make a config for charon

ifd3f · Apr 11, 2024 · 047d9e8 · 047d9e8
1 parent e8a50cf
commit 047d9e8
Show file tree

Hide file tree

Showing 3 changed files with 48 additions and 2 deletions.
diff --git a/docs/ipam.sexp b/docs/ipam.sexp
@@ -95,6 +95,9 @@
   (net PROD-PUBLIC 2001:5a8:4002:9301::/64
     (description "Address space for public services")
   )
+  (net PROD-K8S 2001:5a8:4002:9308::/64
+    (description "Public address space for k8s nodes")
+  )
   (net HOME-USERS-V6 2001:5a8:4002:930a::/64
     (description "IP space for ethernet connected users")
   )

diff --git a/netconf/charon.rkt b/netconf/charon.rkt
@@ -0,0 +1,38 @@
+#lang racket
+
+(require "util.rkt")
+(require "dn42.rkt")
+(require "vyos-firewall.rkt")
+
+(define upstream-ll-addr6 "fe80::5054:ff:fed6:96c")
+(define upstream-ll-addr4 "169.254.0.1")
+(define wan "eth0")
+(define k8sbr "eth1")
+
+(define commands
+  `[(set system host-name "charon")
+    ,(basic-vyos-conf)
+
+    (delete interfaces)
+    (set interfaces [(loopback lo)
+                     (ethernet ,wan [(hw-id "52:54:00:0c:b0:df")
+                                     (description "Link to upstream firewall")
+                                     (address "169.254.0.2/24")])
+                     (ethernet ,k8sbr [(hw-id "52:54:00:06:8c:9a")
+                                       (description "k8sbr")
+                                       (address "fca7:b01:f00d:c00b::1/64")
+                                       (address "2001:5a8:4002:9308::1/64")])])
+
+    (set protocols static [(route "0.0.0.0/0" [(next-hop ,upstream-ll-addr4)
+                                               (interface ,wan)])
+                           (route6 "::/0" [(next-hop ,upstream-ll-addr6)
+                                           (interface ,wan)])])
+
+    (set service router-advert interface ,k8sbr [(prefix "fca7:b01:f00d:c00b::/64")
+                                                 (prefix "2001:5a8:4002:9308::/64")
+                                                 (name-server "fca7:b01:f00d:c00b::1")
+                                                 (default-preference high)])])
+
+
+(for ([s (commandtree->strings commands)])
+  (displayln s))
diff --git a/netconf/util.rkt b/netconf/util.rkt
@@ -45,7 +45,8 @@
  commandtree->string
  commandtree->strings
  bgp/link-local
- bgp/link-local:render-vyos)
+ bgp/link-local:render-vyos
+ basic-vyos-conf)
 
 (define (command->string c)
   (string-join (map (match-lambda
@@ -156,4 +157,8 @@
    cmds
    src
    dst))
-(define-record-setter firewall/rule)
+(define-record-setter firewall/rule)
+
+(define (basic-vyos-conf)
+  '(set system [(console device ttyS0 speed "115200")
+                (config-management commit-revisions "10000")]))