{ config, lib, pkgs, ... }: with lib; let cfg = config.nyxs-nix.services.vrrp; in { options.nyxs-nix.services.vrrp = with types; { enable = mkEnableOption "Enable the vrrp quotes service"; ip = mkOption { type = str; default = "10.5.0.5/24"; description = "Virtual IP address"; }; priority = mkOption { type = int; default = 0; description = "Priority of the system in the vrrp pool"; }; interface = mkOption { type = str; default = "eth0"; description = "interface for vrrp communication"; }; id = mkOption { type = int; default = 1; description = "virtual router config id"; }; peers = mkOption { type = nullOr (listOf str); default = null; description = "List of ips for the other vrrp instancess"; }; }; config = mkIf cfg.enable { # networking.firewall.extraCommands = '' # iptables -I INPUT 1 -i vrrp.6 -p tcp --dport 22 -j ACCEPT # iptables -I INPUT 2 -i vrrp.6 -p tcp -j DROP # ''; # networking.vlans."eth0.6" = { # id = 6; # interface = "eth0"; # }; # networking.interfaces."eth0.6" = { # ipv4.routes = [ # { # address = "10.5.1.0"; # prefixLength = 24; # via = "10.5.1.1"; # } # { # address = "0.0.0.0"; # prefixLength = 0; # via = "10.5.1.1"; # } # ]; # }; services.keepalived = { enable = true; openFirewall = true; extraGlobalDefs = '' use_symlink_paths true ''; vrrpInstances.VIP_1 = { state = "BACKUP"; interface = cfg.interface; virtualRouterId = cfg.id; priority = cfg.priority; virtualIps = [ { addr = cfg.ip; scope = "global"; } ]; unicastPeers = mkIf (cfg.peers != null) cfg.peers; # useVmac = true; # vmacXmitBase = true; trackScripts = ["track_nginx"]; }; vrrpScripts = { track_nginx = { script = "${pkgs.systemd}/bin/systemctl is-active nginx"; interval = 1; timeout = 2; rise = 2; fall = 2; weight = 0; user = "root"; }; }; }; }; }