From 5b0560752a4dfe8eb1b5c70a674315ad6ac1a2ea Mon Sep 17 00:00:00 2001 From: Max Date: Mon, 6 Mar 2023 17:58:29 +0100 Subject: [PATCH] cluster/services/consul: provide internal remote API access --- cluster/services/consul/default.nix | 5 ++- cluster/services/consul/remote-api.nix | 42 ++++++++++++++++++++++++++ 2 files changed, 46 insertions(+), 1 deletion(-) create mode 100644 cluster/services/consul/remote-api.nix diff --git a/cluster/services/consul/default.nix b/cluster/services/consul/default.nix index ae40b98..dbb7950 100644 --- a/cluster/services/consul/default.nix +++ b/cluster/services/consul/default.nix @@ -12,6 +12,9 @@ in }); services.consul = { nodes.agent = [ "checkmate" "VEGAS" ]; - nixos.agent = ./agent.nix; + nixos.agent = [ + ./agent.nix + ./remote-api.nix + ]; }; } diff --git a/cluster/services/consul/remote-api.nix b/cluster/services/consul/remote-api.nix new file mode 100644 index 0000000..14cefb8 --- /dev/null +++ b/cluster/services/consul/remote-api.nix @@ -0,0 +1,42 @@ +{ config, cluster, hosts, lib, tools, ... }: + +let + inherit (tools.meta) domain; + inherit (config.networking) hostName; + + hyprspaceConfig = hosts.${hostName}.hypr; + frontendDomain = "consul-remote.internal.${domain}"; +in + +{ + services.nginx.virtualHosts.${frontendDomain} = tools.nginx.vhosts.proxy "http://127.0.0.1:8500" // { + listenAddresses = lib.singleton hyprspaceConfig.addr; + enableACME = false; + useACMEHost = "internal.${domain}"; + }; + + consul.services.consul-remote = { + unit = "consul"; + mode = "external"; + definition = { + name = "consul-remote"; + address = hyprspaceConfig.addr; + port = 443; + checks = [ + { + name = "Frontend"; + id = "service:consul-remote:frontend"; + http = "https://${hyprspaceConfig.addr}/v1/status/leader"; + tls_server_name = frontendDomain; + interval = "60s"; + } + { + name = "Backend"; + id = "service:consul-remote:backend"; + http = "http://127.0.0.1:8500/v1/status/leader"; + interval = "30s"; + } + ]; + }; + }; +}