cluster/services/consul: provide internal remote API access

2023-03-06 17:58:29 +01:00 · 2023-03-06 17:58:29 +01:00 · 5b0560752a
commit 5b0560752a
parent b56e484bd6
2 changed files with 46 additions and 1 deletions
--- a/cluster/services/consul/default.nix
+++ b/cluster/services/consul/default.nix
@ -12,6 +12,9 @@ in
  });
  services.consul = {
    nodes.agent = [ "checkmate" "VEGAS" ];
-    nixos.agent = ./agent.nix;
+    nixos.agent = [
+      ./agent.nix
+      ./remote-api.nix
+    ];
  };
 }
--- a/cluster/services/consul/remote-api.nix
+++ b/cluster/services/consul/remote-api.nix
@ -0,0 +1,42 @@
+{ config, cluster, hosts, lib, tools, ... }:
+
+let
+  inherit (tools.meta) domain;
+  inherit (config.networking) hostName;
+
+  hyprspaceConfig = hosts.${hostName}.hypr;
+  frontendDomain = "consul-remote.internal.${domain}";
+in
+
+{
+  services.nginx.virtualHosts.${frontendDomain} = tools.nginx.vhosts.proxy "http://127.0.0.1:8500" // {
+    listenAddresses = lib.singleton hyprspaceConfig.addr;
+    enableACME = false;
+    useACMEHost = "internal.${domain}";
+  };
+
+  consul.services.consul-remote = {
+    unit = "consul";
+    mode = "external";
+    definition = {
+      name = "consul-remote";
+      address = hyprspaceConfig.addr;
+      port = 443;
+      checks = [
+        {
+          name = "Frontend";
+          id = "service:consul-remote:frontend";
+          http = "https://${hyprspaceConfig.addr}/v1/status/leader";
+          tls_server_name = frontendDomain;
+          interval = "60s";
+        }
+        {
+          name = "Backend";
+          id = "service:consul-remote:backend";
+          http = "http://127.0.0.1:8500/v1/status/leader";
+          interval = "30s";
+        }
+      ];
+    };
+  };
+}