dev/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

Merge pull request #279268 from superherointj/etcd-fix-firewall-startup

Browse Source 
nixos/etcd: fixes etcd failing to start at boot and add openFirewall option
This commit is contained in:
Weijia Wang 2024-02-05 00:37:09 +01:00 committed by GitHub
commit 7ece427021
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 25 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
nixos/modules/module-list.nix
View File

@ -429,6 +429,7 @@
./services/databases/couchdb.nix
./services/databases/dgraph.nix
./services/databases/dragonflydb.nix
./services/databases/etcd.nix
./services/databases/ferretdb.nix
./services/databases/firebird.nix
./services/databases/foundationdb.nix
@ -679,7 +680,6 @@
./services/misc/dwm-status.nix
./services/misc/dysnomia.nix
./services/misc/errbot.nix
./services/misc/etcd.nix
./services/misc/etebase-server.nix
./services/misc/etesync-dav.nix
./services/misc/evdevremapkeys.nix

25
nixos/modules/services/misc/etcd.nix → nixos/modules/services/databases/etcd.nix
View File

@ -99,6 +99,17 @@ in {
type = types.nullOr types.path;
};
openFirewall = mkOption {
type = types.bool;
default = false;
description = lib.mdDoc ''
Open etcd ports in the firewall.
Ports opened:
- 2379/tcp for client requests
- 2380/tcp for peer communication
'';
};
peerCertFile = mkOption {
description = lib.mdDoc "Cert file to use for peer to peer communication";
default = cfg.certFile;
@ -160,7 +171,10 @@ in {
systemd.services.etcd = {
description = "etcd key-value store";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
after = [ "network-online.target" ]
++ lib.optional config.networking.firewall.enable "firewall.service";
wants = [ "network-online.target" ]
++ lib.optional config.networking.firewall.enable "firewall.service";
environment = (filterAttrs (n: v: v != null) {
ETCD_NAME = cfg.name;
@ -190,6 +204,8 @@ in {
serviceConfig = {
Type = "notify";
Restart = "always";
RestartSec = "30s";
ExecStart = "${cfg.package}/bin/etcd";
User = "etcd";
LimitNOFILE = 40000;
@ -198,6 +214,13 @@ in {
environment.systemPackages = [ cfg.package ];
networking.firewall = lib.mkIf cfg.openFirewall {
allowedTCPPorts = [
2379 # for client requests
2380 # for peer communication
];
};
users.users.etcd = {
isSystemUser = true;
group = "etcd";