115 lines
3.3 KiB
Nix
115 lines
3.3 KiB
Nix
{ config, lib, pkgs, ... }:
|
|
{
|
|
imports =
|
|
[ # Include the results of the hardware scan.
|
|
./hardware-configuration.nix
|
|
];
|
|
|
|
nixpkgs.config.allowUnfree = true;
|
|
|
|
# Use the systemd-boot EFI boot loader.
|
|
boot.loader.systemd-boot.enable = true;
|
|
boot.loader.efi.canTouchEfiVariables = true;
|
|
|
|
networking.hostName = "${hostname}"; # Define your hostname.
|
|
|
|
time.timeZone = "Australia/Melbourne";
|
|
|
|
# List packages installed in system profile. To search, run:
|
|
# $ nix search wget
|
|
# environment.systemPackages = with pkgs; [
|
|
# vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
|
|
# wget
|
|
# ];
|
|
|
|
# Some programs need SUID wrappers, can be configured further or are
|
|
# started in user sessions.
|
|
# programs.mtr.enable = true;
|
|
# programs.gnupg.agent = {
|
|
# enable = true;
|
|
# enableSSHSupport = true;
|
|
# };
|
|
|
|
# List services that you want to enable:
|
|
services = {
|
|
nomad = {
|
|
enable = true;
|
|
enableDocker = true;
|
|
dropPrivileges = false;
|
|
settings = {
|
|
datacenter = "jaglan-beta";
|
|
server = {
|
|
enabled = true;
|
|
%{if bootstrap ~}
|
|
bootstrap_expect = 1;
|
|
%{endif ~}
|
|
};
|
|
client = {
|
|
enabled = true;
|
|
host_volume = {
|
|
traefik = {
|
|
path = "/opt/traefik";
|
|
read_only = false;
|
|
};
|
|
postgres = {
|
|
path = "/opt/postgres";
|
|
read_only = false;
|
|
};
|
|
};
|
|
cni_path = "$${pkgs.cni-plugins}/bin";
|
|
};
|
|
plugin.docker.config.allow_privileged = true;
|
|
};
|
|
extraPackages = with pkgs; [
|
|
cni-plugins
|
|
consul
|
|
];
|
|
};
|
|
consul = {
|
|
enable = true;
|
|
webUi = true;
|
|
interface.bind = "${bind_interface}";
|
|
interface.advertise = "${bind_interface}";
|
|
extraConfig = {
|
|
%{if bootstrap ~}
|
|
bootstrap_expect = 1;
|
|
%{endif ~}
|
|
server = true;
|
|
retry_join = [
|
|
"jaglan-beta-m01"
|
|
"jaglan-beta-m20"
|
|
];
|
|
datacenter = "jaglan-beta";
|
|
connect.enabled = true;
|
|
ports.grpc = 8502;
|
|
};
|
|
};
|
|
openssh = {
|
|
enable = true;
|
|
settings.PermitRootLogin = "yes";
|
|
};
|
|
};
|
|
|
|
systemd.tmpfiles.rules = [
|
|
# Fix issue where nomad needs alloc_mounts to be writable
|
|
"d /var/lib/alloc_mounts 0755 root root -"
|
|
# Create a directory for Traefik to store its data (tls certs, etc.)
|
|
"d /opt/traefik 0755 root root -"
|
|
# Create a directory for Postgres to store its data
|
|
"d /opt/postgres 0755 root root -"
|
|
];
|
|
|
|
# Open ports in the firewall. 80/443 are for HTTP/HTTPS (terraform), 464X are the default ports for Nomad, 830X are the default ports for Consul.
|
|
networking.firewall.allowedTCPPorts = [ 80 443 4646 4647 4648 8300 8301 ];
|
|
networking.firewall.allowedUDPPorts = [ 8301 ];
|
|
|
|
# Copy the NixOS configuration file and link it from the resulting system
|
|
# (/run/current-system/configuration.nix). This is useful in case you
|
|
# accidentally delete configuration.nix.
|
|
system.copySystemConfiguration = true;
|
|
|
|
# Defines the initial NixOS version for compatibility with older application data.
|
|
# Do NOT change this value after installation without careful consideration.
|
|
system.stateVersion = "24.11"; # Did you read the comment?
|
|
}
|