Configure Consul DNS

This commit is contained in:
Alex 2022-06-01 14:46:00 +02:00
parent 72f5c70096
commit 641a68715f
Signed by untrusted user: lx
GPG key ID: 0E496D15096376BE
3 changed files with 28 additions and 11 deletions

View file

@ -5,8 +5,7 @@
deuxfleurs.lan_default_gateway = "192.168.1.1"; deuxfleurs.lan_default_gateway = "192.168.1.1";
deuxfleurs.lan_ip_prefix_length = 24; deuxfleurs.lan_ip_prefix_length = 24;
deuxfleurs.ipv6_prefix_length = 64; deuxfleurs.ipv6_prefix_length = 64;
deuxfleurs.nameservers = [ "192.168.1.1" ];
networking.nameservers = [ "192.168.1.1" ];
networking.firewall.allowedTCPPorts = [ 80 443 ]; networking.firewall.allowedTCPPorts = [ 80 443 ];

View file

@ -1,13 +1,11 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
{ {
networking.defaultGateway = {
address = "192.168.0.1";
interface = "enp0s25";
};
networking.nameservers = [ "213.186.33.99" "172.104.136.243" ];
deuxfleurs.site_name = "pluton"; deuxfleurs.site_name = "pluton";
deuxfleurs.lan_default_gateqay = "192.168.0.1";
deuxfleurs.lan_ip_prefix_length = 24;
deuxfleurs.ipv6_prefix_length = 64;
deuxfleurs.nameservers = [ "213.186.33.99" "172.104.136.243" ];
networking.firewall.allowedTCPPorts = [ 80 443 ]; networking.firewall.allowedTCPPorts = [ 80 443 ];
} }

View file

@ -60,6 +60,10 @@ in
description = "Site (availability zone) on which this node is deployed"; description = "Site (availability zone) on which this node is deployed";
type = types.str; type = types.str;
}; };
nameservers = mkOption {
description = "External DNS servers to use";
type = types.listOf types.str;
};
# Parameters common to all nodes # Parameters common to all nodes
cluster_name = mkOption { cluster_name = mkOption {
@ -101,11 +105,16 @@ in
}; };
in in
(attrsets.setAttrByPath [ cfg.network_interface ] (ip4config // ip6config)); (attrsets.setAttrByPath [ cfg.network_interface ] (ip4config // ip6config));
networking.defaultGateway = { networking.defaultGateway = {
address = cfg.lan_default_gateway; address = cfg.lan_default_gateway;
interface = cfg.network_interface; interface = cfg.network_interface;
}; };
networking.nameservers = [
cfg.lan_ip
] ++ cfg.nameservers;
# wesher overlay network # wesher overlay network
services.wesher = { services.wesher = {
enable = true; enable = true;
@ -137,9 +146,17 @@ in
ui = true; ui = true;
bind_addr = "${cfg.cluster_ip}"; bind_addr = "${cfg.cluster_ip}";
ports.http = -1; addresses = {
addresses.https = "0.0.0.0"; https = "0.0.0.0";
ports.https = 8501; dns = "0.0.0.0";
};
ports = {
http = -1;
https = 8501;
dns = 53;
};
recursors = [ cfg.nameservers ];
ca_file = "/var/lib/consul/pki/consul-ca.crt"; ca_file = "/var/lib/consul/pki/consul-ca.crt";
cert_file = "/var/lib/consul/pki/consul2022.crt"; cert_file = "/var/lib/consul/pki/consul2022.crt";
@ -148,6 +165,9 @@ in
verify_outgoing = true; verify_outgoing = true;
verify_server_hostname = true; verify_server_hostname = true;
}; };
systemd.services.consul.serviceConfig = {
AmbientCapabilities = "CAP_NET_BIND_SERVICE";
};
services.nomad.enable = true; services.nomad.enable = true;
services.nomad.package = pkgs.nomad_1_1; services.nomad.package = pkgs.nomad_1_1;