sstent/nixos-cluster
1
0
Fork 0
mirror of https://github.com/sstent/nixos-cluster.git synced 2026-02-14 11:22:51 +00:00
Code Issues Packages Projects Releases Wiki Activity

sync

Browse Source
This commit is contained in:
sstent
2025-11-15 15:34:28 +00:00
parent 348513fe55
commit 12c7b26ac7
1 changed files with 30 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
modules/consul.nix
View File

@@ -33,10 +33,38 @@ in {
}; };
networking.firewall = { networking.firewall = {
allowedTCPPorts = [8300 8301 8302 8500 8600]; enable = true;
allowedUDPPorts = [8301 3802 8600]; allowedTCPPorts = [8300 8301 8302 8500 8600 53];
allowedUDPPorts = [8301 3802 8600 53];
}; };
# Add the iptables rules directly via a systemd service
systemd.services.consul-dns-redirect = {
description = "Redirect DNS port 53 to Consul port 8600";
after = [ "network.target" "firewall.service" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
script = ''
${pkgs.iptables}/bin/iptables -t nat -A PREROUTING -p udp --dport 53 -j REDIRECT --to-port 8600
${pkgs.iptables}/bin/iptables -t nat -A PREROUTING -p tcp --dport 53 -j REDIRECT --to-port 8600
${pkgs.iptables}/bin/iptables -t nat -A OUTPUT -p udp -d 127.0.0.1 --dport 53 -j REDIRECT --to-port 8600
${pkgs.iptables}/bin/iptables -t nat -A OUTPUT -p tcp -d 127.0.0.1 --dport 53 -j REDIRECT --to-port 8600
'';
preStop = ''
${pkgs.iptables}/bin/iptables -t nat -D PREROUTING -p udp --dport 53 -j REDIRECT --to-port 8600 || true
${pkgs.iptables}/bin/iptables -t nat -D PREROUTING -p tcp --dport 53 -j REDIRECT --to-port 8600 || true
${pkgs.iptables}/bin/iptables -t nat -D OUTPUT -p udp -d 127.0.0.1 --dport 53 -j REDIRECT --to-port 8600 || true
${pkgs.iptables}/bin/iptables -t nat -D OUTPUT -p tcp -d 127.0.0.1 --dport 53 -j REDIRECT --to-port 8600 || true
'';
};
services.consul = { services.consul = {
# package = myPkg; # package = myPkg;
enable = true; enable = true;