dotfiles/nixos/systems/toothpick/consul.nix
magic_rb 0b9583b4d3
Clean up inputs and unfree package handling
Signed-off-by: magic_rb <magic_rb@redalder.org>
2024-05-21 11:32:08 +02:00

64 lines
1.2 KiB
Nix

{
inputs',
lib,
config,
pkgs,
secret,
...
}: let
inherit
(lib)
mkForce
singleton
;
in {
services.hashicorp.consul = {
enable = true;
package = pkgs.consul;
extraSettingsPaths = singleton "/run/secrets/consul.json";
settings = {
datacenter = "do-1";
data_dir = "/var/lib/consul";
retry_join_wan = singleton (secret.network.ips.blowhole.ip or "");
server = true;
bind_addr = secret.network.ips.toothpick or "";
client_addr = secret.network.ips.toothpick or "";
primary_datacenter = "homelab-1";
acl = {
enabled = true;
default_policy = "deny";
enable_token_persistence = true;
enable_token_replication = true;
};
ports = {
http = 8500;
grpc = 8502;
};
ui_config.enabled = true;
connect.enabled = true;
# ca_file = "/var/secrets/consul-ca.crt";
# cert_file = ""
# key_file = ""
verify_incoming = false;
verify_outgoing = false;
verify_server_hostname = false;
};
};
systemd.services.hashicorp-consul.serviceConfig = {
LimitNOFILE = mkForce "infinity";
LimitNPROC = mkForce "infinity";
};
}