      |  7 +++++++
 roles/uvok_bird/TODO.txt                   |  4 ++++
 roles/uvok_bird/defaults/main.yml          |  3 ++-
 roles/uvok_bird/files/common.conf          | 14 ++++++++++++++
 roles/uvok_bird/files/logging.conf         | 11 +++++++++++
 roles/uvok_bird/handlers/main.yml          |  4 ++++
 roles/uvok_bird/tasks/main.yml             | 23 ++++++++++++++++++++++-
 roles/uvok_bird/templates/bird.conf.j2     | 16 ++++++++++++++++
 roles/uvok_bird/templates/clearnet.conf.j2 |  5 ++++-
 roles/uvok_bird/templates/defines.conf.j2  |  4 ++++
 11 files changed, 88 insertions(+), 10 deletions(-)
 delete mode 100644 host_vars/netcup
 create mode 100644 host_vars/netcup/tinc
 create mode 100644 roles/uvok_bird/TODO.txt
 create mode 100644 roles/uvok_bird/files/common.conf
 create mode 100644 roles/uvok_bird/files/logging.conf
 create mode 100644 roles/uvok_bird/templates/bird.conf.j2
 create mode 100644 roles/uvok_bird/templates/defines.conf.j2

diff --git a/host_vars/netcup b/host_vars/netcup
deleted file mode 100644
index 9d49382..0000000
--- a/host_vars/netcup
+++ /dev/null
@@ -1,7 +0,0 @@
-tinc:
-  configure: true
-  name: netcup
-  connections: [hetzner]
-  address:
-    - fe80::2/64
-  listen_on: any
diff --git a/host_vars/netcup/tinc b/host_vars/netcup/tinc
new file mode 100644
index 0000000..9d49382
--- /dev/null
+++ b/host_vars/netcup/tinc
@@ -0,0 +1,7 @@
+tinc:
+  configure: true
+  name: netcup
+  connections: [hetzner]
+  address:
+    - fe80::2/64
+  listen_on: any
diff --git a/roles/uvok_bird/TODO.txt b/roles/uvok_bird/TODO.txt
new file mode 100644
index 0000000..6176bb1
--- /dev/null
+++ b/roles/uvok_bird/TODO.txt
@@ -0,0 +1,4 @@
+- use protocol "description" option
+- import limit / receive limit
+  import limit [number | off ] [action warn | block | restart | disable]
+  
\ No newline at end of file
diff --git a/roles/uvok_bird/defaults/main.yml b/roles/uvok_bird/defaults/main.yml
index 7ab4a34..b877f74 100644
--- a/roles/uvok_bird/defaults/main.yml
+++ b/roles/uvok_bird/defaults/main.yml
@@ -6,5 +6,6 @@ uvok_bird_opts:
   dn42: false
   use_fallback: false
   preferred_ip: "::1"
-  prefixes: []
+  clear_prefixes: []
   babel_if_name:
+  router_id: "0.0.0.0"
diff --git a/roles/uvok_bird/files/common.conf b/roles/uvok_bird/files/common.conf
new file mode 100644
index 0000000..61917bd
--- /dev/null
+++ b/roles/uvok_bird/files/common.conf
@@ -0,0 +1,14 @@
+# managed by Ansible
+
+function honor_graceful_shutdown() {
+    if (65535, 0) ~ bgp_community then {
+        bgp_local_pref = 0;
+    }
+}
+
+# The Device protocol is not a real routing protocol. It does not generate any
+# routes and it only serves as a module for getting information about network
+# interfaces from the kernel. It is necessary in almost any configuration.
+protocol device {
+    scan time 10;
+}
diff --git a/roles/uvok_bird/files/logging.conf b/roles/uvok_bird/files/logging.conf
new file mode 100644
index 0000000..bd9e6e8
--- /dev/null
+++ b/roles/uvok_bird/files/logging.conf
@@ -0,0 +1,11 @@
+# managed by Ansible
+
+# log syslog { info, remote, warning, error, auth, fatal, bug };
+log syslog { warning, error, fatal, bug };
+log "/var/log/bird/remote.log" { remote };
+log "/var/log/bird/bugs.log" { bug };
+log "/var/log/bird/trace.log" { trace };
+log "/var/log/bird/debug.log" { debug };
+log "/var/log/bird/info.log" { info };
+
+timeformat protocol iso long;
diff --git a/roles/uvok_bird/handlers/main.yml b/roles/uvok_bird/handlers/main.yml
index aab7d9f..33814c5 100644
--- a/roles/uvok_bird/handlers/main.yml
+++ b/roles/uvok_bird/handlers/main.yml
@@ -4,6 +4,10 @@
 - name: Check config
   command: birdc configure check
   listen: configure bird
+  changed_when: false
+  register: bird_check_result
 - name: Apply bird config
   command: birdc configure soft
   listen: configure bird
+  changed_when: true
+  when: bird_check_result.rc == 0
diff --git a/roles/uvok_bird/tasks/main.yml b/roles/uvok_bird/tasks/main.yml
index c3ef063..4bdcf35 100644
--- a/roles/uvok_bird/tasks/main.yml
+++ b/roles/uvok_bird/tasks/main.yml
@@ -7,7 +7,17 @@
     mode: '0750'
     owner: 'bird'
     group: 'bird'
-- name: Install template
+- name: Install common templates
+  template:
+    src: '{{ item.src }}'
+    dest: '{{ item.dest }}'
+    mode: '0640'
+    owner: 'bird'
+    group: 'bird'
+  loop:
+    - { src: 'bird.conf.j2', dest: '{{ uvok_bird_opts.config_dir }}/bird.conf' }
+    - { src: 'defines.conf.j2', dest: '{{ uvok_bird_opts.config_dir }}/defines.conf' }
+- name: Install clearnet templates
   template:
     src: clearnet.conf.j2
     dest: '{{ uvok_bird_opts.config_dir }}/clearnet.conf'
@@ -17,3 +27,14 @@
   when:
     - uvok_bird_opts.clearnet
   notify: configure bird
+- name: Copy remaining files
+  copy:
+    src: files/{{ item }}
+    dest: '{{ uvok_bird_opts.config_dir }}/{{ item }}'
+    mode: '0640'
+    owner: 'bird'
+    group: 'bird'
+  loop:
+    - "common.conf"
+    - "logging.conf"
+  notify: configure bird
diff --git a/roles/uvok_bird/templates/bird.conf.j2 b/roles/uvok_bird/templates/bird.conf.j2
new file mode 100644
index 0000000..82452a0
--- /dev/null
+++ b/roles/uvok_bird/templates/bird.conf.j2
@@ -0,0 +1,16 @@
+# {{ ansible_managed }}
+
+include "/etc/bird/logging.conf";
+
+include "/etc/bird/defines.conf";
+router id OWNIP;
+
+include "/etc/bird/common.conf";
+
+{% if uvok_bird_opts.dn42 %}
+include "/etc/bird/dn42.conf";
+{% endif %}
+
+{% if uvok_bird_opts.clearnet %}
+include "/etc/bird/clearnet.conf";
+{% endif %}
diff --git a/roles/uvok_bird/templates/clearnet.conf.j2 b/roles/uvok_bird/templates/clearnet.conf.j2
index 420a8da..1ced3a4 100644
--- a/roles/uvok_bird/templates/clearnet.conf.j2
+++ b/roles/uvok_bird/templates/clearnet.conf.j2
@@ -1,5 +1,8 @@
 # {{ ansible_managed }}
 
+include "/etc/bird/clear_defines.conf";
+include "/etc/bird/clear_functions.conf";
+
 define CLEARNET_PREFIP = {{ uvok_bird_opts.preferred_ip }};
 
 # trs=transit
@@ -145,7 +148,7 @@ filter myas_f_rc
 };
 
 protocol static myprefix {
-{% for prefix in uvok_bird_opts.prefixes %}
+{% for prefix in uvok_bird_opts.clear_prefixes %}
     route {{ prefix }} reject;
 {% endfor %};
 
diff --git a/roles/uvok_bird/templates/defines.conf.j2 b/roles/uvok_bird/templates/defines.conf.j2
new file mode 100644
index 0000000..8a8d597
--- /dev/null
+++ b/roles/uvok_bird/templates/defines.conf.j2
@@ -0,0 +1,4 @@
+# {{ ansible_managed }}
+
+# both clear and DN42
+define OWNIP = {{ uvok_bird_opts.router_id }};
-- 
cgit v1.2.3