forked from Deuxfleurs/nixcfg
Configure Consul DNS
This commit is contained in:
parent
72f5c70096
commit
641a68715f
3 changed files with 28 additions and 11 deletions
|
@ -5,8 +5,7 @@
|
||||||
deuxfleurs.lan_default_gateway = "192.168.1.1";
|
deuxfleurs.lan_default_gateway = "192.168.1.1";
|
||||||
deuxfleurs.lan_ip_prefix_length = 24;
|
deuxfleurs.lan_ip_prefix_length = 24;
|
||||||
deuxfleurs.ipv6_prefix_length = 64;
|
deuxfleurs.ipv6_prefix_length = 64;
|
||||||
|
deuxfleurs.nameservers = [ "192.168.1.1" ];
|
||||||
networking.nameservers = [ "192.168.1.1" ];
|
|
||||||
|
|
||||||
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||||
|
|
||||||
|
|
|
@ -1,13 +1,11 @@
|
||||||
{ config, pkgs, ... }:
|
{ config, pkgs, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
networking.defaultGateway = {
|
|
||||||
address = "192.168.0.1";
|
|
||||||
interface = "enp0s25";
|
|
||||||
};
|
|
||||||
networking.nameservers = [ "213.186.33.99" "172.104.136.243" ];
|
|
||||||
|
|
||||||
deuxfleurs.site_name = "pluton";
|
deuxfleurs.site_name = "pluton";
|
||||||
|
deuxfleurs.lan_default_gateqay = "192.168.0.1";
|
||||||
|
deuxfleurs.lan_ip_prefix_length = 24;
|
||||||
|
deuxfleurs.ipv6_prefix_length = 64;
|
||||||
|
deuxfleurs.nameservers = [ "213.186.33.99" "172.104.136.243" ];
|
||||||
|
|
||||||
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||||
}
|
}
|
||||||
|
|
|
@ -60,6 +60,10 @@ in
|
||||||
description = "Site (availability zone) on which this node is deployed";
|
description = "Site (availability zone) on which this node is deployed";
|
||||||
type = types.str;
|
type = types.str;
|
||||||
};
|
};
|
||||||
|
nameservers = mkOption {
|
||||||
|
description = "External DNS servers to use";
|
||||||
|
type = types.listOf types.str;
|
||||||
|
};
|
||||||
|
|
||||||
# Parameters common to all nodes
|
# Parameters common to all nodes
|
||||||
cluster_name = mkOption {
|
cluster_name = mkOption {
|
||||||
|
@ -101,11 +105,16 @@ in
|
||||||
};
|
};
|
||||||
in
|
in
|
||||||
(attrsets.setAttrByPath [ cfg.network_interface ] (ip4config // ip6config));
|
(attrsets.setAttrByPath [ cfg.network_interface ] (ip4config // ip6config));
|
||||||
|
|
||||||
networking.defaultGateway = {
|
networking.defaultGateway = {
|
||||||
address = cfg.lan_default_gateway;
|
address = cfg.lan_default_gateway;
|
||||||
interface = cfg.network_interface;
|
interface = cfg.network_interface;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
networking.nameservers = [
|
||||||
|
cfg.lan_ip
|
||||||
|
] ++ cfg.nameservers;
|
||||||
|
|
||||||
# wesher overlay network
|
# wesher overlay network
|
||||||
services.wesher = {
|
services.wesher = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
@ -137,9 +146,17 @@ in
|
||||||
ui = true;
|
ui = true;
|
||||||
bind_addr = "${cfg.cluster_ip}";
|
bind_addr = "${cfg.cluster_ip}";
|
||||||
|
|
||||||
ports.http = -1;
|
addresses = {
|
||||||
addresses.https = "0.0.0.0";
|
https = "0.0.0.0";
|
||||||
ports.https = 8501;
|
dns = "0.0.0.0";
|
||||||
|
};
|
||||||
|
ports = {
|
||||||
|
http = -1;
|
||||||
|
https = 8501;
|
||||||
|
dns = 53;
|
||||||
|
};
|
||||||
|
|
||||||
|
recursors = [ cfg.nameservers ];
|
||||||
|
|
||||||
ca_file = "/var/lib/consul/pki/consul-ca.crt";
|
ca_file = "/var/lib/consul/pki/consul-ca.crt";
|
||||||
cert_file = "/var/lib/consul/pki/consul2022.crt";
|
cert_file = "/var/lib/consul/pki/consul2022.crt";
|
||||||
|
@ -148,6 +165,9 @@ in
|
||||||
verify_outgoing = true;
|
verify_outgoing = true;
|
||||||
verify_server_hostname = true;
|
verify_server_hostname = true;
|
||||||
};
|
};
|
||||||
|
systemd.services.consul.serviceConfig = {
|
||||||
|
AmbientCapabilities = "CAP_NET_BIND_SERVICE";
|
||||||
|
};
|
||||||
|
|
||||||
services.nomad.enable = true;
|
services.nomad.enable = true;
|
||||||
services.nomad.package = pkgs.nomad_1_1;
|
services.nomad.package = pkgs.nomad_1_1;
|
||||||
|
|
Loading…
Reference in a new issue