summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--lass/2configs/consul.nix43
1 files changed, 43 insertions, 0 deletions
diff --git a/lass/2configs/consul.nix b/lass/2configs/consul.nix
new file mode 100644
index 000000000..b8d925de5
--- /dev/null
+++ b/lass/2configs/consul.nix
@@ -0,0 +1,43 @@
+{ config, lib, pkgs, ... }:
+{
+ services.consul = {
+ enable = true;
+ # dropPrivileges = false;
+ webUi = true;
+ # interface.bind = "retiolum";
+ extraConfig = {
+ bind_addr = config.krebs.build.host.nets.retiolum.ip4.addr;
+ bootstrap_expect = 3;
+ server = true;
+ # retry_join = config.services.consul.extraConfig.start_join;
+ retry_join = lib.mapAttrsToList (n: h:
+ lib.head h.nets.retiolum.aliases
+ ) (lib.filterAttrs (n: h: h.consul) config.krebs.hosts);
+ rejoin_after_leave = true;
+
+ # try to fix random lock loss on leader reelection
+ retry_interval = "3s";
+ performance = {
+ raft_multiplier = 8;
+ };
+ };
+ };
+
+ environment.etc."consul.d/testservice.json".text = builtins.toJSON {
+ service = {
+ name = "testing";
+ };
+ };
+
+ krebs.iptables.tables.filter.INPUT.rules = [
+ { predicate = "-i retiolum -p tcp --dport 8300"; target = "ACCEPT"; }
+ { predicate = "-i retiolum -p tcp --dport 8301"; target = "ACCEPT"; }
+ { predicate = "-i retiolum -p udp --dport 8301"; target = "ACCEPT"; }
+ { predicate = "-i retiolum -p tcp --dport 8302"; target = "ACCEPT"; }
+ { predicate = "-i retiolum -p udp --dport 8302"; target = "ACCEPT"; }
+ { predicate = "-i retiolum -p tcp --dport 8400"; target = "ACCEPT"; }
+ { predicate = "-i retiolum -p tcp --dport 8500"; target = "ACCEPT"; }
+ { predicate = "-i retiolum -p tcp --dport 8600"; target = "ACCEPT"; }
+ { predicate = "-i retiolum -p udp --dport 8500"; target = "ACCEPT"; }
+ ];
+}