diff options
| author | Alex Auvolat <alex@adnab.me> | 2021-12-30 20:56:13 +0100 |
|---|---|---|
| committer | Alex Auvolat <alex@adnab.me> | 2021-12-30 20:56:13 +0100 |
| commit | 5ea4cef2946a71467c519db803cd1c31f1ffff20 (patch) | |
| tree | 5eb1f5ddd1f06650511f1b1442d50112427b0fa6 /configuration.nix | |
| parent | b00a8358b20ac99912bacafd8fee5466da257e67 (diff) | |
| download | nixcfg-5ea4cef2946a71467c519db803cd1c31f1ffff20.tar.gz nixcfg-5ea4cef2946a71467c519db803cd1c31f1ffff20.zip | |
Enable TLS for Consul
Diffstat (limited to 'configuration.nix')
| -rw-r--r-- | configuration.nix | 21 |
1 files changed, 19 insertions, 2 deletions
diff --git a/configuration.nix b/configuration.nix index 205eb6d..6fbfb3f 100644 --- a/configuration.nix +++ b/configuration.nix @@ -200,8 +200,19 @@ in datacenter = "staging"; ui = true; bind_addr = public_ip; - addresses.http = "0.0.0.0"; + + ports.http = -1; + addresses.https = "0.0.0.0"; + ports.https = 8501; + retry_join = [ "10.42.0.2" "10.42.0.21" "10.42.0.22" "10.42.0.23" ]; + + ca_file = "/var/lib/consul/pki/consul-ca.crt"; + cert_file = "/var/lib/consul/pki/consul2021.crt"; + key_file = "/var/lib/consul/pki/consul2021.key"; + verify_incoming = true; + verify_outgoing = true; + verify_server_hostname = true; }; services.nomad.enable = true; @@ -219,7 +230,13 @@ in http = public_ip; serf = public_ip; }; - consul.address = "127.0.0.1:8500"; + consul = { + address = "localhost:8501"; + ca_file = "/var/lib/nomad/pki/consul2021.crt"; + cert_file = "/var/lib/nomad/pki/consul2021-client.crt"; + key_file = "/var/lib/nomad/pki/consul2021-client.key"; + ssl = true; + }; client = { enabled = true; network_interface = "wg0"; |