From 7f27f9fb7941bf0e39281043495aab0902ca15bb Mon Sep 17 00:00:00 2001 From: Luke Granger-Brown Date: Sat, 20 Mar 2021 01:08:33 +0000 Subject: [PATCH] tuvok/paris: enable keepalived --- ops/nixos/blade-paris/default.nix | 16 ++++++++++++---- ops/nixos/blade-tuvok/default.nix | 12 ++++++++++++ 2 files changed, 24 insertions(+), 4 deletions(-) diff --git a/ops/nixos/blade-paris/default.nix b/ops/nixos/blade-paris/default.nix index 25d33fb5ba..3cbce8d56f 100644 --- a/ops/nixos/blade-paris/default.nix +++ b/ops/nixos/blade-paris/default.nix @@ -16,10 +16,6 @@ in { networking = { hostName = "blade-paris"; hostId = "41b2a198"; - interfaces.br-mgmt.ipv4.addresses = [{ - address = "10.100.0.1"; - prefixLength = 23; - }]; interfaces.br-public.ipv4.addresses = [{ address = "92.118.28.1"; prefixLength = 24; @@ -34,6 +30,7 @@ in { }]; defaultGateway = "195.74.55.22"; defaultGateway6 = "2a03:ee40:8080:9:2::1"; + firewall.extraCommands = "iptables -A INPUT -p vrrp -i br-mgmt -j ACCEPT"; }; my.ip.tailscale = "100.117.185.118"; my.blade.bay = 2; @@ -50,4 +47,15 @@ in { daemons = [ "2" ]; }; }; + + services.keepalived = { + enable = true; + vrrpInstances.mgmtGateway = { + interface = "br-mgmt"; + state = "MASTER"; + priority = 100; + virtualIps = [{ addr = "10.100.0.1/23"; }]; + virtualRouterId = 1; + }; + }; } diff --git a/ops/nixos/blade-tuvok/default.nix b/ops/nixos/blade-tuvok/default.nix index 308b8c2d92..55121d0951 100644 --- a/ops/nixos/blade-tuvok/default.nix +++ b/ops/nixos/blade-tuvok/default.nix @@ -27,6 +27,7 @@ in { defaultGateway = "195.74.55.20"; defaultGateway6 = "2a03:ee40:8080:9:1::1"; firewall.allowedTCPPorts = [ 80 443 ]; + firewall.extraCommands = "iptables -A INPUT -p vrrp -i br-mgmt -j ACCEPT"; }; my.ip.tailscale = "100.119.123.33"; my.blade.bay = 6; @@ -74,4 +75,15 @@ in { ]; }; }; + + services.keepalived = { + enable = true; + vrrpInstances.mgmtGateway = { + interface = "br-mgmt"; + state = "MASTER"; + priority = 50; + virtualIps = [{ addr = "10.100.0.1/23"; }]; + virtualRouterId = 1; + }; + }; }