2022-02-16 17:56:18 +00:00
|
|
|
job "traefik" {
|
|
|
|
datacenters = ["dc1"]
|
2022-07-28 22:11:59 +00:00
|
|
|
type = "service"
|
2022-06-23 16:51:42 +00:00
|
|
|
priority = 100
|
2022-02-16 17:56:18 +00:00
|
|
|
|
2022-02-27 22:49:00 +00:00
|
|
|
constraint {
|
|
|
|
attribute = "${node.class}"
|
|
|
|
value = "ingress"
|
|
|
|
}
|
|
|
|
|
2022-07-28 22:11:59 +00:00
|
|
|
constraint {
|
|
|
|
distinct_hosts = true
|
|
|
|
}
|
|
|
|
|
2022-06-24 03:12:30 +00:00
|
|
|
update {
|
|
|
|
max_parallel = 1
|
2022-07-28 22:11:59 +00:00
|
|
|
# canary = 1
|
|
|
|
# auto_promote = true
|
2022-06-24 03:12:30 +00:00
|
|
|
auto_revert = true
|
|
|
|
}
|
|
|
|
|
2022-02-16 17:56:18 +00:00
|
|
|
group "traefik" {
|
2024-01-04 21:24:15 +00:00
|
|
|
count = 2
|
2022-02-16 17:56:18 +00:00
|
|
|
|
|
|
|
network {
|
|
|
|
port "web" {
|
|
|
|
static = 80
|
|
|
|
}
|
2022-09-05 03:21:02 +00:00
|
|
|
|
2022-02-16 17:56:18 +00:00
|
|
|
port "websecure" {
|
|
|
|
static = 443
|
|
|
|
}
|
2022-09-05 03:21:02 +00:00
|
|
|
|
|
|
|
port "syslog" {
|
|
|
|
static = 514
|
|
|
|
}
|
2023-07-07 23:34:50 +00:00
|
|
|
|
2023-07-19 16:28:08 +00:00
|
|
|
port "gitssh" {
|
|
|
|
static = 2222
|
|
|
|
}
|
|
|
|
|
2023-07-07 23:34:50 +00:00
|
|
|
dns {
|
|
|
|
servers = [
|
|
|
|
"192.168.2.101",
|
|
|
|
"192.168.2.102",
|
|
|
|
"192.168.2.30",
|
|
|
|
"192.168.2.170",
|
|
|
|
]
|
|
|
|
}
|
2022-02-16 17:56:18 +00:00
|
|
|
}
|
|
|
|
|
2022-07-28 00:30:35 +00:00
|
|
|
ephemeral_disk {
|
|
|
|
migrate = true
|
|
|
|
sticky = true
|
|
|
|
}
|
|
|
|
|
2022-02-16 17:56:18 +00:00
|
|
|
service {
|
|
|
|
name = "traefik"
|
2022-11-21 00:24:00 +00:00
|
|
|
provider = "nomad"
|
2022-02-16 17:56:18 +00:00
|
|
|
port = "web"
|
|
|
|
|
|
|
|
check {
|
|
|
|
type = "http"
|
|
|
|
path = "/ping"
|
|
|
|
port = "web"
|
|
|
|
interval = "10s"
|
|
|
|
timeout = "2s"
|
|
|
|
}
|
|
|
|
|
|
|
|
tags = [
|
|
|
|
"traefik.enable=true",
|
2022-07-27 18:12:08 +00:00
|
|
|
"traefik.http.routers.traefik.entryPoints=websecure",
|
|
|
|
"traefik.http.routers.traefik.service=api@internal",
|
2022-02-16 17:56:18 +00:00
|
|
|
]
|
|
|
|
}
|
|
|
|
|
|
|
|
task "traefik" {
|
|
|
|
driver = "docker"
|
|
|
|
|
2023-01-13 23:47:48 +00:00
|
|
|
meta = {
|
|
|
|
"diun.sort_tags" = "semver"
|
|
|
|
"diun.watch_repo" = true
|
2023-02-14 20:28:41 +00:00
|
|
|
"diun.include_tags" = "^[0-9]+\\.[0-9]+$"
|
2023-01-13 23:47:48 +00:00
|
|
|
}
|
|
|
|
|
2022-02-16 17:56:18 +00:00
|
|
|
config {
|
2022-11-15 23:55:11 +00:00
|
|
|
image = "traefik:2.9"
|
2022-02-16 17:56:18 +00:00
|
|
|
|
|
|
|
ports = ["web", "websecure"]
|
|
|
|
network_mode = "host"
|
|
|
|
|
2022-03-14 22:58:03 +00:00
|
|
|
mount {
|
|
|
|
type = "bind"
|
|
|
|
target = "/etc/traefik"
|
2022-07-27 04:45:06 +00:00
|
|
|
source = "local/config"
|
2022-03-14 22:58:03 +00:00
|
|
|
}
|
2022-07-27 04:45:06 +00:00
|
|
|
|
|
|
|
mount {
|
|
|
|
type = "bind"
|
|
|
|
target = "/etc/traefik/usersfile"
|
|
|
|
source = "secrets/usersfile"
|
|
|
|
}
|
2024-01-03 21:56:43 +00:00
|
|
|
|
|
|
|
mount {
|
|
|
|
type = "bind"
|
|
|
|
target = "/etc/traefik/certs"
|
|
|
|
source = "secrets/certs"
|
|
|
|
}
|
2022-07-27 04:45:06 +00:00
|
|
|
}
|
|
|
|
|
2022-03-14 22:58:03 +00:00
|
|
|
template {
|
|
|
|
# Avoid conflict with TOML lists [[ ]] and Go templates {{ }}
|
|
|
|
left_delimiter = "<<"
|
|
|
|
right_delimiter = ">>"
|
|
|
|
data = <<EOH
|
|
|
|
[log]
|
|
|
|
level = "DEBUG"
|
|
|
|
|
|
|
|
[entryPoints]
|
|
|
|
[entryPoints.web]
|
|
|
|
address = ":80"
|
|
|
|
[entryPoints.web.http]
|
|
|
|
[entryPoints.web.http.redirections]
|
|
|
|
[entryPoints.web.http.redirections.entrypoint]
|
|
|
|
to = "websecure"
|
|
|
|
scheme = "https"
|
|
|
|
|
|
|
|
[entryPoints.websecure]
|
|
|
|
address = ":443"
|
|
|
|
[entryPoints.websecure.http.tls]
|
|
|
|
|
|
|
|
[entryPoints.metrics]
|
|
|
|
address = ":8989"
|
|
|
|
|
2022-09-04 19:36:26 +00:00
|
|
|
[entryPoints.syslogtcp]
|
|
|
|
address = ":514"
|
|
|
|
|
|
|
|
[entryPoints.syslogudp]
|
|
|
|
address = ":514/udp"
|
|
|
|
|
2023-07-19 16:28:08 +00:00
|
|
|
[entryPoints.gitssh]
|
|
|
|
address = ":2222"
|
|
|
|
|
2022-03-14 22:58:03 +00:00
|
|
|
[api]
|
|
|
|
dashboard = true
|
|
|
|
|
|
|
|
[ping]
|
|
|
|
entrypoint = "web"
|
|
|
|
|
|
|
|
[metrics]
|
|
|
|
[metrics.prometheus]
|
|
|
|
entrypoint = "metrics"
|
|
|
|
# manualRouting = true
|
|
|
|
|
|
|
|
[providers.file]
|
|
|
|
directory = "/etc/traefik/conf"
|
|
|
|
watch = true
|
|
|
|
|
2023-03-24 15:50:16 +00:00
|
|
|
[providers.nomad]
|
|
|
|
exposedByDefault = false
|
2022-11-21 00:24:00 +00:00
|
|
|
defaultRule = "Host(`{{normalize .Name}}.<< with nomadVar "nomad/jobs" >><< .base_hostname >><< end >>`)"
|
2023-03-24 15:50:16 +00:00
|
|
|
[providers.nomad.endpoint]
|
2022-11-21 00:24:00 +00:00
|
|
|
address = "http://<< env "attr.unique.network.ip-address" >>:4646"
|
2022-03-14 22:58:03 +00:00
|
|
|
EOH
|
2024-01-03 21:56:43 +00:00
|
|
|
destination = "${NOMAD_TASK_DIR}/config/traefik.toml"
|
2022-07-27 18:12:08 +00:00
|
|
|
}
|
|
|
|
|
2022-03-14 22:58:03 +00:00
|
|
|
template {
|
|
|
|
data = <<EOH
|
|
|
|
[http]
|
|
|
|
[http.routers]
|
|
|
|
[http.routers.nomad]
|
2022-03-15 18:57:00 +00:00
|
|
|
entryPoints = ["websecure"]
|
2022-03-14 22:58:03 +00:00
|
|
|
service = "nomad"
|
2022-11-21 00:24:00 +00:00
|
|
|
rule = "Host(`nomad.{{ with nomadVar "nomad/jobs" }}{{ .base_hostname }}{{ end }}`)"
|
2023-03-24 23:32:37 +00:00
|
|
|
[http.routers.hass]
|
|
|
|
entryPoints = ["websecure"]
|
|
|
|
service = "hass"
|
|
|
|
rule = "Host(`hass.{{ with nomadVar "nomad/jobs" }}{{ .base_hostname }}{{ end }}`)"
|
2022-03-14 22:58:03 +00:00
|
|
|
|
|
|
|
[http.services]
|
|
|
|
[http.services.nomad]
|
|
|
|
[http.services.nomad.loadBalancer]
|
|
|
|
[[http.services.nomad.loadBalancer.servers]]
|
2023-03-24 23:32:37 +00:00
|
|
|
url = "http://127.0.0.1:4646"
|
|
|
|
[http.services.hass]
|
|
|
|
[http.services.hass.loadBalancer]
|
|
|
|
[[http.services.hass.loadBalancer.servers]]
|
|
|
|
url = "http://192.168.3.65:8123"
|
2022-07-27 04:45:06 +00:00
|
|
|
EOH
|
2024-01-03 21:56:43 +00:00
|
|
|
destination = "${NOMAD_TASK_DIR}/config/conf/route-hashi.toml"
|
2022-07-27 04:45:06 +00:00
|
|
|
change_mode = "noop"
|
|
|
|
}
|
|
|
|
|
2022-09-05 03:21:02 +00:00
|
|
|
template {
|
|
|
|
data = <<EOH
|
2022-11-21 00:24:00 +00:00
|
|
|
{{ with nomadService "syslogng" -}}
|
2022-09-05 03:21:02 +00:00
|
|
|
[tcp.routers]
|
|
|
|
[tcp.routers.syslogtcp]
|
|
|
|
entryPoints = ["syslogtcp"]
|
|
|
|
service = "syslogngtcp"
|
|
|
|
rule = "HostSNI(`*`)"
|
|
|
|
|
|
|
|
[tcp.services]
|
|
|
|
[tcp.services.syslogngtcp]
|
|
|
|
[tcp.services.syslogngtcp.loadBalancer]
|
|
|
|
{{ range . -}}
|
|
|
|
[[tcp.services.syslogngtcp.loadBalancer.servers]]
|
|
|
|
address = "{{ .Address }}:{{ .Port }}"
|
|
|
|
{{ end -}}
|
2023-03-24 23:32:37 +00:00
|
|
|
{{- end }}
|
2022-09-05 03:21:02 +00:00
|
|
|
|
2022-11-21 00:24:00 +00:00
|
|
|
{{ with nomadService "syslogng" -}}
|
2022-09-05 03:21:02 +00:00
|
|
|
[udp.routers]
|
|
|
|
[udp.routers.syslogudp]
|
|
|
|
entryPoints = ["syslogudp"]
|
|
|
|
service = "syslogngudp"
|
|
|
|
|
|
|
|
[udp.services]
|
|
|
|
[udp.services.syslogngudp]
|
|
|
|
[udp.services.syslogngudp.loadBalancer]
|
|
|
|
{{ range . -}}
|
|
|
|
[[udp.services.syslogngudp.loadBalancer.servers]]
|
|
|
|
address = "{{ .Address }}:{{ .Port }}"
|
|
|
|
{{ end -}}
|
2023-03-24 23:32:37 +00:00
|
|
|
{{- end }}
|
2022-09-05 03:21:02 +00:00
|
|
|
EOH
|
2024-01-03 21:56:43 +00:00
|
|
|
destination = "${NOMAD_TASK_DIR}/config/conf/route-syslog-ng.toml"
|
|
|
|
change_mode = "noop"
|
|
|
|
}
|
|
|
|
|
|
|
|
template {
|
|
|
|
data = <<EOF
|
|
|
|
{{- with nomadVar "secrets/certs/_lego/certificates/__thefij_rocks_crt" }}{{ .contents }}{{ end -}}"
|
|
|
|
EOF
|
|
|
|
destination = "${NOMAD_SECRETS_DIR}/certs/_.thefij.rocks.crt"
|
|
|
|
change_mode = "noop"
|
|
|
|
}
|
|
|
|
|
|
|
|
template {
|
|
|
|
data = <<EOF
|
|
|
|
{{- with nomadVar "secrets/certs/_lego/certificates/__thefij_rocks_key" }}{{ .contents }}{{ end -}}"
|
|
|
|
EOF
|
|
|
|
destination = "${NOMAD_SECRETS_DIR}/certs/_.thefij.rocks.key"
|
|
|
|
change_mode = "noop"
|
|
|
|
}
|
|
|
|
|
|
|
|
template {
|
|
|
|
data = <<EOH
|
|
|
|
[[tls.certificates]]
|
|
|
|
certFile = "/etc/traefik/certs/_.thefij.rocks.crt"
|
|
|
|
keyFile = "/etc/traefik/certs/_.thefij.rocks.key"
|
|
|
|
EOH
|
|
|
|
destination = "${NOMAD_TASK_DIR}/config/conf/dynamic-tls.toml"
|
2022-09-05 03:21:02 +00:00
|
|
|
change_mode = "noop"
|
|
|
|
}
|
|
|
|
|
2022-07-27 04:45:06 +00:00
|
|
|
template {
|
|
|
|
data = <<EOH
|
|
|
|
[http.middlewares]
|
2022-11-21 00:24:00 +00:00
|
|
|
{{ with nomadVar "nomad/jobs/traefik" }}
|
|
|
|
{{ if .usersfile }}
|
2022-07-27 04:45:06 +00:00
|
|
|
[http.middlewares.basic-auth.basicAuth]
|
|
|
|
usersFile = "/etc/traefik/usersfile"
|
2023-03-24 23:32:37 +00:00
|
|
|
{{- end }}
|
|
|
|
{{- end }}
|
2022-07-27 04:45:06 +00:00
|
|
|
EOH
|
2024-01-03 21:56:43 +00:00
|
|
|
destination = "${NOMAD_TASK_DIR}/config/conf/middlewares.toml"
|
2022-07-27 04:45:06 +00:00
|
|
|
change_mode = "noop"
|
|
|
|
}
|
|
|
|
|
|
|
|
template {
|
|
|
|
data = <<EOH
|
2023-03-24 23:32:37 +00:00
|
|
|
{{ with nomadVar "nomad/jobs/traefik" -}}
|
2022-11-21 00:24:00 +00:00
|
|
|
{{ .usersfile }}
|
2023-03-24 23:32:37 +00:00
|
|
|
{{- end }}
|
2022-03-14 22:58:03 +00:00
|
|
|
EOH
|
2024-01-03 21:56:43 +00:00
|
|
|
destination = "${NOMAD_SECRETS_DIR}/usersfile"
|
2022-03-14 22:58:03 +00:00
|
|
|
change_mode = "noop"
|
2022-02-16 17:56:18 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
resources {
|
2022-07-25 22:51:16 +00:00
|
|
|
cpu = 100
|
2023-07-31 17:43:03 +00:00
|
|
|
memory = 150
|
2022-02-16 17:56:18 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|