From 725e184645b5532c10969a8330d26134831d8790 Mon Sep 17 00:00:00 2001
From: David Wagner <wagdav@gmail.com>
Date: Sat, 29 Jun 2024 10:41:34 +0200
Subject: [PATCH] consul: keep communication on the local network

Listen only on the local network interface and avoid the tailnet overlay.

Also spell out nuc as 'nuc.sunrise.box` to resolve to the local IP
address and not to the tailnet address.
---
 modules/consul/base.nix   | 4 +---
 modules/consul/client.nix | 1 +
 2 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/modules/consul/base.nix b/modules/consul/base.nix
index 32b373e..b2a36ca 100644
--- a/modules/consul/base.nix
+++ b/modules/consul/base.nix
@@ -5,9 +5,7 @@
     enable = true;
 
     extraConfig = {
-      retry_join = [ "nuc" ];
-
-      client_addr = [ "0.0.0.0" ];
+      bind_addr = "{{ GetPrivateInterfaces | include \"network\" \"192.168.1.0/24\" | attr \"address\" }}";
 
       telemetry = {
         disable_hostname = true;
diff --git a/modules/consul/client.nix b/modules/consul/client.nix
index c96c01c..de13e31 100644
--- a/modules/consul/client.nix
+++ b/modules/consul/client.nix
@@ -7,6 +7,7 @@
 
   services.consul = {
     extraConfig = {
+      retry_join = [ "nuc.sunrise.box" ];
       server = false;
     };
   };