gribse/nix-cluster
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add Nomad and Consul

Browse source
This commit is contained in:
zuma 2025-11-07 13:03:16 +01:00 committed by Zuma
parent b6d31e25b9
commit 4971e8c185
2 changed files with 85 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

14
cluster.nix
View file

@ -13,6 +13,11 @@ with lib;
description = "Node name"; description = "Node name";
}; };
clusterName = mkOption {
type = str;
description = "Cluster Name for Consul and Nomad";
};
clusterPrefix = mkOption { clusterPrefix = mkOption {
type = str; type = str;
description = "Cluster IP prefix"; description = "Cluster IP prefix";
@ -22,6 +27,11 @@ with lib;
description = "Nodes that are part of this cluster"; description = "Nodes that are part of this cluster";
type = attrsOf (submodule { type = attrsOf (submodule {
options = { options = {
siteName = mkOption {
type = str;
description = "Physical site name";
};
address = mkOption { address = mkOption {
type = str; type = str;
description = "IP Address in the Wireguard network"; description = "IP Address in the Wireguard network";
@ -42,19 +52,23 @@ with lib;
}; };
config.filouterie.clusterPrefix = "10.0.0.0/16"; config.filouterie.clusterPrefix = "10.0.0.0/16";
config.filouterie.clusterName = "filouterie";
config.filouterie.clusterNodes = { config.filouterie.clusterNodes = {
"fifi" = { "fifi" = {
siteName = "mayel-house";
pubkey = "/TJVF6aLEvqngjd8Gq3QkH5esEQSIL+ryz/uKdJaZEQ="; pubkey = "/TJVF6aLEvqngjd8Gq3QkH5esEQSIL+ryz/uKdJaZEQ=";
address = "10.0.1.1"; address = "10.0.1.1";
endpoint = "92.179.73.254:19720"; endpoint = "92.179.73.254:19720";
}; };
"riri" = { "riri" = {
siteName = "gribse-house";
pubkey = "lUUTv85m7vtIKY7+s//AWL5r/epjXSBZNJCrgjRfQj0="; pubkey = "lUUTv85m7vtIKY7+s//AWL5r/epjXSBZNJCrgjRfQj0=";
address = "10.0.2.1"; address = "10.0.2.1";
endpoint = "176.159.248.209:19720"; endpoint = "176.159.248.209:19720";
}; };
"loulou" = { "loulou" = {
siteName = "zuma-house";
pubkey = "J/liQaChv4ZBjwlLmobM0NA/Wwgl8nDcQEcGdsC5Exc="; pubkey = "J/liQaChv4ZBjwlLmobM0NA/Wwgl8nDcQEcGdsC5Exc=";
address = "10.0.3.1"; address = "10.0.3.1";
endpoint = "82.67.117.71:19720"; endpoint = "82.67.117.71:19720";

71
configuration.nix
View file

@ -171,6 +171,77 @@ with pkgs.lib;
fi fi
''; '';
systemd.services.consul.after = [ "wgautomesh.service" ];
services.consul = {
enable = true;
extraConfig = {
node_meta = {
site = clusterNodeCfg.siteName;
};
server = true;
datacenter = cfg.clusterName;
ui_config.enabled = true;
bind_addr = "${clusterAddress}";
addresses = {
http = "0.0.0.0";
dns = "0.0.0.0";
};
# Make consul try again these nodes
retry_join = [
"10.0.1.1" # fifi
"10.0.2.1" # riri
"10.0.3.1" # loulou
];
};
};
nixpkgs.config.allowUnfree = true; # Nomad's license is BSL
systemd.services.nomad.after = [ "wgautomesh.service" ];
services.nomad = {
enable = true;
dropPrivileges = false; # We need to run Nomad as root to access docker
settings = {
server = {
enabled = true;
};
region = cfg.clusterName;
datacenter = clusterNodeCfg.siteName;
advertise = {
rpc = "${clusterAddress}";
http = "${clusterAddress}";
serf = "${clusterAddress}";
};
consul = {
address = "localhost:8500";
ssl = false;
};
client = {
enabled = true;
network_interface = "wg0";
meta = {
site = clusterNodeCfg.siteName;
};
};
plugin = [
{
docker = [
{
config = [
{
volumes.enabled = true;
allow_privileged = true;
allow_caps = [ "all" ];
}
];
}
];
}
];
};
};
# Sets /etc/hosts to link all hostnames to wireguard IP # Sets /etc/hosts to link all hostnames to wireguard IP
networking.extraHosts = concatStringsSep "\n" ( networking.extraHosts = concatStringsSep "\n" (
attrValues (mapAttrs (hostname: { address, ... }: "${address} ${hostname}") cfg.clusterNodes) attrValues (mapAttrs (hostname: { address, ... }: "${address} ${hostname}") cfg.clusterNodes)