From 34d88392bc811458f150410fd29f98aba8374a8e Mon Sep 17 00:00:00 2001
From: Max <max@privatevoid.net>
Date: Wed, 17 Jul 2024 02:53:36 +0200
Subject: [PATCH] cluster/services/*: use consulAgent link

---
 cluster/services/chant/listener.nix     | 8 +++-----
 cluster/services/consul/remote-api.nix  | 4 ++--
 cluster/services/locksmith/receiver.nix | 8 +++-----
 cluster/services/patroni/worker.nix     | 2 +-
 cluster/services/storage/garage.nix     | 2 +-
 cluster/services/ways/host.nix          | 4 +---
 6 files changed, 11 insertions(+), 17 deletions(-)

diff --git a/cluster/services/chant/listener.nix b/cluster/services/chant/listener.nix
index 36665bf..dd3f1d3 100644
--- a/cluster/services/chant/listener.nix
+++ b/cluster/services/chant/listener.nix
@@ -1,9 +1,7 @@
 { config, lib, pkgs, ... }:
 
 let
-  consulCfg = config.services.consul.extraConfig;
-  consulIpAddr = consulCfg.addresses.http or "127.0.0.1";
-  consulHttpAddr = "${consulIpAddr}:${toString (consulCfg.ports.http or 8500)}";
+  consul = config.links.consulAgent;
 
   validTargets = lib.pipe config.systemd.services [
     (lib.filterAttrs (name: value: value.chant.enable))
@@ -75,10 +73,10 @@ in
       RestartSec = 60;
       Restart = "always";
       IPAddressDeny = [ "any" ];
-      IPAddressAllow = [ consulIpAddr ];
+      IPAddressAllow = [ consul.ipv4 ];
     };
     environment = {
-      CONSUL_HTTP_ADDR = consulHttpAddr;
+      CONSUL_HTTP_ADDR = consul.tuple;
     };
   };
 }
diff --git a/cluster/services/consul/remote-api.nix b/cluster/services/consul/remote-api.nix
index a230e6c..692af48 100644
--- a/cluster/services/consul/remote-api.nix
+++ b/cluster/services/consul/remote-api.nix
@@ -8,7 +8,7 @@ let
 in
 
 {
-  services.nginx.virtualHosts.${frontendDomain} = depot.lib.nginx.vhosts.proxy "http://127.0.0.1:8500" // {
+  services.nginx.virtualHosts.${frontendDomain} = depot.lib.nginx.vhosts.proxy config.links.consulAgent.url // {
     listenAddresses = lib.singleton addr;
     enableACME = false;
     useACMEHost = "internal.${domain}";
@@ -33,7 +33,7 @@ in
         {
           name = "Backend";
           id = "service:consul-remote:backend";
-          http = "http://127.0.0.1:8500/v1/status/leader";
+          http = "${config.links.consulAgent.url}/v1/status/leader";
           interval = "30s";
         }
       ];
diff --git a/cluster/services/locksmith/receiver.nix b/cluster/services/locksmith/receiver.nix
index a4a407b..adc44b2 100644
--- a/cluster/services/locksmith/receiver.nix
+++ b/cluster/services/locksmith/receiver.nix
@@ -1,9 +1,7 @@
 { config, lib, pkgs, ... }:
 
 let
-  consulCfg = config.services.consul.extraConfig;
-  consulIpAddr = consulCfg.addresses.http or "127.0.0.1";
-  consulHttpAddr = "${consulIpAddr}:${toString (consulCfg.ports.http or 8500)}";
+  consul = config.links.consulAgent;
 
   kvRoot = "secrets/locksmith";
   kvValue = "recipient/${config.networking.hostName}";
@@ -61,13 +59,13 @@ in
           config.services.consul.package
         ];
         environment = {
-          CONSUL_HTTP_ADDR = consulHttpAddr;
+          CONSUL_HTTP_ADDR = consul.tuple;
         };
         serviceConfig = {
           PrivateTmp = true;
           WorkingDirectory = "/tmp";
           IPAddressDeny = [ "any" ];
-          IPAddressAllow = [ consulIpAddr ];
+          IPAddressAllow = [ consul.ipv4 ];
           LoadCredential = lib.mkForce [];
         };
         script = ''
diff --git a/cluster/services/patroni/worker.nix b/cluster/services/patroni/worker.nix
index bdc284d..b6d33ee 100644
--- a/cluster/services/patroni/worker.nix
+++ b/cluster/services/patroni/worker.nix
@@ -41,7 +41,7 @@ in
     softwareWatchdog = true;
     settings = {
       consul = {
-        host = "127.0.0.1:8500";
+        host = config.links.consulAgent.tuple;
         register_service = true;
       };
       bootstrap.dcs = {
diff --git a/cluster/services/storage/garage.nix b/cluster/services/storage/garage.nix
index 8997613..a319ba1 100644
--- a/cluster/services/storage/garage.nix
+++ b/cluster/services/storage/garage.nix
@@ -38,7 +38,7 @@ in
       rpc_public_addr = links.garageRpc.tuple;
       rpc_secret_file = config.age.secrets.garageRpcSecret.path;
       consul_discovery = {
-        consul_http_addr = "http://127.0.0.1:8500";
+        consul_http_addr = config.links.consulAgent.url;
         service_name = "garage-discovery";
       };
       s3_api = {
diff --git a/cluster/services/ways/host.nix b/cluster/services/ways/host.nix
index 136b71f..b373bec 100644
--- a/cluster/services/ways/host.nix
+++ b/cluster/services/ways/host.nix
@@ -4,8 +4,6 @@ let
   externalWays = lib.filterAttrs (_: cfg: !cfg.internal) cluster.config.ways;
 
   consulServiceWays = lib.filterAttrs (_: cfg: cfg.useConsul) cluster.config.ways;
-
-  consulHttpAddr = "${config.services.consul.extraConfig.addresses.http or "127.0.0.1"}:${toString (config.services.consul.extraConfig.ports.http or 8500)}";
 in
 
 {
@@ -63,7 +61,7 @@ in
     user = "nginx";
     group = "nginx";
     settings = {
-      consul.address = "http://${consulHttpAddr}";
+      consul.address = config.links.consulAgent.url;
       template = [
         {
           source = let