sync

2026-01-26 23:21:59 +00:00 · 2025-08-15 12:25:44 +00:00
parent ded46ebce2
commit db35c08fc6
9 changed files with 67 additions and 14 deletions
--- a/modules/common.nix
+++ b/modules/common.nix
@@ -10,7 +10,6 @@
    # ./mnt-clusterstore.nix
    ./nomad.nix
    ./consul.nix
-    ./cifs.nix
    inputs.sops-nix.nixosModules.sops
  ];

@@ -21,6 +20,20 @@
    description = "Path to the Secrets storage";
  };

+  options.custom._Networkinterface = lib.mkOption {
+    type = lib.types.str;
+    default = "end0";
+    description = "Network interface name to bind to.";
+    example = "enp3s0";
+  };
+
+  options.custom.VIP_Priority = lib.mkOption {
+    type = lib.types.int;
+    default = 50;
+    description = "Keep alived prority for voting";
+  };
+
+
  config = {
    system.stateVersion = "23.11"; # Did you read the comment?
    nixpkgs.config.allowUnfree = true;
--- a/modules/consul.nix
+++ b/modules/consul.nix
@@ -6,6 +6,8 @@
  ...
 }: let
  secretstore = config._secretstore;
+  NetworkInterface = config.custom._Networkinterface;
+
  # oldpkgs = import (builtins.fetchGit {
  #   # Descriptive name to make the store path easier to identify
  #   name = "git_consul_1_9";
@@ -25,6 +27,9 @@ in {
    format = "binary";
    owner = "consul";
    group = "consul";
+
+
+
  };

  networking.firewall = {
@@ -37,7 +42,7 @@ in {
    enable = true;
    webUi = true;
    # consulAddr = "0.0.0.0:8500";
-    interface.bind = "end0";
+    interface.bind = "${NetworkInterface}";
    extraConfigFiles = [config.sops.secrets."consul_encrypt.json".path];
    extraConfig = {
      bootstrap = false;
@@ -54,18 +59,19 @@ in {
        raft_multiplier = 7;
      };
      recursors = [
-        "192.168.1.1"
+        "192.168.4.1"
        "8.8.8.8"
      ];

      retry_join = [
-        "192.168.1.221"
-        "192.168.1.222"
-        "192.168.1.225"
-        "192.168.1.226"
-        "192.168.1.227"
-        "192.168.1.223"
-        "192.168.1.224"
+        "192.168.4.221"
+        "192.168.4.222"
+        "192.168.4.225"
+        "192.168.4.226"
+        "192.168.4.227"
+        "192.168.4.223"
+        "192.168.4.224"
+        "192.168.4.36"
      ];
    };
  };
--- a/modules/keepalived.nix
+++ b/modules/keepalived.nix
@@ -0,0 +1,22 @@
+{ config, pkgs, lib, ... }:
+with lib; let
+  NetworkInterface = config.custom._Networkinterface;
+  VIP_Priority = config.custom.VIP_Priority;
+in {
+
+
+  services.keepalived = {
+    enable = true;
+    openFirewall = true;
+    vrrpInstances.VIP_250 = {
+        interface = "${NetworkInterface}";
+        virtualRouterId  = 51;
+        priority = VIP_Priority;
+        unicastPeers = ["192.168.4.226" "192.168.4.227" "192.168.4.228" "192.168.4.36"];
+        virtualIps = [{addr = "192.168.4.250/22";}];
+          
+      };
+  };
+
+  networking.firewall.allowedTCPPorts = [ 80 443 ]; # optional
+}