nixos/home/routing-common: Add ping test to keepalived
All checks were successful
CI / Check, build and cache Nix flake (push) Successful in 35m51s
All checks were successful
CI / Check, build and cache Nix flake (push) Successful in 35m51s
This commit is contained in:
parent
945302b7c0
commit
fdc65c544e
@ -11,6 +11,7 @@ rec {
|
|||||||
jellyseerr = 402;
|
jellyseerr = 402;
|
||||||
atticd = 403;
|
atticd = 403;
|
||||||
kea = 404;
|
kea = 404;
|
||||||
|
keepalived_script = 405;
|
||||||
};
|
};
|
||||||
gids = {
|
gids = {
|
||||||
matrix-syncv3 = 400;
|
matrix-syncv3 = 400;
|
||||||
@ -18,6 +19,7 @@ rec {
|
|||||||
jellyseerr = 402;
|
jellyseerr = 402;
|
||||||
atticd = 403;
|
atticd = 403;
|
||||||
kea = 404;
|
kea = 404;
|
||||||
|
keepalived_script = 405;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|||||||
@ -5,36 +5,59 @@ let
|
|||||||
inherit (lib.my) net;
|
inherit (lib.my) net;
|
||||||
inherit (lib.my.c.home) prefixes vips;
|
inherit (lib.my.c.home) prefixes vips;
|
||||||
|
|
||||||
|
pingScriptFor = ip: {
|
||||||
|
script = "${pkgs.iputils}/bin/ping -qnc 1 ${ip}";
|
||||||
|
interval = 1;
|
||||||
|
timeout = 1;
|
||||||
|
rise = 3;
|
||||||
|
fall = 3;
|
||||||
|
};
|
||||||
|
|
||||||
vlanIface = vlan: if vlan == "as211024" then vlan else "lan-${vlan}";
|
vlanIface = vlan: if vlan == "as211024" then vlan else "lan-${vlan}";
|
||||||
vrrpIPs = family: concatMap (vlan: [
|
vrrpIPs = family: concatMap (vlan: (optional (family == "v6") {
|
||||||
|
addr = "fe80::1/64";
|
||||||
|
dev = vlanIface vlan;
|
||||||
|
}) ++ [
|
||||||
{
|
{
|
||||||
addr = "${vips.${vlan}.${family}}/${toString (net.cidr.length prefixes.${vlan}.${family})}";
|
addr = "${vips.${vlan}.${family}}/${toString (net.cidr.length prefixes.${vlan}.${family})}";
|
||||||
dev = vlanIface vlan;
|
dev = vlanIface vlan;
|
||||||
}
|
}
|
||||||
] ++ (optional (family == "v6") {
|
]) (attrNames vips);
|
||||||
addr = "fe80::1/64";
|
|
||||||
dev = vlanIface vlan;
|
|
||||||
})) (attrNames vips);
|
|
||||||
mkVRRP = family: routerId: {
|
mkVRRP = family: routerId: {
|
||||||
state = if index == 0 then "MASTER" else "BACKUP";
|
state = if index == 0 then "MASTER" else "BACKUP";
|
||||||
interface = "lan-core";
|
interface = "lan-core";
|
||||||
priority = 255 - index;
|
priority = 255 - index;
|
||||||
virtualRouterId = routerId;
|
virtualRouterId = routerId;
|
||||||
virtualIps = vrrpIPs family;
|
virtualIps = vrrpIPs family;
|
||||||
|
trackScripts = [ "${family}Alive" ];
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
notify_master "${config.systemd.package}/bin/systemctl start radvd.service"
|
notify_master "${config.systemd.package}/bin/systemctl start radvd.service" root
|
||||||
notify_backup "${config.systemd.package}/bin/systemctl stop radvd.service"
|
notify_backup "${config.systemd.package}/bin/systemctl stop radvd.service" root
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
|
users = with lib.my.c.ids; {
|
||||||
|
users.keepalived_script = {
|
||||||
|
uid = uids.keepalived_script;
|
||||||
|
isSystemUser = true;
|
||||||
|
group = "keepalived_script";
|
||||||
|
};
|
||||||
|
groups.keepalived_script.gid = gids.keepalived_script;
|
||||||
|
};
|
||||||
|
|
||||||
services = {
|
services = {
|
||||||
keepalived = {
|
keepalived = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
enableScriptSecurity = true;
|
||||||
extraGlobalDefs = ''
|
extraGlobalDefs = ''
|
||||||
vrrp_version 3
|
vrrp_version 3
|
||||||
nftables keepalived
|
nftables keepalived
|
||||||
'';
|
'';
|
||||||
|
vrrpScripts = {
|
||||||
|
v4Alive = pingScriptFor "1.1.1.1";
|
||||||
|
v6Alive = pingScriptFor "2600::";
|
||||||
|
};
|
||||||
vrrpInstances = {
|
vrrpInstances = {
|
||||||
v4 = mkVRRP "v4" 51;
|
v4 = mkVRRP "v4" 51;
|
||||||
v6 = mkVRRP "v6" 52;
|
v6 = mkVRRP "v6" 52;
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user