ipv6-prefix-monitor.sh

#!/bin/sh

# 1. Update the metal pool with new IPv6 prefix.
# 2. External DNS will update Unifi & Cloudflare.
# 3. Update the Unifi IP group with new IPv6 address.

if [ ! -z "${DEBUG}" ]; then
  set -ex
fi

if [ -z "${UNIFI_API_TOKEN}" ]; then
  echo "UNIFI_API_TOKEN is not set"
  exit 1
fi

UNIFI_HOST=${UNIFI_HOST:-unifi}
UNIFI_PORT=${UNIFI_PORT:-443}
UNIFI_FIREWALL_GROUP_ID=${UNIFI_FIREWALL_GROUP_ID:-60ecd9656e68fe04586ff608}
CONF_DIR=${CONF_DIR:-/etc/ipv6-prefix-monitor}
INTERFACE=${INTERFACE:-external}
echo "Starting monitoring for interface $INTERFACE"

ip -6 monitor address dev $INTERFACE | while read -r line; do
  echo "Event on $INTERFACE detected"

  export PUBLIC_IPV6_PREFIX=$(ip -j -6 addr show dev external | \
                jq -r '.[0].addr_info[] | select(.scope == "global") | .local | split(":") | .[0:4] | join(":")')

  echo "New prefix is: ${PUBLIC_IPV6_PREFIX}"

  cat ${CONF_DIR}/internal.yaml | envsubst '$PUBLIC_IPV6_PREFIX' | kubectl apply -f -
  cat ${CONF_DIR}/external.yaml | envsubst '$PUBLIC_IPV6_PREFIX' | kubectl apply -f -
  cat ${CONF_DIR}/default.yaml | envsubst '$PUBLIC_IPV6_PREFIX' | kubectl apply -f -

  PAYLOAD="{
      \"name\": \"Nginx Gateway IPv6 Ingress VIP\",
      \"group_type\": \"ipv6-address-group\",
      \"group_members\": [
          \"$PUBLIC_IPV6_PREFIX:dead:d0d0::\"
      ]
  }"

  curl \
    -k \
    -H "X-API-KEY: ${UNIFI_API_TOKEN}" \
    -H 'Accept: application/json' \
    -d "$PAYLOAD" \
    -X PUT \
    "https://${UNIFI_HOST}:${UNIFI_PORT}/proxy/network/api/s/default/rest/firewallgroup/${UNIFI_FIREWALL_GROUP_ID}"
done