cluster/services/*: use consulAgent link

2024-07-17 02:53:36 +02:00 · 2024-07-17 02:53:36 +02:00 · 5616f4887a
commit 5616f4887a
parent 52008b6f0a
6 changed files with 11 additions and 17 deletions
--- a/cluster/services/chant/listener.nix
+++ b/cluster/services/chant/listener.nix
@ -1,9 +1,7 @@
 { config, lib, pkgs, ... }:

 let
-  consulCfg = config.services.consul.extraConfig;
-  consulIpAddr = consulCfg.addresses.http or "127.0.0.1";
-  consulHttpAddr = "${consulIpAddr}:${toString (consulCfg.ports.http or 8500)}";
+  consul = config.links.consulAgent;

  validTargets = lib.pipe config.systemd.services [
    (lib.filterAttrs (name: value: value.chant.enable))
@ -75,10 +73,10 @@ in
      RestartSec = 60;
      Restart = "always";
      IPAddressDeny = [ "any" ];
-      IPAddressAllow = [ consulIpAddr ];
+      IPAddressAllow = [ consul.ipv4 ];
    };
    environment = {
-      CONSUL_HTTP_ADDR = consulHttpAddr;
+      CONSUL_HTTP_ADDR = consul.tuple;
    };
  };
 }
--- a/cluster/services/consul/remote-api.nix
+++ b/cluster/services/consul/remote-api.nix
@ -8,7 +8,7 @@ let
 in

 {
-  services.nginx.virtualHosts.${frontendDomain} = depot.lib.nginx.vhosts.proxy "http://127.0.0.1:8500" // {
+  services.nginx.virtualHosts.${frontendDomain} = depot.lib.nginx.vhosts.proxy config.links.consulAgent.url // {
    listenAddresses = lib.singleton addr;
    enableACME = false;
    useACMEHost = "internal.${domain}";
@ -33,7 +33,7 @@ in
        {
          name = "Backend";
          id = "service:consul-remote:backend";
-          http = "http://127.0.0.1:8500/v1/status/leader";
+          http = "${config.links.consulAgent.url}/v1/status/leader";
          interval = "30s";
        }
      ];
--- a/cluster/services/locksmith/receiver.nix
+++ b/cluster/services/locksmith/receiver.nix
@ -1,9 +1,7 @@
 { config, lib, pkgs, ... }:

 let
-  consulCfg = config.services.consul.extraConfig;
-  consulIpAddr = consulCfg.addresses.http or "127.0.0.1";
-  consulHttpAddr = "${consulIpAddr}:${toString (consulCfg.ports.http or 8500)}";
+  consul = config.links.consulAgent;

  kvRoot = "secrets/locksmith";
  kvValue = "recipient/${config.networking.hostName}";
@ -61,13 +59,13 @@ in
          config.services.consul.package
        ];
        environment = {
-          CONSUL_HTTP_ADDR = consulHttpAddr;
+          CONSUL_HTTP_ADDR = consul.tuple;
        };
        serviceConfig = {
          PrivateTmp = true;
          WorkingDirectory = "/tmp";
          IPAddressDeny = [ "any" ];
-          IPAddressAllow = [ consulIpAddr ];
+          IPAddressAllow = [ consul.ipv4 ];
          LoadCredential = lib.mkForce [];
        };
        script = ''
--- a/cluster/services/patroni/worker.nix
+++ b/cluster/services/patroni/worker.nix
@ -41,7 +41,7 @@ in
    softwareWatchdog = true;
    settings = {
      consul = {
-        host = "127.0.0.1:8500";
+        host = config.links.consulAgent.tuple;
        register_service = true;
      };
      bootstrap.dcs = {
--- a/cluster/services/storage/garage.nix
+++ b/cluster/services/storage/garage.nix
@ -38,7 +38,7 @@ in
      rpc_public_addr = links.garageRpc.tuple;
      rpc_secret_file = config.age.secrets.garageRpcSecret.path;
      consul_discovery = {
-        consul_http_addr = "http://127.0.0.1:8500";
+        consul_http_addr = config.links.consulAgent.url;
        service_name = "garage-discovery";
      };
      s3_api = {
--- a/cluster/services/ways/host.nix
+++ b/cluster/services/ways/host.nix
@ -4,8 +4,6 @@ let
  externalWays = lib.filterAttrs (_: cfg: !cfg.internal) cluster.config.ways;

  consulServiceWays = lib.filterAttrs (_: cfg: cfg.useConsul) cluster.config.ways;
-
-  consulHttpAddr = "${config.services.consul.extraConfig.addresses.http or "127.0.0.1"}:${toString (config.services.consul.extraConfig.ports.http or 8500)}";
 in

 {
@ -63,7 +61,7 @@ in
    user = "nginx";
    group = "nginx";
    settings = {
-      consul.address = "http://${consulHttpAddr}";
+      consul.address = config.links.consulAgent.url;
      template = [
        {
          source = let