diff options
author | Weijia Wang <9713184+wegank@users.noreply.github.com> | 2024-02-05 00:37:09 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2024-02-05 00:37:09 +0100 |
commit | 7ece42702159f2cca6f7f2238d32be4f1830eee1 (patch) | |
tree | c3167cff1c21e389ba7c23b542afa01135d4dbc8 /nixos/modules | |
parent | b784eff419af87da1383b58adca904808c18fd22 (diff) | |
parent | cbe8e0c9809aa50a4a9c389cab2879b3f8935c0f (diff) | |
download | nixlib-7ece42702159f2cca6f7f2238d32be4f1830eee1.tar nixlib-7ece42702159f2cca6f7f2238d32be4f1830eee1.tar.gz nixlib-7ece42702159f2cca6f7f2238d32be4f1830eee1.tar.bz2 nixlib-7ece42702159f2cca6f7f2238d32be4f1830eee1.tar.lz nixlib-7ece42702159f2cca6f7f2238d32be4f1830eee1.tar.xz nixlib-7ece42702159f2cca6f7f2238d32be4f1830eee1.tar.zst nixlib-7ece42702159f2cca6f7f2238d32be4f1830eee1.zip |
Merge pull request #279268 from superherointj/etcd-fix-firewall-startup
nixos/etcd: fixes etcd failing to start at boot and add openFirewall option
Diffstat (limited to 'nixos/modules')
-rw-r--r-- | nixos/modules/module-list.nix | 2 | ||||
-rw-r--r-- | nixos/modules/services/databases/etcd.nix (renamed from nixos/modules/services/misc/etcd.nix) | 25 |
2 files changed, 25 insertions, 2 deletions
diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index e97fb45e769c..b64a3360701a 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -429,6 +429,7 @@ ./services/databases/couchdb.nix ./services/databases/dgraph.nix ./services/databases/dragonflydb.nix + ./services/databases/etcd.nix ./services/databases/ferretdb.nix ./services/databases/firebird.nix ./services/databases/foundationdb.nix @@ -679,7 +680,6 @@ ./services/misc/dwm-status.nix ./services/misc/dysnomia.nix ./services/misc/errbot.nix - ./services/misc/etcd.nix ./services/misc/etebase-server.nix ./services/misc/etesync-dav.nix ./services/misc/evdevremapkeys.nix diff --git a/nixos/modules/services/misc/etcd.nix b/nixos/modules/services/databases/etcd.nix index ee6a56db31d3..a5b3abdbcb59 100644 --- a/nixos/modules/services/misc/etcd.nix +++ b/nixos/modules/services/databases/etcd.nix @@ -99,6 +99,17 @@ in { type = types.nullOr types.path; }; + openFirewall = mkOption { + type = types.bool; + default = false; + description = lib.mdDoc '' + Open etcd ports in the firewall. + Ports opened: + - 2379/tcp for client requests + - 2380/tcp for peer communication + ''; + }; + peerCertFile = mkOption { description = lib.mdDoc "Cert file to use for peer to peer communication"; default = cfg.certFile; @@ -160,7 +171,10 @@ in { systemd.services.etcd = { description = "etcd key-value store"; wantedBy = [ "multi-user.target" ]; - after = [ "network.target" ]; + after = [ "network-online.target" ] + ++ lib.optional config.networking.firewall.enable "firewall.service"; + wants = [ "network-online.target" ] + ++ lib.optional config.networking.firewall.enable "firewall.service"; environment = (filterAttrs (n: v: v != null) { ETCD_NAME = cfg.name; @@ -190,6 +204,8 @@ in { serviceConfig = { Type = "notify"; + Restart = "always"; + RestartSec = "30s"; ExecStart = "${cfg.package}/bin/etcd"; User = "etcd"; LimitNOFILE = 40000; @@ -198,6 +214,13 @@ in { environment.systemPackages = [ cfg.package ]; + networking.firewall = lib.mkIf cfg.openFirewall { + allowedTCPPorts = [ + 2379 # for client requests + 2380 # for peer communication + ]; + }; + users.users.etcd = { isSystemUser = true; group = "etcd"; |