2024-07-17 04:40:44 +00:00
|
|
|
{config, numbers, pkgs, lib, ...}:
|
|
|
|
|
|
|
|
with lib;
|
|
|
|
|
|
|
|
let
|
|
|
|
hasIface = iface: elem iface (numbers.api.hostIfaces config.networking.hostName);
|
|
|
|
strIfHasIface = iface: s: if hasIface iface then s else "";
|
|
|
|
attrsetIfHasIface = iface: as: if hasIface iface then as else {};
|
|
|
|
eltIfHasIface = iface: elt: if hasIface iface then [ elt ] else [];
|
|
|
|
|
|
|
|
in
|
|
|
|
|
|
|
|
{
|
|
|
|
imports = [
|
|
|
|
#./pgpool.nix
|
|
|
|
./udp514.nix
|
|
|
|
];
|
|
|
|
|
|
|
|
services.udp514-journal.enable = true;
|
|
|
|
services.coredns = {
|
|
|
|
enable = true;
|
|
|
|
config = ''
|
|
|
|
. {
|
|
|
|
${strIfHasIface "sec0" "bind sec0"}
|
|
|
|
${strIfHasIface "lan0" "bind lan0"}
|
2024-07-25 18:24:16 +00:00
|
|
|
forward . 172.16.1.8
|
2024-07-17 04:40:44 +00:00
|
|
|
}
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
|
|
|
#services.postgresql = {
|
|
|
|
# enable = true;
|
|
|
|
# dataDir = "/srv/pgdata";
|
|
|
|
# settings = {
|
|
|
|
# default_transaction_isolation = "repeatable read";
|
|
|
|
# };
|
|
|
|
# authentication = ''
|
|
|
|
# host all all 10.127.1.2/29 trust
|
|
|
|
# '';
|
|
|
|
# enableTCPIP = true;
|
|
|
|
#};
|
|
|
|
|
|
|
|
#systemd.tmpfiles.rules = [
|
|
|
|
# "d /srv/pgdata 775 postgres postgres -"
|
|
|
|
#];
|
|
|
|
|
|
|
|
#services.pgpool = {
|
|
|
|
# enable = true;
|
|
|
|
# config = ''
|
|
|
|
# backend_clustering_mode = 'snapshot_isolation'
|
|
|
|
# backend_hostname0 = '10.127.1.2'
|
|
|
|
# backend_port0 = 5432
|
|
|
|
# backend_weight0 = 1
|
|
|
|
# backend_data_directory0 = '/srv/pgdata'
|
|
|
|
# backend_flag0 = ALLOW_TO_FAILOVER
|
|
|
|
# backend_hostname1 = '10.127.1.3'
|
|
|
|
# backend_port1 = 5432
|
|
|
|
# backend_weight1 = 1
|
|
|
|
# backend_data_directory1 = '/srv/pgdata'
|
|
|
|
# backend_flag1 = ALLOW_TO_FAILOVER
|
|
|
|
# listen_address = '*'
|
|
|
|
# logging_collector = true
|
|
|
|
# log_destination = 'syslog,stderr'
|
|
|
|
# log_min_messages = 'INFO'
|
|
|
|
# '';
|
|
|
|
#};
|
|
|
|
|
|
|
|
services.k3s = {
|
|
|
|
enable = true;
|
|
|
|
tokenFile = "/etc/k3s.token";
|
|
|
|
#serverAddr =
|
|
|
|
# mkIf (config.networking.hostName != "snorlax")
|
|
|
|
# "https://${(numbers.api.hostIface "snorlax" "sec0").ip}:6443";
|
|
|
|
#clusterInit = config.networking.hostName == "snorlax";
|
|
|
|
extraFlags = (
|
|
|
|
" --datastore-endpoint=nats://localhost:4222?noEmbed=true&bucket=k0-kine&replicas=2,nats://10.127.1.2:4222,nats://10.127.1.3:4222,nats://10.127.1.4:4222"+
|
|
|
|
" --disable=traefik"+
|
|
|
|
" --disable=local-storage"+
|
|
|
|
" --cluster-cidr=10.128.0.0/16"+
|
|
|
|
" --flannel-backend=host-gw"+
|
|
|
|
(strIfHasIface "sec0" " --node-ip=${(numbers.api.hostIface config.networking.hostName "sec0").ip}")+
|
|
|
|
(strIfHasIface "lan0" " --node-external-ip=${(numbers.api.hostIface config.networking.hostName "lan0").ip}")+
|
|
|
|
"");
|
|
|
|
#"--node-ip=${config.systemd.network
|
|
|
|
};
|
|
|
|
|
|
|
|
systemd.services.nats-datadir = {
|
|
|
|
requiredBy = [ "nats.service" ];
|
|
|
|
before = [ "nats.service" ];
|
|
|
|
serviceConfig = {
|
|
|
|
Type = "oneshot";
|
|
|
|
ExecStart = pkgs.writeScript "nats-datadir" ''
|
|
|
|
#!${pkgs.bash}/bin/bash
|
|
|
|
${pkgs.coreutils}/bin/mkdir -p /srv/nats
|
|
|
|
${pkgs.coreutils}/bin/chown -R nats:nats /srv/nats
|
|
|
|
${pkgs.coreutils}/bin/chmod 750 /srv/nats
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
systemd.services.nats.unitConfig.Requires = [ "systemd-tmpfiles-resetup.service" ];
|
|
|
|
systemd.services.nats.unitConfig.After = [ "systemd-tmpfiles-resetup.service" ];
|
|
|
|
|
|
|
|
services.nats = {
|
|
|
|
enable = true;
|
|
|
|
serverName = config.networking.hostName;
|
|
|
|
dataDir = "/srv/nats";
|
|
|
|
jetstream = true;
|
|
|
|
settings = {
|
|
|
|
cluster = {
|
|
|
|
name = "cascade";
|
|
|
|
no_advertise = true;
|
|
|
|
port = 6222;
|
|
|
|
routes = [
|
|
|
|
"nats://10.127.1.2:6222"
|
|
|
|
"nats://10.127.1.3:6222"
|
|
|
|
"nats://10.127.1.4:6222"
|
|
|
|
];
|
|
|
|
};
|
|
|
|
http_port = 8222;
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
networking.firewall.allowedUDPPorts = [ 53 5432 9898 9999 6443 4222 6222 8222 ];
|
|
|
|
networking.firewall.allowedTCPPorts = [ 53 5432 9898 9999 6443 4222 6222 8222 ];
|
|
|
|
}
|