NyxErinys/Nix-Config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
Nix-Config/modules/vrrp.nix
NyxErinys 289b69d342 Setup Commit
2026-05-17 16:06:46 -05:00

105 lines
2.3 KiB
Nix
Raw Blame History

{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.nyxs-nix.services.vrrp;
in
{
options.nyxs-nix.services.vrrp = with types; {
enable = mkEnableOption "Enable the vrrp quotes service";
ip = mkOption {
type = str;
default = "10.5.0.5/24";
description = "Virtual IP address";
};
priority = mkOption {
type = int;
default = 0;
description = "Priority of the system in the vrrp pool";
};
interface = mkOption {
type = str;
default = "eth0";
description = "interface for vrrp communication";
};
id = mkOption {
type = int;
default = 1;
description = "virtual router config id";
};
peers = mkOption {
type = nullOr (listOf str);
default = null;
description = "List of ips for the other vrrp instancess";
};
};
config = mkIf cfg.enable {
# networking.firewall.extraCommands = ''
# iptables -I INPUT 1 -i vrrp.6 -p tcp --dport 22 -j ACCEPT
# iptables -I INPUT 2 -i vrrp.6 -p tcp -j DROP
# '';
# networking.vlans."eth0.6" = {
# id = 6;
# interface = "eth0";
# };
# networking.interfaces."eth0.6" = {
# ipv4.routes = [
# {
# address = "10.5.1.0";
# prefixLength = 24;
# via = "10.5.1.1";
# }
# {
# address = "0.0.0.0";
# prefixLength = 0;
# via = "10.5.1.1";
# }
# ];
# };
services.keepalived = {
enable = true;
openFirewall = true;
extraGlobalDefs = ''
use_symlink_paths true
'';
vrrpInstances.VIP_1 = {
state = "BACKUP";
interface = cfg.interface;
virtualRouterId = cfg.id;
priority = cfg.priority;
virtualIps = [
{
addr = cfg.ip;
scope = "global";
}
];
unicastPeers = mkIf (cfg.peers != null) cfg.peers;
# useVmac = true;
# vmacXmitBase = true;
trackScripts = ["track_nginx"];
};
vrrpScripts = {
track_nginx = {
script = "${pkgs.systemd}/bin/systemctl is-active nginx";
interval = 1;
timeout = 2;
rise = 2;
fall = 2;
weight = 0;
user = "root";
};
};
};
};
}
Reference in a new issue View git blame Copy permalink