Added haproxy module and enabled it for telperion as a talos k8s lb

This commit is contained in:
Joseph Hanson 2024-07-07 15:13:10 -05:00
parent ecd2ad3b0f
commit 244d691b37
Signed by: jahanson
SSH key fingerprint: SHA256:vy6dKBECV522aPAwklFM3ReKAVB086rT3oWwiuiFG7o
4 changed files with 92 additions and 0 deletions

View file

@ -0,0 +1,48 @@
{ ... }:
''
global
log /dev/log local0
log /dev/log local1 notice
daemon
defaults
mode http
log global
option httplog
option dontlognull
option http-server-close
option redispatch
retries 3
timeout http-request 10s
timeout queue 20s
timeout connect 10s
timeout client 1h
timeout server 1h
timeout http-keep-alive 10s
timeout check 10s
frontend k8s_apiserver
bind *:6443
mode tcp
option tcplog
default_backend k8s_controlplane
frontend talos_apiserver
bind *:50000
mode tcp
option tcplog
default_backend talos_controlplane
backend k8s_controlplane
option httpchk GET /healthz
http-check expect status 200
mode tcp
option ssl-hello-chk
balance roundrobin
server worker1 10.1.1.61:6443 check
backend talos_controlplane
option httpchk GET /healthz
http-check expect status 200
mode tcp
''

View file

@ -77,6 +77,11 @@
enable = true;
extraConfig = import ./config/bind.nix { inherit config; };
};
haproxy = {
enable = true;
config = import ./config/haproxy.nix { inherit config; };
tcpPorts = [ 6443 50000 ];
};
};
};
}

View file

@ -3,6 +3,7 @@
./bind
./cockpit
./forgejo
./haproxy
./nginx
./onepassword-connect
./podman

View file

@ -0,0 +1,38 @@
{ lib, config, pkgs, ... }:
with lib;
let
cfg = config.mySystem.services.haproxy;
serviceUser = "named";
in
{
options.mySystem.services.haproxy = {
enable = mkEnableOption "haproxy";
package = mkPackageOption pkgs "haproxy" { };
config = mkOption {
type = types.str;
};
tcpPorts = mkOption {
type = types.listOf types.int;
default = [ ];
};
udpPorts = mkOption {
type = types.listOf types.int;
default = [ ];
};
};
config = mkIf cfg.enable {
# Open firewall for specified ports.
networking.firewall = {
allowedTCPPorts = cfg.tcpPorts;
allowedUDPPorts = cfg.udpPorts;
};
# Enable haproxy service with custom configuration
services.haproxy = {
enable = true;
inherit (cfg) package;
config = cfg.config;
};
};
}