diff options
author | tv <tv@krebsco.de> | 2022-11-22 19:38:36 +0100 |
---|---|---|
committer | tv <tv@krebsco.de> | 2022-11-22 19:38:36 +0100 |
commit | 1c4e27473c46faf4b4a4c800cb29cdabf73f716f (patch) | |
tree | d9ec3e9b4a2e77f9e8baf2e8601a5cc9439131eb /lass/2configs/consul.nix | |
parent | 12ce60ff1435a71ee4cf0431223c129010e7df73 (diff) | |
parent | fef385511d07c1ea5be1eae4fd8dd7eba563ab2c (diff) |
Merge remote-tracking branch 'prism/master'
Diffstat (limited to 'lass/2configs/consul.nix')
-rw-r--r-- | lass/2configs/consul.nix | 43 |
1 files changed, 43 insertions, 0 deletions
diff --git a/lass/2configs/consul.nix b/lass/2configs/consul.nix new file mode 100644 index 000000000..b8d925de5 --- /dev/null +++ b/lass/2configs/consul.nix @@ -0,0 +1,43 @@ +{ config, lib, pkgs, ... }: +{ + services.consul = { + enable = true; + # dropPrivileges = false; + webUi = true; + # interface.bind = "retiolum"; + extraConfig = { + bind_addr = config.krebs.build.host.nets.retiolum.ip4.addr; + bootstrap_expect = 3; + server = true; + # retry_join = config.services.consul.extraConfig.start_join; + retry_join = lib.mapAttrsToList (n: h: + lib.head h.nets.retiolum.aliases + ) (lib.filterAttrs (n: h: h.consul) config.krebs.hosts); + rejoin_after_leave = true; + + # try to fix random lock loss on leader reelection + retry_interval = "3s"; + performance = { + raft_multiplier = 8; + }; + }; + }; + + environment.etc."consul.d/testservice.json".text = builtins.toJSON { + service = { + name = "testing"; + }; + }; + + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-i retiolum -p tcp --dport 8300"; target = "ACCEPT"; } + { predicate = "-i retiolum -p tcp --dport 8301"; target = "ACCEPT"; } + { predicate = "-i retiolum -p udp --dport 8301"; target = "ACCEPT"; } + { predicate = "-i retiolum -p tcp --dport 8302"; target = "ACCEPT"; } + { predicate = "-i retiolum -p udp --dport 8302"; target = "ACCEPT"; } + { predicate = "-i retiolum -p tcp --dport 8400"; target = "ACCEPT"; } + { predicate = "-i retiolum -p tcp --dport 8500"; target = "ACCEPT"; } + { predicate = "-i retiolum -p tcp --dport 8600"; target = "ACCEPT"; } + { predicate = "-i retiolum -p udp --dport 8500"; target = "ACCEPT"; } + ]; +} |