Added haproxy module and enabled it for telperion as a talos k8s lb
This commit is contained in:
parent
ecd2ad3b0f
commit
244d691b37
4 changed files with 92 additions and 0 deletions
48
nixos/hosts/telperion/config/haproxy.nix
Normal file
48
nixos/hosts/telperion/config/haproxy.nix
Normal file
|
@ -0,0 +1,48 @@
|
|||
{ ... }:
|
||||
''
|
||||
global
|
||||
log /dev/log local0
|
||||
log /dev/log local1 notice
|
||||
daemon
|
||||
|
||||
defaults
|
||||
mode http
|
||||
log global
|
||||
option httplog
|
||||
option dontlognull
|
||||
option http-server-close
|
||||
option redispatch
|
||||
retries 3
|
||||
timeout http-request 10s
|
||||
timeout queue 20s
|
||||
timeout connect 10s
|
||||
timeout client 1h
|
||||
timeout server 1h
|
||||
timeout http-keep-alive 10s
|
||||
timeout check 10s
|
||||
|
||||
frontend k8s_apiserver
|
||||
bind *:6443
|
||||
mode tcp
|
||||
option tcplog
|
||||
default_backend k8s_controlplane
|
||||
|
||||
frontend talos_apiserver
|
||||
bind *:50000
|
||||
mode tcp
|
||||
option tcplog
|
||||
default_backend talos_controlplane
|
||||
|
||||
backend k8s_controlplane
|
||||
option httpchk GET /healthz
|
||||
http-check expect status 200
|
||||
mode tcp
|
||||
option ssl-hello-chk
|
||||
balance roundrobin
|
||||
server worker1 10.1.1.61:6443 check
|
||||
|
||||
backend talos_controlplane
|
||||
option httpchk GET /healthz
|
||||
http-check expect status 200
|
||||
mode tcp
|
||||
''
|
|
@ -77,6 +77,11 @@
|
|||
enable = true;
|
||||
extraConfig = import ./config/bind.nix { inherit config; };
|
||||
};
|
||||
haproxy = {
|
||||
enable = true;
|
||||
config = import ./config/haproxy.nix { inherit config; };
|
||||
tcpPorts = [ 6443 50000 ];
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -3,6 +3,7 @@
|
|||
./bind
|
||||
./cockpit
|
||||
./forgejo
|
||||
./haproxy
|
||||
./nginx
|
||||
./onepassword-connect
|
||||
./podman
|
||||
|
|
38
nixos/modules/nixos/services/haproxy/default.nix
Normal file
38
nixos/modules/nixos/services/haproxy/default.nix
Normal file
|
@ -0,0 +1,38 @@
|
|||
{ lib, config, pkgs, ... }:
|
||||
with lib;
|
||||
let
|
||||
cfg = config.mySystem.services.haproxy;
|
||||
serviceUser = "named";
|
||||
in
|
||||
{
|
||||
options.mySystem.services.haproxy = {
|
||||
enable = mkEnableOption "haproxy";
|
||||
package = mkPackageOption pkgs "haproxy" { };
|
||||
config = mkOption {
|
||||
type = types.str;
|
||||
};
|
||||
tcpPorts = mkOption {
|
||||
type = types.listOf types.int;
|
||||
default = [ ];
|
||||
};
|
||||
udpPorts = mkOption {
|
||||
type = types.listOf types.int;
|
||||
default = [ ];
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
# Open firewall for specified ports.
|
||||
networking.firewall = {
|
||||
allowedTCPPorts = cfg.tcpPorts;
|
||||
allowedUDPPorts = cfg.udpPorts;
|
||||
};
|
||||
|
||||
# Enable haproxy service with custom configuration
|
||||
services.haproxy = {
|
||||
enable = true;
|
||||
inherit (cfg) package;
|
||||
config = cfg.config;
|
||||
};
|
||||
};
|
||||
}
|
Loading…
Reference in a new issue