homelab-nomad/core/blocky/blocky.tf

69 lines
1.3 KiB
Terraform
Raw Permalink Normal View History

2022-02-28 20:07:34 +00:00
locals {
2023-08-24 22:03:36 +00:00
config_data = file("${path.module}/config.yml")
2022-02-28 20:07:34 +00:00
}
resource "nomad_job" "blocky" {
hcl2 {
vars = {
2022-11-02 19:32:27 +00:00
"config_data" = local.config_data,
2022-02-28 20:07:34 +00:00
}
}
jobspec = templatefile("${path.module}/blocky.nomad", {
use_wesher = var.use_wesher,
})
2022-02-28 20:07:34 +00:00
}
# Generate secrets and policies for access to MySQL
resource "nomad_acl_policy" "blocky_mysql_bootstrap_secrets" {
name = "blocky-secrets-mysql"
description = "Give access to MySQL secrets"
rules_hcl = <<EOH
namespace "default" {
variables {
path "secrets/mysql" {
capabilities = ["read"]
}
}
}
EOH
job_acl {
job_id = "blocky"
group = "blocky"
2023-08-29 19:59:14 +00:00
task = "mysql-bootstrap"
}
}
resource "random_password" "blocky_mysql_psk" {
length = 32
override_special = "!@#%&*-_="
}
resource "nomad_variable" "blocky_mysql_psk" {
path = "secrets/mysql/allowed_psks/blocky"
items = {
psk = "blocky:${resource.random_password.blocky_mysql_psk.result}"
}
}
resource "nomad_acl_policy" "blocky_mysql_psk" {
name = "blocky-secrets-mysql-psk"
description = "Give access to MySQL PSK secrets"
rules_hcl = <<EOH
namespace "default" {
variables {
path "secrets/mysql/allowed_psks/blocky" {
capabilities = ["read"]
}
}
}
EOH
job_acl {
job_id = "blocky"
group = "blocky"
task = "stunnel"
}
}