Make a Consul+Nomad cluster

This commit is contained in:
Alex 2021-11-02 11:49:28 +01:00
parent 596a1e2e5d
commit 4d16e39456
No known key found for this signature in database
GPG key ID: EDABF9711E244EB1

View file

@ -2,8 +2,11 @@
# your system. Help is available in the configuration.nix(5) man page # your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help). # and in the NixOS manual (accessible by running nixos-help).
{ config, pkgs, ... }: { config, pkgs, ... } @ args:
# Configuration local for this cluster node (hostname, IP, etc)
let node_config = import ./node.nix args;
in
{ {
imports = imports =
[ # Include the results of the hardware scan. [ # Include the results of the hardware scan.
@ -122,9 +125,46 @@
# Enable the OpenSSH daemon. # Enable the OpenSSH daemon.
services.openssh.enable = true; services.openssh.enable = true;
# Enable Hashicorp Consul & Nomad
services.consul.enable = true;
services.consul.extraConfig =
let public_ip = (builtins.head node_config.networking.interfaces.eno1.ipv4.addresses).address;
in
{
datacenter = "neptune";
bootstrap_expect = 3;
server = true;
ui = true;
bind_addr = public_ip;
addresses.http = "0.0.0.0";
retry_join = [ "192.168.1.21" "192.168.1.22" "192.168.1.23" ];
};
services.nomad.enable = true;
services.nomad.settings =
let public_ip = (builtins.head node_config.networking.interfaces.eno1.ipv4.addresses).address;
in
{
datacenter = "neptune";
server = {
enabled = true;
bootstrap_expect = 3;
};
advertise = {
rpc = public_ip;
http = public_ip;
serf = public_ip;
};
consul.address = "127.0.0.1:8500";
client = {
enabled = true;
network_interface = "eno1";
};
};
# Open ports in the firewall. # Open ports in the firewall.
networking.firewall.allowedTCPPorts = [ 22 ]; networking.firewall.allowedTCPPorts = [ 22 4646 4647 4648 8500 8300 8301 8302 ];
# networking.firewall.allowedUDPPorts = [ ... ]; networking.firewall.allowedUDPPorts = [ 4648 8301 8302 ];
# Or disable the firewall altogether. # Or disable the firewall altogether.
# networking.firewall.enable = false; # networking.firewall.enable = false;