{config, numbers, pkgs, lib, ...}: with lib; let hasIface = iface: elem iface (numbers.api.hostIfaces config.networking.hostName); strIfHasIface = iface: s: if hasIface iface then s else ""; attrsetIfHasIface = iface: as: if hasIface iface then as else {}; eltIfHasIface = iface: elt: if hasIface iface then [ elt ] else []; in { imports = [ #./pgpool.nix ./udp514.nix ]; services.udp514-journal.enable = true; services.coredns = { enable = true; config = '' . { ${strIfHasIface "sec0" "bind sec0"} ${strIfHasIface "lan0" "bind lan0"} whoami } ''; }; #services.postgresql = { # enable = true; # dataDir = "/srv/pgdata"; # settings = { # default_transaction_isolation = "repeatable read"; # }; # authentication = '' # host all all 10.127.1.2/29 trust # ''; # enableTCPIP = true; #}; #systemd.tmpfiles.rules = [ # "d /srv/pgdata 775 postgres postgres -" #]; #services.pgpool = { # enable = true; # config = '' # backend_clustering_mode = 'snapshot_isolation' # backend_hostname0 = '10.127.1.2' # backend_port0 = 5432 # backend_weight0 = 1 # backend_data_directory0 = '/srv/pgdata' # backend_flag0 = ALLOW_TO_FAILOVER # backend_hostname1 = '10.127.1.3' # backend_port1 = 5432 # backend_weight1 = 1 # backend_data_directory1 = '/srv/pgdata' # backend_flag1 = ALLOW_TO_FAILOVER # listen_address = '*' # logging_collector = true # log_destination = 'syslog,stderr' # log_min_messages = 'INFO' # ''; #}; services.k3s = { enable = true; tokenFile = "/etc/k3s.token"; #serverAddr = # mkIf (config.networking.hostName != "snorlax") # "https://${(numbers.api.hostIface "snorlax" "sec0").ip}:6443"; #clusterInit = config.networking.hostName == "snorlax"; extraFlags = ( " --datastore-endpoint=nats://localhost:4222?noEmbed=true&bucket=k0-kine&replicas=2,nats://10.127.1.2:4222,nats://10.127.1.3:4222,nats://10.127.1.4:4222"+ " --disable=traefik"+ " --disable=local-storage"+ " --cluster-cidr=10.128.0.0/16"+ " --flannel-backend=host-gw"+ (strIfHasIface "sec0" " --node-ip=${(numbers.api.hostIface config.networking.hostName "sec0").ip}")+ (strIfHasIface "lan0" " --node-external-ip=${(numbers.api.hostIface config.networking.hostName "lan0").ip}")+ ""); #"--node-ip=${config.systemd.network }; systemd.services.nats-datadir = { requiredBy = [ "nats.service" ]; before = [ "nats.service" ]; serviceConfig = { Type = "oneshot"; ExecStart = pkgs.writeScript "nats-datadir" '' #!${pkgs.bash}/bin/bash ${pkgs.coreutils}/bin/mkdir -p /srv/nats ${pkgs.coreutils}/bin/chown -R nats:nats /srv/nats ${pkgs.coreutils}/bin/chmod 750 /srv/nats ''; }; }; systemd.services.nats.unitConfig.Requires = [ "systemd-tmpfiles-resetup.service" ]; systemd.services.nats.unitConfig.After = [ "systemd-tmpfiles-resetup.service" ]; services.nats = { enable = true; serverName = config.networking.hostName; dataDir = "/srv/nats"; jetstream = true; settings = { cluster = { name = "cascade"; no_advertise = true; port = 6222; routes = [ "nats://10.127.1.2:6222" "nats://10.127.1.3:6222" "nats://10.127.1.4:6222" ]; }; http_port = 8222; }; }; networking.firewall.allowedUDPPorts = [ 53 5432 9898 9999 6443 4222 6222 8222 ]; networking.firewall.allowedTCPPorts = [ 53 5432 9898 9999 6443 4222 6222 8222 ]; }