lass/2configs/consul.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43

{ config, lib, pkgs, ... }:
{
  services.consul = {
    enable = true;
    # dropPrivileges = false;
    webUi = true;
    # interface.bind = "retiolum";
    extraConfig = {
      bind_addr = config.krebs.build.host.nets.retiolum.ip4.addr;
      bootstrap_expect = 3;
      server = true;
      # retry_join = config.services.consul.extraConfig.start_join;
      retry_join = lib.mapAttrsToList (n: h:
        lib.head h.nets.retiolum.aliases
      ) (lib.filterAttrs (n: h: h.consul) config.krebs.hosts);
      rejoin_after_leave = true;

      # try to fix random lock loss on leader reelection
      retry_interval = "3s";
      performance = {
        raft_multiplier = 8;
      };
    };
  };

  environment.etc."consul.d/testservice.json".text = builtins.toJSON {
    service = {
      name = "testing";
    };
  };

  krebs.iptables.tables.filter.INPUT.rules = [
    { predicate = "-i retiolum -p tcp --dport 8300"; target = "ACCEPT"; }
    { predicate = "-i retiolum -p tcp --dport 8301"; target = "ACCEPT"; }
    { predicate = "-i retiolum -p udp --dport 8301"; target = "ACCEPT"; }
    { predicate = "-i retiolum -p tcp --dport 8302"; target = "ACCEPT"; }
    { predicate = "-i retiolum -p udp --dport 8302"; target = "ACCEPT"; }
    { predicate = "-i retiolum -p tcp --dport 8400"; target = "ACCEPT"; }
    { predicate = "-i retiolum -p tcp --dport 8500"; target = "ACCEPT"; }
    { predicate = "-i retiolum -p tcp --dport 8600"; target = "ACCEPT"; }
    { predicate = "-i retiolum -p udp --dport 8500"; target = "ACCEPT"; }
  ];
}