add keepalived conf?
This commit is contained in:
ArgentumCation
parent
6dc98e4ba3
commit
99a69bf1e9
1 changed files with 73 additions and 44 deletions
|
|
@ -3,16 +3,16 @@
|
||||||
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
|
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
|
||||||
{
|
{
|
||||||
config,
|
config,
|
||||||
lib,
|
lib,
|
||||||
pkgs,
|
pkgs,
|
||||||
...
|
...
|
||||||
}: {
|
}: {
|
||||||
imports = [
|
imports = [
|
||||||
# Include the results of the hardware scan.
|
# Include the results of the hardware scan.
|
||||||
# ./hardware-configuration.nix
|
# ./hardware-configuration.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
# Use the systemd-boot EFI boot loader.
|
# Use the systemd-boot EFI boot loader.
|
||||||
boot.loader.systemd-boot.enable = true;
|
boot.loader.systemd-boot.enable = true;
|
||||||
boot.loader.efi.canTouchEfiVariables = true;
|
boot.loader.efi.canTouchEfiVariables = true;
|
||||||
|
|
||||||
|
|
@ -25,12 +25,12 @@
|
||||||
defaultGateway.address = "192.168.1.1";
|
defaultGateway.address = "192.168.1.1";
|
||||||
};
|
};
|
||||||
|
|
||||||
# List packages installed in system profile. To search, run:
|
# List packages installed in system profile. To search, run:
|
||||||
# $ nix search wget
|
# $ nix search wget
|
||||||
# environment.systemPackages = with pkgs; [
|
# environment.systemPackages = with pkgs; [
|
||||||
# vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
|
# vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
|
||||||
# wget
|
# wget
|
||||||
# ];
|
# ];
|
||||||
|
|
||||||
users = {
|
users = {
|
||||||
users = {
|
users = {
|
||||||
|
|
@ -39,24 +39,24 @@
|
||||||
uid = 100000;
|
uid = 100000;
|
||||||
group = "dockremap";
|
group = "dockremap";
|
||||||
subUidRanges = [
|
subUidRanges = [
|
||||||
{
|
{
|
||||||
startUid = 100000;
|
startUid = 100000;
|
||||||
count = 65536;
|
count = 65536;
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
subGidRanges = [
|
subGidRanges = [
|
||||||
{
|
{
|
||||||
startGid = 100000;
|
startGid = 100000;
|
||||||
count = 65536;
|
count = 65536;
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
# Some programs need SUID wrappers, can be configured further or are
|
# Some programs need SUID wrappers, can be configured further or are
|
||||||
# started in user sessions.
|
# started in user sessions.
|
||||||
# programs.mtr.enable = true;
|
# programs.mtr.enable = true;
|
||||||
# programs.
|
# programs.
|
||||||
programs = {
|
programs = {
|
||||||
gnupg.agent = {
|
gnupg.agent = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
|
@ -76,7 +76,7 @@
|
||||||
configure = {
|
configure = {
|
||||||
customRC = ''
|
customRC = ''
|
||||||
set number relativenumber
|
set number relativenumber
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
defaultEditor = true;
|
defaultEditor = true;
|
||||||
|
|
@ -90,25 +90,54 @@
|
||||||
extraOptions = "--userns-remap=default";
|
extraOptions = "--userns-remap=default";
|
||||||
liveRestore = false; # NOTE: Incompatible with swarm
|
liveRestore = false; # NOTE: Incompatible with swarm
|
||||||
};
|
};
|
||||||
# List services that you want to enable:
|
# List services that you want to enable:
|
||||||
|
services.keepalived = {
|
||||||
|
enable = true;
|
||||||
|
openFirewall = true;
|
||||||
|
extraConfig = ''
|
||||||
|
vrrp_track_process track_traefik {
|
||||||
|
process traefik
|
||||||
|
weight 20
|
||||||
|
delay 1
|
||||||
|
}
|
||||||
|
'';
|
||||||
|
vrrpInstances = {
|
||||||
|
VI_1 = {
|
||||||
|
state = "BACKUP";
|
||||||
|
interface = "enp0s31f6";
|
||||||
|
virtualRouterId = 51;
|
||||||
|
priority=100;
|
||||||
|
virtualIps = [ {addr = "192.168.1.64";}];
|
||||||
|
extraConfig = ''
|
||||||
|
authentication {
|
||||||
|
auth_type PASS
|
||||||
|
auth_pass 3141
|
||||||
|
}
|
||||||
|
track_process {
|
||||||
|
track_traefik
|
||||||
|
}
|
||||||
|
advert_int 1
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
# Enable the OpenSSH daemon.
|
||||||
|
# services.openssh.enable = true;
|
||||||
|
|
||||||
# Enable the OpenSSH daemon.
|
# Open ports in the firewall.
|
||||||
# services.openssh.enable = true;
|
# networking.firewall.allowedTCPPorts = [ ... ];
|
||||||
|
# networking.firewall.allowedUDPPorts = [ ... ];
|
||||||
|
# Or disable the firewall altogether.
|
||||||
|
|
||||||
# Open ports in the firewall.
|
# Copy the NixOS configuration file and link it from the resulting system
|
||||||
# networking.firewall.allowedTCPPorts = [ ... ];
|
# (/run/current-system/configuration.nix). This is useful in case you
|
||||||
# networking.firewall.allowedUDPPorts = [ ... ];
|
# accidentally delete configuration.nix.
|
||||||
# Or disable the firewall altogether.
|
# system.copySystemConfiguration = true;
|
||||||
|
services.logind.lidSwitch = "ignore";
|
||||||
|
systemd.targets.sleep.enable = false;
|
||||||
|
systemd.targets.suspend.enable = false;
|
||||||
|
systemd.targets.hibernate.enable = false;
|
||||||
|
systemd.targets.hybrid-sleep.enable = false;
|
||||||
|
|
||||||
# Copy the NixOS configuration file and link it from the resulting system
|
system.stateVersion = "24.05"; # Did you read the comment?
|
||||||
# (/run/current-system/configuration.nix). This is useful in case you
|
}
|
||||||
# accidentally delete configuration.nix.
|
|
||||||
# system.copySystemConfiguration = true;
|
|
||||||
services.logind.lidSwitch = "ignore";
|
|
||||||
systemd.targets.sleep.enable = false;
|
|
||||||
systemd.targets.suspend.enable = false;
|
|
||||||
systemd.targets.hibernate.enable = false;
|
|
||||||
systemd.targets.hybrid-sleep.enable = false;
|
|
||||||
|
|
||||||
system.stateVersion = "24.05"; # Did you read the comment?
|
|
||||||
}
|
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue