Merge remote-tracking branch 'lass/master'

1 files changed, 43 insertions, 0 deletions

diff --git a/lass/2configs/consul.nix b/lass/2configs/consul.nix
new file mode 100644
index 000000000..b8d925de5
--- /dev/null
+++ b/lass/2configs/consul.nix
@@ -0,0 +1,43 @@
+{ config, lib, pkgs, ... }:
+{
+  services.consul = {
+    enable = true;
+    # dropPrivileges = false;
+    webUi = true;
+    # interface.bind = "retiolum";
+    extraConfig = {
+      bind_addr = config.krebs.build.host.nets.retiolum.ip4.addr;
+      bootstrap_expect = 3;
+      server = true;
+      # retry_join = config.services.consul.extraConfig.start_join;
+      retry_join = lib.mapAttrsToList (n: h:
+        lib.head h.nets.retiolum.aliases
+      ) (lib.filterAttrs (n: h: h.consul) config.krebs.hosts);
+      rejoin_after_leave = true;
+
+      # try to fix random lock loss on leader reelection
+      retry_interval = "3s";
+      performance = {
+        raft_multiplier = 8;
+      };
+    };
+  };
+
+  environment.etc."consul.d/testservice.json".text = builtins.toJSON {
+    service = {
+      name = "testing";
+    };
+  };
+
+  krebs.iptables.tables.filter.INPUT.rules = [
+    { predicate = "-i retiolum -p tcp --dport 8300"; target = "ACCEPT"; }
+    { predicate = "-i retiolum -p tcp --dport 8301"; target = "ACCEPT"; }
+    { predicate = "-i retiolum -p udp --dport 8301"; target = "ACCEPT"; }
+    { predicate = "-i retiolum -p tcp --dport 8302"; target = "ACCEPT"; }
+    { predicate = "-i retiolum -p udp --dport 8302"; target = "ACCEPT"; }
+    { predicate = "-i retiolum -p tcp --dport 8400"; target = "ACCEPT"; }
+    { predicate = "-i retiolum -p tcp --dport 8500"; target = "ACCEPT"; }
+    { predicate = "-i retiolum -p tcp --dport 8600"; target = "ACCEPT"; }
+    { predicate = "-i retiolum -p udp --dport 8500"; target = "ACCEPT"; }
+  ];
+}