privatevoid.net/depot
1
1
Fork 0
Code Issues 25 Pull requests 2 Projects 3 Releases Packages Wiki Activity Actions

Compare commits

base: privatevoid.net:0888ecce1a0962c885aeef59dfa4192de4b06067
Branches Tags
privatevoid.net:master
privatevoid.net:pr-simulacrum-performance
privatevoid.net:pr-drop-gitlab
privatevoid.net:pr-s3ql-5.2.2-fix
privatevoid.net:staging
privatevoid.net:pr-hyprspace-libp2p-0.37-test
privatevoid.net:pr-consul-acl
privatevoid.net:pr-hci-no-ifd
privatevoid.net:pr-frangiclave
privatevoid.net:attic-ha
privatevoid.net:pg-auto-migrations
privatevoid.net:pkg-ircbot
privatevoid.net:d2n-bug-symlink-bin
..
compare: privatevoid.net:825efc9b29aeff859ad7cc481af639c1193b7dcc
Branches Tags
privatevoid.net:master
privatevoid.net:pr-simulacrum-performance
privatevoid.net:pr-drop-gitlab
privatevoid.net:pr-s3ql-5.2.2-fix
privatevoid.net:staging
privatevoid.net:pr-hyprspace-libp2p-0.37-test
privatevoid.net:pr-consul-acl
privatevoid.net:pr-hci-no-ifd
privatevoid.net:pr-frangiclave
privatevoid.net:attic-ha
privatevoid.net:pg-auto-migrations
privatevoid.net:pkg-ircbot
privatevoid.net:d2n-bug-symlink-bin

3 commits
0888ecce1a ... 825efc9b29

Author SHA1 Message Date
Max
825efc9b29 hosts: optionally set CONSUL_HTTP_ADDR from /etc/consul.json 2024-07-17 22:14:48 +02:00
Max
5616f4887a cluster/services/*: use consulAgent link 2024-07-17 22:06:41 +02:00
Max
52008b6f0a cluster/services/consul: set agent HTTP API port 2024-07-17 22:06:36 +02:00
8 changed files with 19 additions and 17 deletions
Show stats Expand all files Collapse all files

8
cluster/services/chant/listener.nix
View file

@ -1,9 +1,7 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
let let
consulCfg = config.services.consul.extraConfig; consul = config.links.consulAgent;
consulIpAddr = consulCfg.addresses.http or "127.0.0.1";
consulHttpAddr = "${consulIpAddr}:${toString (consulCfg.ports.http or 8500)}";
validTargets = lib.pipe config.systemd.services [ validTargets = lib.pipe config.systemd.services [
(lib.filterAttrs (name: value: value.chant.enable)) (lib.filterAttrs (name: value: value.chant.enable))
@ -75,10 +73,10 @@ in
RestartSec = 60; RestartSec = 60;
Restart = "always"; Restart = "always";
IPAddressDeny = [ "any" ]; IPAddressDeny = [ "any" ];
IPAddressAllow = [ consulIpAddr ]; IPAddressAllow = [ consul.ipv4 ];
}; };
environment = { environment = {
CONSUL_HTTP_ADDR = consulHttpAddr; CONSUL_HTTP_ADDR = consul.tuple;
}; };
}; };
} }

5
cluster/services/consul/agent.nix
View file

@ -10,6 +10,8 @@ let
in in
{ {
links.consulAgent.protocol = "http";
services.consul = { services.consul = {
enable = true; enable = true;
webUi = true; webUi = true;
@ -24,11 +26,14 @@ in
ports.serf_lan = hl.port; ports.serf_lan = hl.port;
retry_join = map (hostName: hostLinks.${hostName}.consul.tuple) (cfg.otherNodes.agent hostName); retry_join = map (hostName: hostLinks.${hostName}.consul.tuple) (cfg.otherNodes.agent hostName);
bootstrap_expect = builtins.length cfg.nodes.agent; bootstrap_expect = builtins.length cfg.nodes.agent;
addresses.http = config.links.consulAgent.ipv4;
ports.http = config.links.consulAgent.port;
}; };
}; };
services.grafana-agent.settings.integrations.consul_exporter = { services.grafana-agent.settings.integrations.consul_exporter = {
enabled = true; enabled = true;
instance = hostName; instance = hostName;
server = config.links.consulAgent.url;
}; };
} }

4
cluster/services/consul/remote-api.nix
View file

@ -8,7 +8,7 @@ let
in in
{ {
services.nginx.virtualHosts.${frontendDomain} = depot.lib.nginx.vhosts.proxy "http://127.0.0.1:8500" // { services.nginx.virtualHosts.${frontendDomain} = depot.lib.nginx.vhosts.proxy config.links.consulAgent.url // {
listenAddresses = lib.singleton addr; listenAddresses = lib.singleton addr;
enableACME = false; enableACME = false;
useACMEHost = "internal.${domain}"; useACMEHost = "internal.${domain}";
@ -33,7 +33,7 @@ in
{ {
name = "Backend"; name = "Backend";
id = "service:consul-remote:backend"; id = "service:consul-remote:backend";
http = "http://127.0.0.1:8500/v1/status/leader"; http = "${config.links.consulAgent.url}/v1/status/leader";
interval = "30s"; interval = "30s";
} }
]; ];

8
cluster/services/locksmith/receiver.nix
View file

@ -1,9 +1,7 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
let let
consulCfg = config.services.consul.extraConfig; consul = config.links.consulAgent;
consulIpAddr = consulCfg.addresses.http or "127.0.0.1";
consulHttpAddr = "${consulIpAddr}:${toString (consulCfg.ports.http or 8500)}";
kvRoot = "secrets/locksmith"; kvRoot = "secrets/locksmith";
kvValue = "recipient/${config.networking.hostName}"; kvValue = "recipient/${config.networking.hostName}";
@ -61,13 +59,13 @@ in
config.services.consul.package config.services.consul.package
]; ];
environment = { environment = {
CONSUL_HTTP_ADDR = consulHttpAddr; CONSUL_HTTP_ADDR = consul.tuple;
}; };
serviceConfig = { serviceConfig = {
PrivateTmp = true; PrivateTmp = true;
WorkingDirectory = "/tmp"; WorkingDirectory = "/tmp";
IPAddressDeny = [ "any" ]; IPAddressDeny = [ "any" ];
IPAddressAllow = [ consulIpAddr ]; IPAddressAllow = [ consul.ipv4 ];
LoadCredential = lib.mkForce []; LoadCredential = lib.mkForce [];
}; };
script = '' script = ''

2
cluster/services/patroni/worker.nix
View file

@ -41,7 +41,7 @@ in
softwareWatchdog = true; softwareWatchdog = true;
settings = { settings = {
consul = { consul = {
host = "127.0.0.1:8500"; host = config.links.consulAgent.tuple;
register_service = true; register_service = true;
}; };
bootstrap.dcs = { bootstrap.dcs = {

2
cluster/services/storage/garage.nix
View file

@ -38,7 +38,7 @@ in
rpc_public_addr = links.garageRpc.tuple; rpc_public_addr = links.garageRpc.tuple;
rpc_secret_file = config.age.secrets.garageRpcSecret.path; rpc_secret_file = config.age.secrets.garageRpcSecret.path;
consul_discovery = { consul_discovery = {
consul_http_addr = "http://127.0.0.1:8500"; consul_http_addr = config.links.consulAgent.url;
service_name = "garage-discovery"; service_name = "garage-discovery";
}; };
s3_api = { s3_api = {

4
cluster/services/ways/host.nix
View file

@ -4,8 +4,6 @@ let
externalWays = lib.filterAttrs (_: cfg: !cfg.internal) cluster.config.ways; externalWays = lib.filterAttrs (_: cfg: !cfg.internal) cluster.config.ways;
consulServiceWays = lib.filterAttrs (_: cfg: cfg.useConsul) cluster.config.ways; consulServiceWays = lib.filterAttrs (_: cfg: cfg.useConsul) cluster.config.ways;
consulHttpAddr = "${config.services.consul.extraConfig.addresses.http or "127.0.0.1"}:${toString (config.services.consul.extraConfig.ports.http or 8500)}";
in in
{ {
@ -63,7 +61,7 @@ in
user = "nginx"; user = "nginx";
group = "nginx"; group = "nginx";
settings = { settings = {
consul.address = "http://${consulHttpAddr}"; consul.address = config.links.consulAgent.url;
template = [ template = [
{ {
source = let source = let

3
hosts/deploy.nix
View file

@ -46,6 +46,9 @@ in
ScheduleShutdown st reboot ''${nextScheduledTime}000000 ScheduleShutdown st reboot ''${nextScheduledTime}000000
''; '';
in pkgs.writeShellScript "post-effect.sh" '' in pkgs.writeShellScript "post-effect.sh" ''
if [[ -e /etc/consul.json ]]; then
export CONSUL_HTTP_ADDR="$(${pkgs.jq}/bin/jq -r < /etc/consul.json '"\(.addresses.http // "127.0.0.1"):\(.ports.http // 8500)"')"
fi
export PATH="${config.packages.consul}/bin:${pkgs.coreutils}/bin" export PATH="${config.packages.consul}/bin:${pkgs.coreutils}/bin"
if [[ "$(realpath /run/booted-system/kernel)" != "$(realpath /nix/var/nix/profiles/system/kernel)" ]]; then if [[ "$(realpath /run/booted-system/kernel)" != "$(realpath /nix/var/nix/profiles/system/kernel)" ]]; then
echo "Scheduling reboot for kernel upgrade" echo "Scheduling reboot for kernel upgrade"