router(*): VRRP the admin interface

Now, the Proxmox can be accessed while redeploying one of the router!
2024-01-12 04:36:15 +01:00 · 2024-01-12 04:36:15 +01:00 · dfeeb1c4ea
parent bcbfc91a11
commit dfeeb1c4ea
3 changed files with 18 additions and 10 deletions
--- a/machines/router03/router.nix
+++ b/machines/router03/router.nix
@ -4,7 +4,6 @@
    enable = true;
    enablePrimary = true;
    routerId = 1;
-    virtualRouterId = 51;
    vip = "129.199.146.230";
    rip = "129.199.146.231";
    trunkPort.macAddress = "92:E3:9C:CE:EF:14";
--- a/machines/router04/router.nix
+++ b/machines/router04/router.nix
@ -4,7 +4,6 @@
    enable = true;
    enablePrimary = false;
    routerId = 2;
-    virtualRouterId = 51;
    vip = "129.199.146.230";
    rip = "129.199.146.232";
    trunkPort.macAddress = "92:E3:9C:CE:EF:15";
--- a/modules/krz-router.nix
+++ b/modules/krz-router.nix
@ -46,10 +46,6 @@ in
      type = types.int;
      description = "Router ID for computing automatic IPs";
    };
-    virtualRouterId = mkOption {
-      type = types.int;
-      description = "Virtual router ID for VRRP";
-    };
    virtualPriority = mkOption {
      type = types.int;
      description = "Virtual router priority in the election";
@ -136,7 +132,7 @@ in
          matchConfig.Name = "wgadmin";
          networkConfig = {
            Description = "VPN d'administration système de l'infrastructure";
-            Address = [ "fd81:fb3a:50cc::${toString cfg.routerId}/64" ];
+            Address = [ "fd81:fb3a:50cc::${toString (cfg.routerId + 1)}/64" ];
            # Give access to the rest of the network.
            IPForward = "ipv6";
            ConfigureWithoutCarrier = true;
@ -147,7 +143,7 @@ in
          matchConfig.Name = "admin";
          networkConfig = {
            Description = "VLAN d'administration système de l'infrastructure";
-            Address = [ "fd81:fb3a:50cc:1::${toString cfg.routerId}/48" ];
+            Address = [ "fd81:fb3a:50cc:1::${toString (cfg.routerId + 1)}/48" ];
            # Give access to the rest of the network.
            IPForward = "ipv6";
            IPv6ProxyNDP = true;
@ -341,7 +337,7 @@ in
          matchConfig.Name = "vrrp-router";
          networkConfig = {
            Description = "VRRP router health network";
-            Address = [ "10.0.0.${toString cfg.routerId}/24" ];
+            Address = [ "10.0.0.${toString cfg.routerId}/24" "fe80::${toString cfg.routerId}/64" ];
            KeepConfiguration = true;
          };
        };
@ -356,10 +352,24 @@ in
        # We want to start in a stable state.
        priority = cfg.virtualPriority;
        virtualIps = [{ addr = "${cfg.vip}/24"; dev = "swp"; scope = "global"; }];
-        inherit (cfg) virtualRouterId;
+        virtualRouterId = 50;
        noPreempt = !cfg.enablePrimary;
        unicastPeers = map (n: "10.0.0.${toString n}") cfg.virtualNeighbors;
      };
+      vrrpInstances.admin = {
+        interface = "vrrp-router";
+        state = if cfg.enablePrimary then "MASTER" else "BACKUP";
+        # We want to start in a stable state.
+        priority = cfg.virtualPriority;
+        virtualIps = [
+          { addr = "fd81:fb3a:50cc::1/64"; dev = "wgadmin"; }
+          { addr = "fd81:fb3a:50cc:1::1/48"; dev = "admin"; }
+        ];
+        virtualRouterId = 51;
+        noPreempt = !cfg.enablePrimary;
+        unicastPeers = map (n: "fe80::${toString n}") cfg.virtualNeighbors;
+        unicastSrcIp = "fe80::${toString cfg.routerId}";
+      };
    };
  };
 }