Add Nomad and Consul

2025-11-07 13:03:16 +01:00 · 2025-11-07 13:03:16 +01:00 · 4971e8c185
commit 4971e8c185
parent b6d31e25b9
2 changed files with 85 additions and 0 deletions
--- a/cluster.nix
+++ b/cluster.nix
@ -13,6 +13,11 @@ with lib;
      description = "Node name";
    };

+    clusterName = mkOption {
+      type = str;
+      description = "Cluster Name for Consul and Nomad";
+    };
+
    clusterPrefix = mkOption {
      type = str;
      description = "Cluster IP prefix";
@ -22,6 +27,11 @@ with lib;
      description = "Nodes that are part of this cluster";
      type = attrsOf (submodule {
        options = {
+          siteName = mkOption {
+            type = str;
+            description = "Physical site name";
+          };
+
          address = mkOption {
            type = str;
            description = "IP Address in the Wireguard network";
@ -42,19 +52,23 @@ with lib;
  };

  config.filouterie.clusterPrefix = "10.0.0.0/16";
+  config.filouterie.clusterName = "filouterie";

  config.filouterie.clusterNodes = {
    "fifi" = {
+      siteName = "mayel-house";
      pubkey = "/TJVF6aLEvqngjd8Gq3QkH5esEQSIL+ryz/uKdJaZEQ=";
      address = "10.0.1.1";
      endpoint = "92.179.73.254:19720";
    };
    "riri" = {
+      siteName = "gribse-house";
      pubkey = "lUUTv85m7vtIKY7+s//AWL5r/epjXSBZNJCrgjRfQj0=";
      address = "10.0.2.1";
      endpoint = "176.159.248.209:19720";
    };
    "loulou" = {
+      siteName = "zuma-house";
      pubkey = "J/liQaChv4ZBjwlLmobM0NA/Wwgl8nDcQEcGdsC5Exc=";
      address = "10.0.3.1";
      endpoint = "82.67.117.71:19720";
--- a/configuration.nix
+++ b/configuration.nix
@ -171,6 +171,77 @@ with pkgs.lib;
        fi
      '';

+      systemd.services.consul.after = [ "wgautomesh.service" ];
+      services.consul = {
+        enable = true;
+        extraConfig = {
+          node_meta = {
+            site = clusterNodeCfg.siteName;
+          };
+          server = true;
+          datacenter = cfg.clusterName;
+          ui_config.enabled = true;
+          bind_addr = "${clusterAddress}";
+
+          addresses = {
+            http = "0.0.0.0";
+            dns = "0.0.0.0";
+          };
+
+          # Make consul try again these nodes
+	  retry_join = [
+            "10.0.1.1" # fifi
+	    "10.0.2.1" # riri
+	    "10.0.3.1" # loulou
+	  ];
+        };
+      };
+
+      nixpkgs.config.allowUnfree = true; # Nomad's license is BSL
+      systemd.services.nomad.after = [ "wgautomesh.service" ];
+      services.nomad = {
+        enable = true;
+        dropPrivileges = false; # We need to run Nomad as root to access docker
+        settings = {
+          server = {
+            enabled = true;
+          };
+          region = cfg.clusterName;
+          datacenter = clusterNodeCfg.siteName;
+          advertise = {
+            rpc = "${clusterAddress}";
+            http = "${clusterAddress}";
+            serf = "${clusterAddress}";
+          };
+          consul = {
+            address = "localhost:8500";
+            ssl = false;
+          };
+          client = {
+            enabled = true;
+            network_interface = "wg0";
+            meta = {
+              site = clusterNodeCfg.siteName;
+            };
+          };
+          plugin = [
+            {
+              docker = [
+                {
+                  config = [
+                    {
+                      volumes.enabled = true;
+                      allow_privileged = true;
+                      allow_caps = [ "all" ];
+                    }
+                  ];
+                }
+              ];
+            }
+          ];
+        };
+      };
+
      # Sets /etc/hosts to link all hostnames to wireguard IP
      networking.extraHosts = concatStringsSep "\n" (
        attrValues (mapAttrs (hostname: { address, ... }: "${address} ${hostname}") cfg.clusterNodes)