WIP: Consul ACLs #117
1 changed files with 3 additions and 2 deletions
|
@ -45,14 +45,15 @@ in
|
||||||
hasSpecialPrefix = elem (substring 0 1 ExecStart) [ "@" "-" ":" "+" "!" ];
|
hasSpecialPrefix = elem (substring 0 1 ExecStart) [ "@" "-" ":" "+" "!" ];
|
||||||
in assert !hasSpecialPrefix; pkgs.writeTextDir "etc/systemd/system/${n}.service.d/distributed.conf" ''
|
in assert !hasSpecialPrefix; pkgs.writeTextDir "etc/systemd/system/${n}.service.d/distributed.conf" ''
|
||||||
[Unit]
|
[Unit]
|
||||||
|
|||||||
Requires=consul-ready.service
|
Requires=consul-ready.target
|
||||||
After=consul-ready.service
|
After=consul-ready.target
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
ExecStartPre=${waitForConsul} 'services/${n}%i'
|
ExecStartPre=${waitForConsul} 'services/${n}%i'
|
||||||
ExecStart=
|
ExecStart=
|
||||||
ExecStart=${consul}/bin/consul lock --name=${n} --n=${toString cfg.replicas} --shell=false --child-exit-code 'services/${n}%i' ${optionalString (cfg.registerServices != []) runWithRegistration} ${ExecStart}
|
ExecStart=${consul}/bin/consul lock --name=${n} --n=${toString cfg.replicas} --shell=false --child-exit-code 'services/${n}%i' ${optionalString (cfg.registerServices != []) runWithRegistration} ${ExecStart}
|
||||||
Environment="CONSUL_HTTP_ADDR=${consulHttpAddr}"
|
Environment="CONSUL_HTTP_ADDR=${consulHttpAddr}"
|
||||||
|
Environment="CONSUL_HTTP_TOKEN_FILE=/run/locksmith/consul-systemManagementToken"
|
||||||
${optionalString (v.serviceConfig ? RestrictAddressFamilies) "RestrictAddressFamilies=AF_NETLINK"}
|
${optionalString (v.serviceConfig ? RestrictAddressFamilies) "RestrictAddressFamilies=AF_NETLINK"}
|
||||||
${optionalString (cfg.registerServices != []) (lib.concatStringsSep "\n" (map (svc: "ExecStopPost=${svc.commands.deregister}") svcs))}
|
${optionalString (cfg.registerServices != []) (lib.concatStringsSep "\n" (map (svc: "ExecStopPost=${svc.commands.deregister}") svcs))}
|
||||||
''))
|
''))
|
||||||
|
|
Loading…
Reference in a new issue
ugly