feat(refactor): WIP refactor server modules

2025-10-12 21:07:30 +02:00
parent 57cb48a11c
commit d2bd385367
43 changed files with 1004 additions and 1414 deletions
--- a/modules/server/infra/keepalived/default.nix
+++ b/modules/server/infra/keepalived/default.nix
@@ -0,0 +1,71 @@
+{
+  lib,
+  config,
+  self,
+  ...
+}: let
+  unit = "keepalived";
+  cfg = config.server.infra.${unit};
+
+  hostCfg = hostname:
+    if hostname == "sobotka"
+    then {
+      ip = "192.168.88.14";
+      priority = 20;
+      state = "MASTER";
+    }
+    else if hostname == "ziggy"
+    then {
+      ip = "192.168.88.12";
+      priority = 10;
+      state = "BACKUP";
+    }
+    else throw "No keepalived config defined for host ${hostname}";
+
+  _self = hostCfg config.networking.hostName;
+
+  allPeers = [
+    "192.168.88.12"
+    "192.168.88.14"
+  ];
+
+  # Remove self from peers
+  peers = builtins.filter (ip: ip != _self.ip) allPeers;
+in {
+  options.server.infra.${unit} = {
+    enable = lib.mkEnableOption {
+      description = "Enable ${unit}";
+    };
+    interface = lib.mkOption {
+      type = lib.types.str;
+      example = "eth0";
+      description = "The network interface keepalived should bind to.";
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    age.secrets.keepalived.file = "${self}/secrets/keepalived.age";
+    services.keepalived = {
+      enable = true;
+      vrrpInstances.VI = {
+        state = _self.state;
+        interface = cfg.interface;
+        virtualRouterId = 69;
+        priority = _self.priority;
+        unicastSrcIp = _self.ip;
+        unicastPeers = peers;
+        virtualIps = [
+          {
+            addr = "192.168.88.69/24";
+          }
+        ];
+        extraConfig = ''
+          authentication {
+            auth_type PASS
+            auth_pass ${config.age.secrets.keepalived.path}
+          }
+        '';
+      };
+    };
+  };
+}