diff options
Diffstat (limited to 'nixpkgs/nixos/modules/services/networking/keepalived/default.nix')
-rw-r--r-- | nixpkgs/nixos/modules/services/networking/keepalived/default.nix | 32 |
1 files changed, 26 insertions, 6 deletions
diff --git a/nixpkgs/nixos/modules/services/networking/keepalived/default.nix b/nixpkgs/nixos/modules/services/networking/keepalived/default.nix index 768c8e4b13c7..29fbea5545c3 100644 --- a/nixpkgs/nixos/modules/services/networking/keepalived/default.nix +++ b/nixpkgs/nixos/modules/services/networking/keepalived/default.nix @@ -84,13 +84,11 @@ let '' ) vrrpInstances); - virtualIpLine = (ip: - ip.addr + virtualIpLine = ip: ip.addr + optionalString (notNullOrEmpty ip.brd) " brd ${ip.brd}" + optionalString (notNullOrEmpty ip.dev) " dev ${ip.dev}" + optionalString (notNullOrEmpty ip.scope) " scope ${ip.scope}" - + optionalString (notNullOrEmpty ip.label) " label ${ip.label}" - ); + + optionalString (notNullOrEmpty ip.label) " label ${ip.label}"; notNullOrEmpty = s: !(s == null || s == ""); @@ -264,6 +262,19 @@ in ''; }; + secretFile = mkOption { + type = types.nullOr types.path; + default = null; + example = "/run/keys/keepalived.env"; + description = lib.mdDoc '' + Environment variables from this file will be interpolated into the + final config file using envsubst with this syntax: `$ENVIRONMENT` + or `''${VARIABLE}`. + The file should contain lines formatted as `SECRET_VAR=SECRET_VALUE`. + This is useful to avoid putting secrets into the nix store. + ''; + }; + }; }; @@ -282,7 +293,9 @@ in }; }; - systemd.services.keepalived = { + systemd.services.keepalived = let + finalConfigFile = if cfg.secretFile == null then keepalivedConf else "/run/keepalived/keepalived.conf"; + in { description = "Keepalive Daemon (LVS and VRRP)"; after = [ "network.target" "network-online.target" "syslog.target" ]; wants = [ "network-online.target" ]; @@ -290,8 +303,15 @@ in Type = "forking"; PIDFile = pidFile; KillMode = "process"; + RuntimeDirectory = "keepalived"; + EnvironmentFile = lib.optional (cfg.secretFile != null) cfg.secretFile; + ExecStartPre = lib.optional (cfg.secretFile != null) + (pkgs.writeShellScript "keepalived-pre-start" '' + umask 077 + ${pkgs.envsubst}/bin/envsubst -i "${keepalivedConf}" > ${finalConfigFile} + ''); ExecStart = "${pkgs.keepalived}/sbin/keepalived" - + " -f ${keepalivedConf}" + + " -f ${finalConfigFile}" + " -p ${pidFile}" + optionalString cfg.snmp.enable " --snmp"; ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID"; |