nixos/consul: fix consul alerts enable

1 files changed, 96 insertions, 85 deletions

diff --git a/nixos/modules/services/networking/consul.nix b/nixos/modules/services/networking/consul.nix
index 53a9f462625..31bae628050 100644
--- a/nixos/modules/services/networking/consul.nix
+++ b/nixos/modules/services/networking/consul.nix
@@ -106,6 +106,12 @@ in
       alerts = {
         enable = mkEnableOption "Whether to enable consul-alerts";
 
+        package = mkOption {
+          description = "Package to use for consul-alerts.";
+          default = pkgs.consul-alerts;
+          type = types.package;
+        };
+
         listenAddr = mkOption {
           description = "Api listening address.";
           default = "localhost:9000";
@@ -135,96 +141,101 @@ in
 
   };
 
-  config = mkIf cfg.enable {
+  config = mkIf cfg.enable (
+    mkMerge [{
 
-    users.extraUsers."consul" = {
-      description = "Consul agent daemon user";
-      uid = config.ids.uids.consul;
-      # The shell is needed for health checks
-      shell = "/run/current-system/sw/bin/bash";
-    };
+      users.extraUsers."consul" = {
+        description = "Consul agent daemon user";
+        uid = config.ids.uids.consul;
+        # The shell is needed for health checks
+        shell = "/run/current-system/sw/bin/bash";
+      };
 
-    environment = {
-      etc."consul.json".text = builtins.toJSON configOptions;
-      # We need consul.d to exist for consul to start
-      etc."consul.d/dummy.json".text = "{ }";
-      systemPackages = with pkgs; [ consul ];
-    };
+      environment = {
+        etc."consul.json".text = builtins.toJSON configOptions;
+        # We need consul.d to exist for consul to start
+        etc."consul.d/dummy.json".text = "{ }";
+        systemPackages = with pkgs; [ consul ];
+      };
 
-    systemd.services.consul = {
-      wantedBy = [ "multi-user.target" ];
-      after = [ "network.target" ] ++ systemdDevices;
-      bindsTo = systemdDevices;
-      restartTriggers = [ config.environment.etc."consul.json".source ]
-        ++ mapAttrsToList (_: d: d.source)
-          (filterAttrs (n: _: hasPrefix "consul.d/" n) config.environment.etc);
-
-      serviceConfig = {
-        ExecStart = "@${pkgs.consul}/bin/consul consul agent -config-dir /etc/consul.d"
-          + concatMapStrings (n: " -config-file ${n}") configFiles;
-        ExecReload = "${pkgs.consul}/bin/consul reload";
-        PermissionsStartOnly = true;
-        User = if cfg.dropPrivileges then "consul" else null;
-        TimeoutStartSec = "0";
-      } // (optionalAttrs (cfg.leaveOnStop) {
-        ExecStop = "${pkgs.consul}/bin/consul leave";
-      });
-
-      path = with pkgs; [ iproute gnugrep gawk consul ];
-      preStart = ''
-        mkdir -m 0700 -p ${dataDir}
-        chown -R consul ${dataDir}
-
-        # Determine interface addresses
-        getAddrOnce () {
-          ip addr show dev "$1" \
-            | grep 'inet${optionalString (cfg.forceIpv4) " "}.*scope global' \
-            | awk -F '[ /\t]*' '{print $3}' | head -n 1
-        }
-        getAddr () {
-          ADDR="$(getAddrOnce $1)"
-          LEFT=60 # Die after 1 minute
-          while [ -z "$ADDR" ]; do
-            sleep 1
-            LEFT=$(expr $LEFT - 1)
-            if [ "$LEFT" -eq "0" ]; then
-              echo "Address lookup timed out"
-              exit 1
-            fi
+      systemd.services.consul = {
+        wantedBy = [ "multi-user.target" ];
+        after = [ "network.target" ] ++ systemdDevices;
+        bindsTo = systemdDevices;
+        restartTriggers = [ config.environment.etc."consul.json".source ]
+          ++ mapAttrsToList (_: d: d.source)
+            (filterAttrs (n: _: hasPrefix "consul.d/" n) config.environment.etc);
+
+        serviceConfig = {
+          ExecStart = "@${pkgs.consul}/bin/consul consul agent -config-dir /etc/consul.d"
+            + concatMapStrings (n: " -config-file ${n}") configFiles;
+          ExecReload = "${pkgs.consul}/bin/consul reload";
+          PermissionsStartOnly = true;
+          User = if cfg.dropPrivileges then "consul" else null;
+          TimeoutStartSec = "0";
+        } // (optionalAttrs (cfg.leaveOnStop) {
+          ExecStop = "${pkgs.consul}/bin/consul leave";
+        });
+
+        path = with pkgs; [ iproute gnugrep gawk consul ];
+        preStart = ''
+          mkdir -m 0700 -p ${dataDir}
+          chown -R consul ${dataDir}
+
+          # Determine interface addresses
+          getAddrOnce () {
+            ip addr show dev "$1" \
+              | grep 'inet${optionalString (cfg.forceIpv4) " "}.*scope global' \
+              | awk -F '[ /\t]*' '{print $3}' | head -n 1
+          }
+          getAddr () {
             ADDR="$(getAddrOnce $1)"
-          done
-          echo "$ADDR"
-        }
-        echo "{" > /etc/consul-addrs.json
-        delim=" "
-      ''
-      + concatStrings (flip mapAttrsToList cfg.interface (name: i:
-        optionalString (i != null) ''
-          echo "$delim \"${name}_addr\": \"$(getAddr "${i}")\"" >> /etc/consul-addrs.json
-          delim=","
-        ''))
-      + ''
-        echo "}" >> /etc/consul-addrs.json
-      '';
-    };
-
-    systemd.services.consul-alerts = mkIf (cfg.alerts.enable) {
-      wantedBy = [ "multi-user.target" ];
-      after = [ "consul.service" ];
-
-      path = [ pkgs.consul ];
-
-      serviceConfig = {
-        ExecStart = ''
-          ${pkgs.consul-alerts}/bin/consul-alerts start \
-            --alert-addr=${cfg.alerts.listenAddr} \
-            --consul-addr=${cfg.alerts.consulAddr} \
-            ${optionalString cfg.alerts.watchChecks "--watch-checks"} \
-            ${optionalString cfg.alerts.watchEvents "--watch-events"}
+            LEFT=60 # Die after 1 minute
+            while [ -z "$ADDR" ]; do
+              sleep 1
+              LEFT=$(expr $LEFT - 1)
+              if [ "$LEFT" -eq "0" ]; then
+                echo "Address lookup timed out"
+                exit 1
+              fi
+              ADDR="$(getAddrOnce $1)"
+            done
+            echo "$ADDR"
+          }
+          echo "{" > /etc/consul-addrs.json
+          delim=" "
+        ''
+        + concatStrings (flip mapAttrsToList cfg.interface (name: i:
+          optionalString (i != null) ''
+            echo "$delim \"${name}_addr\": \"$(getAddr "${i}")\"" >> /etc/consul-addrs.json
+            delim=","
+          ''))
+        + ''
+          echo "}" >> /etc/consul-addrs.json
         '';
-        User = if cfg.dropPrivileges then "consul" else null;
       };
-    };
+    }
+
+    (mkIf (cfg.alerts.enable) {
+      systemd.services.consul-alerts = {
+        wantedBy = [ "multi-user.target" ];
+        after = [ "consul.service" ];
+
+        path = [ pkgs.consul ];
+
+        serviceConfig = {
+          ExecStart = ''
+            ${cfg.alerts.package}/bin/consul-alerts start \
+              --alert-addr=${cfg.alerts.listenAddr} \
+              --consul-addr=${cfg.alerts.consulAddr} \
+              ${optionalString cfg.alerts.watchChecks "--watch-checks"} \
+              ${optionalString cfg.alerts.watchEvents "--watch-events"}
+          '';
+          User = if cfg.dropPrivileges then "consul" else null;
+          Restart = "on-failure";
+        };
+      };
+    })
 
-  };
+  ]);
 }