machines/router03/router.nix

@@ -4,10 +4,10 @@
     enable = true;
     enablePrimary = true;
     routerId = 1;
+    virtualRouterId = 1;
     vip = "129.199.146.230";
     rip = "129.199.146.231";
     trunkPort.macAddress = "92:E3:9C:CE:EF:14";
-    virtualNeighbors = [ 2 ];
   };
 
   # systemd.services."systemd-networkd".environment.SYSTEMD_LOG_LEVEL = "debug";

machines/router04/router.nix

@@ -4,10 +4,10 @@
     enable = true;
     enablePrimary = false;
     routerId = 2;
+    virtualRouterId = 1;
     vip = "129.199.146.230";
     rip = "129.199.146.232";
     trunkPort.macAddress = "92:E3:9C:CE:EF:15";
-    virtualNeighbors = [ 1 ];
   };
 
   # systemd.services."systemd-networkd".environment.SYSTEMD_LOG_LEVEL = "debug";

modules/krz-router.nix

@@ -46,17 +46,16 @@ in
       type = types.int;
       description = "Router ID for computing automatic IPs";
     };
+    virtualRouterId = mkOption {
+      type = types.int;
+      description = "Virtual router ID for VRRP";
+    };
     virtualPriority = mkOption {
       type = types.int;
       description = "Virtual router priority in the election";
       # As recommended per RFC.
       default = if cfg.enablePrimary then 100 else 50;
     };
-    virtualNeighbors = mkOption {
-      type = types.listOf types.int;
-      description = "Virtual router neighbors in terms of router IDs";
-      default = [ ];
-    };
   };
 
   config = mkIf cfg.enable {
@@ -132,7 +131,7 @@ in
           matchConfig.Name = "wgadmin";
           networkConfig = {
             Description = "VPN d'administration système de l'infrastructure";
-            Address = [ "fd81:fb3a:50cc::${toString (cfg.routerId + 1)}/64" ];
+            Address = [ "fd81:fb3a:50cc::${toString cfg.routerId}/64" ];
             # Give access to the rest of the network.
             IPForward = "ipv6";
             ConfigureWithoutCarrier = true;
@@ -143,7 +142,7 @@ in
           matchConfig.Name = "admin";
           networkConfig = {
             Description = "VLAN d'administration système de l'infrastructure";
-            Address = [ "fd81:fb3a:50cc:1::${toString (cfg.routerId + 1)}/48" ];
+            Address = [ "fd81:fb3a:50cc:1::${toString cfg.routerId}/48" ];
             # Give access to the rest of the network.
             IPForward = "ipv6";
             IPv6ProxyNDP = true;
@@ -337,7 +336,7 @@ in
           matchConfig.Name = "vrrp-router";
           networkConfig = {
             Description = "VRRP router health network";
-            Address = [ "10.0.0.${toString cfg.routerId}/24" "fe80::${toString cfg.routerId}/64" ];
+            Address = [ "10.0.0.${toString cfg.routerId}/24" ];
             KeepConfiguration = true;
           };
         };
@@ -352,23 +351,8 @@ in
         # We want to start in a stable state.
         priority = cfg.virtualPriority;
         virtualIps = [{ addr = "${cfg.vip}/24"; dev = "swp"; scope = "global"; }];
-        virtualRouterId = 50;
+        inherit (cfg) virtualRouterId;
         noPreempt = !cfg.enablePrimary;
-        unicastPeers = map (n: "10.0.0.${toString n}") cfg.virtualNeighbors;
-      };
-      vrrpInstances.admin = {
-        interface = "vrrp-router";
-        state = if cfg.enablePrimary then "MASTER" else "BACKUP";
-        # We want to start in a stable state.
-        priority = cfg.virtualPriority;
-        virtualIps = [
-          { addr = "fd81:fb3a:50cc::1/64"; dev = "wgadmin"; }
-          { addr = "fd81:fb3a:50cc:1::1/48"; dev = "admin"; }
-        ];
-        virtualRouterId = 51;
-        noPreempt = !cfg.enablePrimary;
-        unicastPeers = map (n: "fe80::${toString n}") cfg.virtualNeighbors;
-        unicastSrcIp = "fe80::${toString cfg.routerId}";
       };
     };
   };