services:
  keepalived:
    image: osixia/keepalived:latest
    container_name: keepalived
    restart: unless-stopped
    network_mode: host
    # Privileged is often required to manipulate Host Network Interfaces
    privileged: true 
    # capabilities are good, but 'privileged' is safer for network manipulation in LXC
    cap_add:
      - NET_ADMIN
      - NET_BROADCAST
      - NET_RAW
    
    volumes:
      # Inject the check script
      - /docker/management/check_komodo.sh:/container/service/keepalived/assets/check_komodo.sh
    
    environment:
      - KEEPALIVED_INTERFACE=eth0
      - KEEPALIVED_ROUTER_ID=51
      - KEEPALIVED_VIRTUAL_IPS=172.16.201.250 # Your VIP
      - KEEPALIVED_PASSWORD=${DNS_ADMIN_PASSWORD}
      
      # MASTER/BACKUP Logic (Using Variables)
      # On PVE2: Set KEEPALIVED_STATE=MASTER, PRIORITY=101
      # On PVE1: Set KEEPALIVED_STATE=BACKUP, PRIORITY=100
      - KEEPALIVED_STATE=${KEEPALIVED_STATE}
      - KEEPALIVED_PRIORITY=${KEEPALIVED_PRIORITY}
      
      # The Magic Check: Monitors Komodo!
      - KEEPALIVED_CHECK_SCRIPT=/container/service/keepalived/assets/check_komodo.sh
      - KEEPALIVED_CHECK_INTERVAL=2
      - KEEPALIVED_CHECK_RISE=1
      - KEEPALIVED_CHECK_FALL=2