Setup Commit

2026-05-17 16:06:46 -05:00 · 2026-05-17 16:06:46 -05:00 · 289b69d342
commit 289b69d342
23 changed files with 728 additions and 0 deletions
--- a/modules/vrrp.nix
+++ b/modules/vrrp.nix
@ -0,0 +1,105 @@
+{ config, lib, pkgs, ... }:
+with lib;
+let
+  cfg = config.nyxs-nix.services.vrrp;
+in
+{
+  options.nyxs-nix.services.vrrp = with types; {
+    enable = mkEnableOption "Enable the vrrp quotes service";
+
+    ip = mkOption {
+      type = str;
+      default = "10.5.0.5/24";
+      description = "Virtual IP address";
+    };
+
+    priority = mkOption {
+      type = int;
+      default = 0;
+      description = "Priority of the system in the vrrp pool";
+    };
+
+    interface = mkOption {
+      type = str;
+      default = "eth0";
+      description = "interface for vrrp communication";
+    };
+
+    id = mkOption {
+      type = int;
+      default = 1;
+      description = "virtual router config id";
+    };
+
+    peers = mkOption {
+      type = nullOr (listOf str);
+      default = null;
+      description = "List of ips for the other vrrp instancess";
+    };
+  };
+
+  config = mkIf cfg.enable {
+    # networking.firewall.extraCommands = ''
+    #   iptables -I INPUT 1 -i vrrp.6 -p tcp --dport 22 -j ACCEPT
+    #   iptables -I INPUT 2 -i vrrp.6 -p tcp -j DROP
+    # '';
+
+    # networking.vlans."eth0.6" = {
+    #   id = 6;
+    #   interface = "eth0";
+    # };
+
+    # networking.interfaces."eth0.6" = {
+    #   ipv4.routes = [
+    #      {
+    #       address = "10.5.1.0";
+    #       prefixLength = 24;
+    #       via = "10.5.1.1";
+    #     }
+    #     {
+    #       address = "0.0.0.0";
+    #       prefixLength = 0;
+    #       via = "10.5.1.1";
+    #     }
+    #   ];
+    # };
+
+    services.keepalived = {
+      enable = true;
+
+      openFirewall = true;
+
+      extraGlobalDefs = ''
+        use_symlink_paths true
+      '';
+      
+      vrrpInstances.VIP_1 = {
+        state = "BACKUP";
+        interface = cfg.interface;
+        virtualRouterId = cfg.id;
+        priority = cfg.priority;
+        virtualIps = [
+          {
+            addr = cfg.ip;
+            scope = "global";
+          }
+        ];
+        unicastPeers = mkIf (cfg.peers != null) cfg.peers;
+        # useVmac = true;
+        # vmacXmitBase = true;
+        trackScripts = ["track_nginx"];
+      };
+      vrrpScripts = {
+        track_nginx = {
+          script = "${pkgs.systemd}/bin/systemctl is-active nginx";
+          interval = 1;
+          timeout = 2;
+          rise = 2;
+          fall = 2;
+          weight = 0;
+          user = "root";
+        };
+      };
+    };
+  };
+}