dev/nixfiles
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

nixos/home/routing-common: Add ping test to keepalived
All checks were successful
CI / Check, build and cache Nix flake (push) Successful in 35m51s
Details

Browse Source
This commit is contained in:
Jack O'Sullivan
2024-03-24 12:57:42 +00:00
parent 945302b7c0
commit fdc65c544e
2 changed files with 32 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lib/constants.nix
View File

@@ -11,6 +11,7 @@ rec {
jellyseerr = 402; jellyseerr = 402;
atticd = 403; atticd = 403;
kea = 404; kea = 404;
keepalived_script = 405;
}; };
gids = { gids = {
matrix-syncv3 = 400; matrix-syncv3 = 400;
@@ -18,6 +19,7 @@ rec {
jellyseerr = 402; jellyseerr = 402;
atticd = 403; atticd = 403;
kea = 404; kea = 404;
keepalived_script = 405;
}; };
}; };

37
nixos/boxes/home/routing-common/keepalived.nix
View File

@@ -5,36 +5,59 @@ let
inherit (lib.my) net; inherit (lib.my) net;
inherit (lib.my.c.home) prefixes vips; inherit (lib.my.c.home) prefixes vips;
pingScriptFor = ip: {
script = "${pkgs.iputils}/bin/ping -qnc 1 ${ip}";
interval = 1;
timeout = 1;
rise = 3;
fall = 3;
};
vlanIface = vlan: if vlan == "as211024" then vlan else "lan-${vlan}"; vlanIface = vlan: if vlan == "as211024" then vlan else "lan-${vlan}";
vrrpIPs = family: concatMap (vlan: [ vrrpIPs = family: concatMap (vlan: (optional (family == "v6") {
addr = "fe80::1/64";
dev = vlanIface vlan;
}) ++ [
{ {
addr = "${vips.${vlan}.${family}}/${toString (net.cidr.length prefixes.${vlan}.${family})}"; addr = "${vips.${vlan}.${family}}/${toString (net.cidr.length prefixes.${vlan}.${family})}";
dev = vlanIface vlan; dev = vlanIface vlan;
} }
] ++ (optional (family == "v6") { ]) (attrNames vips);
addr = "fe80::1/64";
dev = vlanIface vlan;
})) (attrNames vips);
mkVRRP = family: routerId: { mkVRRP = family: routerId: {
state = if index == 0 then "MASTER" else "BACKUP"; state = if index == 0 then "MASTER" else "BACKUP";
interface = "lan-core"; interface = "lan-core";
priority = 255 - index; priority = 255 - index;
virtualRouterId = routerId; virtualRouterId = routerId;
virtualIps = vrrpIPs family; virtualIps = vrrpIPs family;
trackScripts = [ "${family}Alive" ];
extraConfig = '' extraConfig = ''
notify_master "${config.systemd.package}/bin/systemctl start radvd.service" notify_master "${config.systemd.package}/bin/systemctl start radvd.service" root
notify_backup "${config.systemd.package}/bin/systemctl stop radvd.service" notify_backup "${config.systemd.package}/bin/systemctl stop radvd.service" root
''; '';
}; };
in in
{ {
users = with lib.my.c.ids; {
users.keepalived_script = {
uid = uids.keepalived_script;
isSystemUser = true;
group = "keepalived_script";
};
groups.keepalived_script.gid = gids.keepalived_script;
};
services = { services = {
keepalived = { keepalived = {
enable = true; enable = true;
enableScriptSecurity = true;
extraGlobalDefs = '' extraGlobalDefs = ''
vrrp_version 3 vrrp_version 3
nftables keepalived nftables keepalived
''; '';
vrrpScripts = {
v4Alive = pingScriptFor "1.1.1.1";
v6Alive = pingScriptFor "2600::";
};
vrrpInstances = { vrrpInstances = {
v4 = mkVRRP "v4" 51; v4 = mkVRRP "v4" 51;
v6 = mkVRRP "v6" 52; v6 = mkVRRP "v6" 52;