diff options
author | Alex Auvolat <alex@adnab.me> | 2022-06-01 14:46:00 +0200 |
---|---|---|
committer | Alex Auvolat <alex@adnab.me> | 2022-06-01 14:48:16 +0200 |
commit | 641a68715f3b5d70d249deb3f9206ee86f200a6b (patch) | |
tree | e0aebb61bb35248ef8a2b1cb732100b64f2fa11d | |
parent | 72f5c70096abb731ac081ce59fbc133b9f5dae27 (diff) | |
download | nixcfg-641a68715f3b5d70d249deb3f9206ee86f200a6b.tar.gz nixcfg-641a68715f3b5d70d249deb3f9206ee86f200a6b.zip |
Configure Consul DNS
-rw-r--r-- | cluster/staging/site/neptune.nix | 3 | ||||
-rw-r--r-- | cluster/staging/site/pluton.nix | 10 | ||||
-rw-r--r-- | nix/deuxfleurs.nix | 26 |
3 files changed, 28 insertions, 11 deletions
diff --git a/cluster/staging/site/neptune.nix b/cluster/staging/site/neptune.nix index 034c634..3a79315 100644 --- a/cluster/staging/site/neptune.nix +++ b/cluster/staging/site/neptune.nix @@ -5,8 +5,7 @@ deuxfleurs.lan_default_gateway = "192.168.1.1"; deuxfleurs.lan_ip_prefix_length = 24; deuxfleurs.ipv6_prefix_length = 64; - - networking.nameservers = [ "192.168.1.1" ]; + deuxfleurs.nameservers = [ "192.168.1.1" ]; networking.firewall.allowedTCPPorts = [ 80 443 ]; diff --git a/cluster/staging/site/pluton.nix b/cluster/staging/site/pluton.nix index 9f972c0..570cdd8 100644 --- a/cluster/staging/site/pluton.nix +++ b/cluster/staging/site/pluton.nix @@ -1,13 +1,11 @@ { config, pkgs, ... }: { - networking.defaultGateway = { - address = "192.168.0.1"; - interface = "enp0s25"; - }; - networking.nameservers = [ "213.186.33.99" "172.104.136.243" ]; - deuxfleurs.site_name = "pluton"; + deuxfleurs.lan_default_gateqay = "192.168.0.1"; + deuxfleurs.lan_ip_prefix_length = 24; + deuxfleurs.ipv6_prefix_length = 64; + deuxfleurs.nameservers = [ "213.186.33.99" "172.104.136.243" ]; networking.firewall.allowedTCPPorts = [ 80 443 ]; } diff --git a/nix/deuxfleurs.nix b/nix/deuxfleurs.nix index d20ea5d..82bec18 100644 --- a/nix/deuxfleurs.nix +++ b/nix/deuxfleurs.nix @@ -60,6 +60,10 @@ in description = "Site (availability zone) on which this node is deployed"; type = types.str; }; + nameservers = mkOption { + description = "External DNS servers to use"; + type = types.listOf types.str; + }; # Parameters common to all nodes cluster_name = mkOption { @@ -101,11 +105,16 @@ in }; in (attrsets.setAttrByPath [ cfg.network_interface ] (ip4config // ip6config)); + networking.defaultGateway = { address = cfg.lan_default_gateway; interface = cfg.network_interface; }; + networking.nameservers = [ + cfg.lan_ip + ] ++ cfg.nameservers; + # wesher overlay network services.wesher = { enable = true; @@ -137,9 +146,17 @@ in ui = true; bind_addr = "${cfg.cluster_ip}"; - ports.http = -1; - addresses.https = "0.0.0.0"; - ports.https = 8501; + addresses = { + https = "0.0.0.0"; + dns = "0.0.0.0"; + }; + ports = { + http = -1; + https = 8501; + dns = 53; + }; + + recursors = [ cfg.nameservers ]; ca_file = "/var/lib/consul/pki/consul-ca.crt"; cert_file = "/var/lib/consul/pki/consul2022.crt"; @@ -148,6 +165,9 @@ in verify_outgoing = true; verify_server_hostname = true; }; + systemd.services.consul.serviceConfig = { + AmbientCapabilities = "CAP_NET_BIND_SERVICE"; + }; services.nomad.enable = true; services.nomad.package = pkgs.nomad_1_1; |