Big refactor to split core and services for better ordering
This commit is contained in:
parent
253069439d
commit
45c597b040
@ -35,8 +35,14 @@ all:
|
||||
group: "bin"
|
||||
mode: "0755"
|
||||
read_only: false
|
||||
- name: authentik-data
|
||||
path: /srv/volumes/gitea
|
||||
- name: sonarr-data
|
||||
path: /srv/volumes/sonarr
|
||||
owner: "root"
|
||||
group: "bin"
|
||||
mode: "0755"
|
||||
read_only: false
|
||||
- name: nzbget-data
|
||||
path: /srv/volumes/nzbget
|
||||
owner: "root"
|
||||
group: "bin"
|
||||
mode: "0755"
|
||||
|
@ -68,7 +68,7 @@
|
||||
"{{ item.value }}"
|
||||
loop: "{{ hashi_vault_values | default({}) | dict2items }}"
|
||||
retries: 2
|
||||
delay: 5
|
||||
delay: 10
|
||||
|
||||
- name: Write userpass
|
||||
no_log: true
|
||||
|
132
core.tf
132
core.tf
@ -2,133 +2,11 @@ module "databases" {
|
||||
source = "./databases"
|
||||
}
|
||||
|
||||
module "blocky" {
|
||||
source = "./blocky"
|
||||
module "core" {
|
||||
source = "./core"
|
||||
|
||||
base_hostname = var.base_hostname
|
||||
depends_on = [module.databases]
|
||||
}
|
||||
|
||||
module "traefik" {
|
||||
source = "./traefik"
|
||||
|
||||
base_hostname = var.base_hostname
|
||||
}
|
||||
|
||||
module "nomad_login" {
|
||||
source = "./levant"
|
||||
|
||||
template_path = "service.nomad"
|
||||
variables = {
|
||||
name = "nomad-login"
|
||||
image = "iamthefij/nomad-vault-login"
|
||||
service_port = 5000
|
||||
ingress = true
|
||||
ingress_rule = "Host(`nomad.thefij.rocks`) && PathPrefix(`/login`)"
|
||||
env = jsonencode({
|
||||
VAULT_ADDR = "http://$${attr.unique.network.ip-address}:8200",
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
module "metrics" {
|
||||
source = "./metrics"
|
||||
}
|
||||
|
||||
module "loki" {
|
||||
source = "./levant"
|
||||
|
||||
template_path = "service.nomad"
|
||||
variables = {
|
||||
name = "loki"
|
||||
image = "grafana/loki:2.2.1"
|
||||
service_port = 3100
|
||||
ingress = true
|
||||
sticky_disk = true
|
||||
healthcheck = "/ready"
|
||||
templates = jsonencode([
|
||||
{
|
||||
data = file("./loki-config.yml")
|
||||
dest = "/etc/loki/local-config.yaml"
|
||||
}
|
||||
])
|
||||
}
|
||||
}
|
||||
|
||||
resource "consul_config_entry" "loki_intent" {
|
||||
name = "loki"
|
||||
kind = "service-intentions"
|
||||
|
||||
config_json = jsonencode({
|
||||
Sources = [
|
||||
{
|
||||
Action = "allow"
|
||||
Name = "grafana"
|
||||
Precedence = 9
|
||||
Type = "consul"
|
||||
},
|
||||
{
|
||||
Action = "allow"
|
||||
Name = "promtail"
|
||||
Precedence = 9
|
||||
Type = "consul"
|
||||
},
|
||||
{
|
||||
Action = "allow"
|
||||
Name = "syslogng-promtail"
|
||||
Precedence = 9
|
||||
Type = "consul"
|
||||
},
|
||||
]
|
||||
})
|
||||
}
|
||||
|
||||
resource "nomad_job" "syslog-ng" {
|
||||
jobspec = file("${path.module}/syslogng.nomad")
|
||||
}
|
||||
|
||||
resource "nomad_job" "ddclient" {
|
||||
jobspec = file("${path.module}/ddclient.nomad")
|
||||
}
|
||||
|
||||
resource "nomad_job" "lldap" {
|
||||
jobspec = file("${path.module}/lldap.nomad")
|
||||
}
|
||||
|
||||
resource "consul_config_entry" "syslogng_promtail_intent" {
|
||||
name = "syslogng-promtail"
|
||||
kind = "service-intentions"
|
||||
|
||||
config_json = jsonencode({
|
||||
Sources = [
|
||||
{
|
||||
Action = "allow"
|
||||
Name = "syslogng"
|
||||
Precedence = 9
|
||||
Type = "consul"
|
||||
},
|
||||
]
|
||||
})
|
||||
}
|
||||
|
||||
resource "consul_config_entry" "global_access" {
|
||||
name = "*"
|
||||
kind = "service-intentions"
|
||||
|
||||
config_json = jsonencode({
|
||||
Sources = [
|
||||
{
|
||||
Action = "allow"
|
||||
Name = "traefik"
|
||||
Precedence = 6
|
||||
Type = "consul"
|
||||
},
|
||||
{
|
||||
Action = "deny"
|
||||
Name = "*"
|
||||
Precedence = 5
|
||||
Type = "consul"
|
||||
},
|
||||
]
|
||||
})
|
||||
|
||||
# Metrics and Blocky depend on databases
|
||||
depends_on = [module.databases]
|
||||
}
|
||||
|
59
core/.terraform.lock.hcl
generated
Normal file
59
core/.terraform.lock.hcl
generated
Normal file
@ -0,0 +1,59 @@
|
||||
# This file is maintained automatically by "terraform init".
|
||||
# Manual edits may be lost in future updates.
|
||||
|
||||
provider "registry.terraform.io/hashicorp/consul" {
|
||||
version = "2.16.2"
|
||||
hashes = [
|
||||
"h1:epldE7sZPBTQHnWEA4WlNJIOVT1UEX+/02SMg5nniaE=",
|
||||
"zh:0a2e11ca2ba650954951a087a1daec95eee2f3000456b295409a9880c4a10b1a",
|
||||
"zh:34f6bda06a0d1c213fa8d87d4313687681e67bc8c40c4cbaa7dbe59ce24a4f7e",
|
||||
"zh:5b85cf93db11ee890f720c317a38158927071feb634855786a0c0cd65825a43c",
|
||||
"zh:75ef915f3d087e6045751a66fbb7066a852a0944ec8c97200d1134dd84df7ffc",
|
||||
"zh:8a4a95697bd91ad51a581c12fe50ac61a114afba27895d027f77ac4154a7ea15",
|
||||
"zh:973d538c8d72793861a1ac9718249a9493f417a2b5096846367560054fd843b9",
|
||||
"zh:9feb2bdc06fdc2d8370cc9aad9a0c69e7e5ae38aac43f315c3f57507c57be030",
|
||||
"zh:c5709672d0afecbbe298bf519741ebcb9d04f02a73b5ee0c186dfa241aa5a524",
|
||||
"zh:c65c60570de6da7190e1e7762577655a463caeb59bc5d38e33034821ed0cbcb9",
|
||||
"zh:c958d6282650fc472aade61d5df4300936033f43cfb898293ef86aceccdfdf1d",
|
||||
"zh:cdd3632c81e1d11d3becd193aaa061688840f39147950c45c4301d042743ae6a",
|
||||
"zh:f3d3efac504c9484a025beb919d22b290aa6dbff256f6e86c1f8ce7817e077e5",
|
||||
]
|
||||
}
|
||||
|
||||
provider "registry.terraform.io/hashicorp/external" {
|
||||
version = "2.2.2"
|
||||
hashes = [
|
||||
"h1:e7RpnZ2PbJEEPnfsg7V0FNwbfSk0/Z3FdrLsXINBmDY=",
|
||||
"zh:0b84ab0af2e28606e9c0c1289343949339221c3ab126616b831ddb5aaef5f5ca",
|
||||
"zh:10cf5c9b9524ca2e4302bf02368dc6aac29fb50aeaa6f7758cce9aa36ae87a28",
|
||||
"zh:56a016ee871c8501acb3f2ee3b51592ad7c3871a1757b098838349b17762ba6b",
|
||||
"zh:719d6ef39c50e4cffc67aa67d74d195adaf42afcf62beab132dafdb500347d39",
|
||||
"zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
|
||||
"zh:7fbfc4d37435ac2f717b0316f872f558f608596b389b895fcb549f118462d327",
|
||||
"zh:8ac71408204db606ce63fe8f9aeaf1ddc7751d57d586ec421e62d440c402e955",
|
||||
"zh:a4cacdb06f114454b6ed0033add28006afa3f65a0ea7a43befe45fc82e6809fb",
|
||||
"zh:bb5ce3132b52ae32b6cc005bc9f7627b95259b9ffe556de4dad60d47d47f21f0",
|
||||
"zh:bb60d2976f125ffd232a7ccb4b3f81e7109578b23c9c6179f13a11d125dca82a",
|
||||
"zh:f9540ecd2e056d6e71b9ea5f5a5cf8f63dd5c25394b9db831083a9d4ea99b372",
|
||||
"zh:ffd998b55b8a64d4335a090b6956b4bf8855b290f7554dd38db3302de9c41809",
|
||||
]
|
||||
}
|
||||
|
||||
provider "registry.terraform.io/hashicorp/nomad" {
|
||||
version = "1.4.19"
|
||||
hashes = [
|
||||
"h1:EdBny2gaLr/IE+l+6csyCKeIGFMYZ/4tHKpcbS7ArgE=",
|
||||
"zh:2f3ceeb3318a6304026035b0ac9ee3e52df04913bb9ee78827e58c5398b41254",
|
||||
"zh:3fbe76c7d957d20dfe3c8c0528b33084651f22a95be9e0452b658e0922916e2a",
|
||||
"zh:595671a05828cfe6c42ef73aac894ac39f81a52cc662a76f37eb74ebe04ddf75",
|
||||
"zh:5d76e8788d2af3e60daf8076babf763ec887480bbb9734baccccd8fcddf4f03e",
|
||||
"zh:676985afeaca6e67b22d60d43fd0ed7055763029ffebc3026089fe2fd3b4a288",
|
||||
"zh:69152ce6164ac999a640cff962ece45208270e1ac37c10dac484eeea5cf47275",
|
||||
"zh:6da0b15c05b81f947ec8e139bd81eeeb05c0d36eb5a967b985d0625c60998b40",
|
||||
"zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
|
||||
"zh:822c0a3bbada5e38099a379db8b2e339526843699627c3be3664cc3b3752bab7",
|
||||
"zh:af23af2f98a84695b25c8eba7028a81ad4aad63c44aefb79e01bbe2dc82e7f78",
|
||||
"zh:e36cac9960b7506d92925b667254322520966b9c3feb3ca6102e57a1fb9b1761",
|
||||
"zh:ffd1e096c1cc35de879c740a91918e9f06b627818a3cb4b1d87b829b54a6985f",
|
||||
]
|
||||
}
|
134
core/main.tf
Normal file
134
core/main.tf
Normal file
@ -0,0 +1,134 @@
|
||||
|
||||
module "blocky" {
|
||||
source = "./blocky"
|
||||
|
||||
base_hostname = var.base_hostname
|
||||
# Not in this module
|
||||
# depends_on = [module.databases]
|
||||
}
|
||||
|
||||
module "traefik" {
|
||||
source = "./traefik"
|
||||
|
||||
base_hostname = var.base_hostname
|
||||
}
|
||||
|
||||
module "nomad_login" {
|
||||
source = "../levant"
|
||||
|
||||
template_path = "service.nomad"
|
||||
variables = {
|
||||
name = "nomad-login"
|
||||
image = "iamthefij/nomad-vault-login"
|
||||
service_port = 5000
|
||||
ingress = true
|
||||
ingress_rule = "Host(`nomad.thefij.rocks`) && PathPrefix(`/login`)"
|
||||
env = jsonencode({
|
||||
VAULT_ADDR = "http://$${attr.unique.network.ip-address}:8200",
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
module "metrics" {
|
||||
source = "./metrics"
|
||||
# Not in this module
|
||||
# depends_on = [module.databases]
|
||||
}
|
||||
|
||||
module "loki" {
|
||||
source = "../levant"
|
||||
|
||||
template_path = "service.nomad"
|
||||
variables = {
|
||||
name = "loki"
|
||||
image = "grafana/loki:2.2.1"
|
||||
service_port = 3100
|
||||
ingress = true
|
||||
sticky_disk = true
|
||||
healthcheck = "/ready"
|
||||
templates = jsonencode([
|
||||
{
|
||||
data = file("${path.module}/loki-config.yml")
|
||||
dest = "/etc/loki/local-config.yaml"
|
||||
}
|
||||
])
|
||||
}
|
||||
}
|
||||
|
||||
resource "consul_config_entry" "loki_intent" {
|
||||
name = "loki"
|
||||
kind = "service-intentions"
|
||||
|
||||
config_json = jsonencode({
|
||||
Sources = [
|
||||
{
|
||||
Action = "allow"
|
||||
Name = "grafana"
|
||||
Precedence = 9
|
||||
Type = "consul"
|
||||
},
|
||||
{
|
||||
Action = "allow"
|
||||
Name = "promtail"
|
||||
Precedence = 9
|
||||
Type = "consul"
|
||||
},
|
||||
{
|
||||
Action = "allow"
|
||||
Name = "syslogng-promtail"
|
||||
Precedence = 9
|
||||
Type = "consul"
|
||||
},
|
||||
]
|
||||
})
|
||||
}
|
||||
|
||||
resource "nomad_job" "syslog-ng" {
|
||||
jobspec = file("${path.module}/syslogng.nomad")
|
||||
}
|
||||
|
||||
resource "nomad_job" "ddclient" {
|
||||
jobspec = file("${path.module}/ddclient.nomad")
|
||||
}
|
||||
|
||||
resource "nomad_job" "lldap" {
|
||||
jobspec = file("${path.module}/lldap.nomad")
|
||||
}
|
||||
|
||||
resource "consul_config_entry" "syslogng_promtail_intent" {
|
||||
name = "syslogng-promtail"
|
||||
kind = "service-intentions"
|
||||
|
||||
config_json = jsonencode({
|
||||
Sources = [
|
||||
{
|
||||
Action = "allow"
|
||||
Name = "syslogng"
|
||||
Precedence = 9
|
||||
Type = "consul"
|
||||
},
|
||||
]
|
||||
})
|
||||
}
|
||||
|
||||
resource "consul_config_entry" "global_access" {
|
||||
name = "*"
|
||||
kind = "service-intentions"
|
||||
|
||||
config_json = jsonencode({
|
||||
Sources = [
|
||||
{
|
||||
Action = "allow"
|
||||
Name = "traefik"
|
||||
Precedence = 6
|
||||
Type = "consul"
|
||||
},
|
||||
{
|
||||
Action = "deny"
|
||||
Name = "*"
|
||||
Precedence = 5
|
||||
Type = "consul"
|
||||
},
|
||||
]
|
||||
})
|
||||
}
|
5
core/vars.tf
Normal file
5
core/vars.tf
Normal file
@ -0,0 +1,5 @@
|
||||
variable "base_hostname" {
|
||||
type = string
|
||||
description = "Base hostname to serve content from"
|
||||
default = "dev.homelab"
|
||||
}
|
40
databases/.terraform.lock.hcl
generated
Normal file
40
databases/.terraform.lock.hcl
generated
Normal file
@ -0,0 +1,40 @@
|
||||
# This file is maintained automatically by "terraform init".
|
||||
# Manual edits may be lost in future updates.
|
||||
|
||||
provider "registry.terraform.io/hashicorp/consul" {
|
||||
version = "2.15.1"
|
||||
hashes = [
|
||||
"h1:PexyQBRLDA+SR+sWlzYBZswry5O5h/tTfj87CaECtLc=",
|
||||
"zh:1806830a3cf103e65e772a7d28fd4df2788c29a029fb2def1326bc777ad107ed",
|
||||
"zh:252be544fb4c9daf09cad7d3776daf5fa66b62740d3ea9d6d499a7b1697c3433",
|
||||
"zh:50985fe02a8e5ae47c75d7c28c911b25d7dc4716cff2ed55ca05889ab77a1f73",
|
||||
"zh:54cf0ec90538703c66937c77e8d72a38d5af47437eb0b8b55eb5836c5d288878",
|
||||
"zh:704f536c621337e06fffef6d5f49ac81f52d249f937250527c12884cb83aefed",
|
||||
"zh:896d8ef6d0b555299f124eb25bce8a17d735da14ef21f07582098d301f47da30",
|
||||
"zh:976277a85b0a0baafe267cc494f766448d1da5b6936ddcb3ce393bd4d22f08d2",
|
||||
"zh:c7faa9a2b11bc45833a3e8e340f22f1ecf01597eaeffa7669234b4549d7dfa85",
|
||||
"zh:caf851ef9c8ce482864badf7058f9278d4537112fa236efd8f1a9315801d9061",
|
||||
"zh:db203435d58b0ac842540861b3307a623423275d85754c171773f3b210ae5b24",
|
||||
"zh:f3d3efac504c9484a025beb919d22b290aa6dbff256f6e86c1f8ce7817e077e5",
|
||||
"zh:f710a37190429045d109edd35de69db3b5f619919c2fa04c77a3a639fea9fd7d",
|
||||
]
|
||||
}
|
||||
|
||||
provider "registry.terraform.io/hashicorp/nomad" {
|
||||
version = "1.4.17"
|
||||
hashes = [
|
||||
"h1:iPylWr144mqXvM8NBVMTm+MS6JRhqIihlpJG91GYDyA=",
|
||||
"zh:146f97eacd9a0c78b357a6cfd2cb12765d4b18e9660a75500ee3e748c6eba41a",
|
||||
"zh:2eb89a6e5cee9aea03a96ea9f141096fe3baf219b2700ce30229d2d882f5015f",
|
||||
"zh:3d0f971f79b615c1014c75e2f99f34bd4b4da542ca9f31d5ea7fadc4e9de39c1",
|
||||
"zh:46099a750c752ce05aa14d663a86478a5ad66d95aff3d69367f1d3628aac7792",
|
||||
"zh:71e56006b013dcfe1e4e059b2b07148b44fcd79351ae2c357e0d97e27ae0d916",
|
||||
"zh:74febd25d776688f0558178c2f5a0e6818bbf4cdaa2e160d7049da04103940f0",
|
||||
"zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
|
||||
"zh:af18c064a5f0dd5422d6771939274841f635b619ab392c73d5bf9720945fdb85",
|
||||
"zh:c133d7a862079da9f06e301c530eacbd70e9288fa2276ec0704df907270ee328",
|
||||
"zh:c894cf98d239b9f5a4b7cde9f5c836face0b5b93099048ee817b0380ea439c65",
|
||||
"zh:c918642870f0cafdbe4d7dd07c909701fc3ddb47cac8357bdcde1327bf78c11d",
|
||||
"zh:f8f5655099a57b4b9c0018a2d49133771e24c7ff8262efb1ceb140fd224aa9b6",
|
||||
]
|
||||
}
|
20
media/.terraform.lock.hcl
generated
20
media/.terraform.lock.hcl
generated
@ -1,20 +0,0 @@
|
||||
# This file is maintained automatically by "terraform init".
|
||||
# Manual edits may be lost in future updates.
|
||||
|
||||
provider "registry.terraform.io/hashicorp/nomad" {
|
||||
version = "1.4.16"
|
||||
hashes = [
|
||||
"h1:tyfjD/maKzb0RxxD9KWgLnkJu9lnYziYsQgGw85Giz8=",
|
||||
"zh:0d4fbb7030d9caac3b123e60afa44f50c83cc2a983e1866aec7f30414abe7b0e",
|
||||
"zh:0db080228e07c72d6d8ca8c45249d6f97cd0189fce82a77abbdcd49a52e57572",
|
||||
"zh:0df88393271078533a217654b96f0672c60eb59570d72e6aefcb839eea87a7a0",
|
||||
"zh:2883b335bb6044b0db6a00e602d6926c047c7f330294a73a90d089f98b24d084",
|
||||
"zh:390158d928009a041b3a182bdd82376b50530805ae92be2b84ed7c3b0fa902a0",
|
||||
"zh:7169b8f8df4b8e9659c49043848fd5f7f8473d0471f67815e8b04980f827f5ef",
|
||||
"zh:9417ee1383b1edd137024882d7035be4dca51fb4f725ca00ed87729086ec1755",
|
||||
"zh:a22910b5a29eeab5610350700b4899267c1b09b66cf21f7e4d06afc61d425800",
|
||||
"zh:a6185c9cd7aa458cd81861058ba568b6411fbac344373a20155e20256f4a7557",
|
||||
"zh:b6260ca9f034df1b47905b4e2a9c33b67dbf77224a694d5b10fb09ae92ffad4c",
|
||||
"zh:d87c12a6a7768f2b6c2a59495c7dc00f9ecc52b1b868331d4c284f791e278a1e",
|
||||
]
|
||||
}
|
38
mysql/.terraform.lock.hcl
generated
38
mysql/.terraform.lock.hcl
generated
@ -1,38 +0,0 @@
|
||||
# This file is maintained automatically by "terraform init".
|
||||
# Manual edits may be lost in future updates.
|
||||
|
||||
provider "registry.terraform.io/hashicorp/consul" {
|
||||
version = "2.15.0"
|
||||
hashes = [
|
||||
"h1:o+Su3YqeOkHgf86GEArIVDZfaZQphYFjAOwpi/b0bzs=",
|
||||
"zh:0bd2a9873099d89bd52e9eee623dd20ccb275d1e2f750da229a53a4d5b23450c",
|
||||
"zh:1c9f87d4d97b2c61d006c0bef159d61d2a661a103025f8276ebbeb000129f931",
|
||||
"zh:25b73a34115255c464be10a53f2510c4a1db958a71be31974d30654d5472e624",
|
||||
"zh:32fa31329731db2bf4b7d0f09096416ca146f05b58f4482bbd4ee0f28cefbbcc",
|
||||
"zh:59136b73d3abe7cc5b06d9e12d123ad21298ca86ed49a4060a3cd7c2a28a74a1",
|
||||
"zh:a191f3210773ca25c543a92f2d392b85e6a053d596293655b1f25b33eb843b4c",
|
||||
"zh:b8b6033cf0687eadc1099f11d9fb2ca9429ff40c2d85bd6cb047c0f6bc5d5d8d",
|
||||
"zh:bb7d67ed28aa9b28fc5154161af003383f940b2beda0d4577857cad700f39cd1",
|
||||
"zh:be615288f59327b975532a1999deab60a022e6819fe80e5a32526155210ecbba",
|
||||
"zh:de1e3d5c34eef87eb301e74717754babb6dc8e19e3a964919e1165c5a076a719",
|
||||
"zh:eb8c61b20d8ce2bfff9f735ca8456a0d6368af13aa1f43866f61c70f88cc491c",
|
||||
]
|
||||
}
|
||||
|
||||
provider "registry.terraform.io/hashicorp/nomad" {
|
||||
version = "1.4.16"
|
||||
hashes = [
|
||||
"h1:tyfjD/maKzb0RxxD9KWgLnkJu9lnYziYsQgGw85Giz8=",
|
||||
"zh:0d4fbb7030d9caac3b123e60afa44f50c83cc2a983e1866aec7f30414abe7b0e",
|
||||
"zh:0db080228e07c72d6d8ca8c45249d6f97cd0189fce82a77abbdcd49a52e57572",
|
||||
"zh:0df88393271078533a217654b96f0672c60eb59570d72e6aefcb839eea87a7a0",
|
||||
"zh:2883b335bb6044b0db6a00e602d6926c047c7f330294a73a90d089f98b24d084",
|
||||
"zh:390158d928009a041b3a182bdd82376b50530805ae92be2b84ed7c3b0fa902a0",
|
||||
"zh:7169b8f8df4b8e9659c49043848fd5f7f8473d0471f67815e8b04980f827f5ef",
|
||||
"zh:9417ee1383b1edd137024882d7035be4dca51fb4f725ca00ed87729086ec1755",
|
||||
"zh:a22910b5a29eeab5610350700b4899267c1b09b66cf21f7e4d06afc61d425800",
|
||||
"zh:a6185c9cd7aa458cd81861058ba568b6411fbac344373a20155e20256f4a7557",
|
||||
"zh:b6260ca9f034df1b47905b4e2a9c33b67dbf77224a694d5b10fb09ae92ffad4c",
|
||||
"zh:d87c12a6a7768f2b6c2a59495c7dc00f9ecc52b1b868331d4c284f791e278a1e",
|
||||
]
|
||||
}
|
@ -21,6 +21,10 @@
|
||||
# read_only = bool,
|
||||
# )))
|
||||
# healthcheck = "/"
|
||||
# upstreams = json(list(dict(
|
||||
# destination_name = str,
|
||||
# local_bind_port = int
|
||||
# )))
|
||||
# mysql = bool
|
||||
# redis = bool
|
||||
# vault = bool
|
||||
@ -83,6 +87,14 @@ job "[[.name]]" {
|
||||
local_bind_port = 6379
|
||||
}
|
||||
[[ end -]]
|
||||
[[ with .upstreams -]]
|
||||
[[range $u := . | parseJSON -]]
|
||||
upstreams {
|
||||
destination_name = "[[ $u.destination_name ]]"
|
||||
local_bind_port = [[ $u.local_bind_port ]]
|
||||
}
|
||||
[[ end ]]
|
||||
[[ end -]]
|
||||
}
|
||||
}
|
||||
|
||||
|
86
services.tf
86
services.tf
@ -1,85 +1,5 @@
|
||||
# module "nextcloud" {
|
||||
# source = "./nextcloud"
|
||||
#
|
||||
# depends_on = [module.databases]
|
||||
# }
|
||||
module "services" {
|
||||
source = "./services"
|
||||
|
||||
module "backups" {
|
||||
source = "./backups"
|
||||
|
||||
depends_on = [module.databases]
|
||||
}
|
||||
|
||||
module "media" {
|
||||
source = "./media"
|
||||
}
|
||||
|
||||
resource "nomad_job" "whoami" {
|
||||
hcl2 {
|
||||
enabled = true
|
||||
vars = {
|
||||
"count" = 1,
|
||||
# "count" = "${2 * length(data.consul_service.nomad.service)}",
|
||||
}
|
||||
}
|
||||
|
||||
jobspec = file("${path.module}/whoami.nomad")
|
||||
}
|
||||
|
||||
module "sonarr" {
|
||||
source = "./levant"
|
||||
|
||||
template_path = "service.nomad"
|
||||
variables = {
|
||||
name = "sonarr"
|
||||
image = "linuxserver/sonarr"
|
||||
service_port = 8989
|
||||
ingress = true
|
||||
env = jsonencode({
|
||||
PGID = 100
|
||||
PUID = 1001
|
||||
})
|
||||
host_volumes = jsonencode([
|
||||
{
|
||||
name = "tv-sonarr"
|
||||
dest = "/srv/volumes/media-write/TV Shows"
|
||||
read_only = false
|
||||
},
|
||||
{
|
||||
name = "download"
|
||||
dest = "/srv/volumes/download"
|
||||
read_only = false
|
||||
},
|
||||
])
|
||||
}
|
||||
}
|
||||
|
||||
resource "consul_service" "homeassistant" {
|
||||
name = "hass"
|
||||
node = consul_node.homeassistant.name
|
||||
port = 8123
|
||||
tags = [
|
||||
"traefik.enable=true",
|
||||
"traefik.consulcatalog.connect=false",
|
||||
"traefik.http.routers.hass.entryPoints=websecure",
|
||||
]
|
||||
|
||||
check {
|
||||
check_id = "homeassistant:hass"
|
||||
status = "passing"
|
||||
name = "Home Assistant Health Check"
|
||||
http = "192.168.3.65:8123"
|
||||
interval = "30s"
|
||||
timeout = "10s"
|
||||
}
|
||||
}
|
||||
|
||||
resource "consul_node" "homeassistant" {
|
||||
name = "homeassistant"
|
||||
address = "192.168.3.65"
|
||||
|
||||
meta = {
|
||||
"external-node" = "true"
|
||||
"external-probe" = "true"
|
||||
}
|
||||
depends_on = [module.databases, module.core]
|
||||
}
|
||||
|
40
services/.terraform.lock.hcl
generated
Normal file
40
services/.terraform.lock.hcl
generated
Normal file
@ -0,0 +1,40 @@
|
||||
# This file is maintained automatically by "terraform init".
|
||||
# Manual edits may be lost in future updates.
|
||||
|
||||
provider "registry.terraform.io/hashicorp/consul" {
|
||||
version = "2.16.2"
|
||||
hashes = [
|
||||
"h1:epldE7sZPBTQHnWEA4WlNJIOVT1UEX+/02SMg5nniaE=",
|
||||
"zh:0a2e11ca2ba650954951a087a1daec95eee2f3000456b295409a9880c4a10b1a",
|
||||
"zh:34f6bda06a0d1c213fa8d87d4313687681e67bc8c40c4cbaa7dbe59ce24a4f7e",
|
||||
"zh:5b85cf93db11ee890f720c317a38158927071feb634855786a0c0cd65825a43c",
|
||||
"zh:75ef915f3d087e6045751a66fbb7066a852a0944ec8c97200d1134dd84df7ffc",
|
||||
"zh:8a4a95697bd91ad51a581c12fe50ac61a114afba27895d027f77ac4154a7ea15",
|
||||
"zh:973d538c8d72793861a1ac9718249a9493f417a2b5096846367560054fd843b9",
|
||||
"zh:9feb2bdc06fdc2d8370cc9aad9a0c69e7e5ae38aac43f315c3f57507c57be030",
|
||||
"zh:c5709672d0afecbbe298bf519741ebcb9d04f02a73b5ee0c186dfa241aa5a524",
|
||||
"zh:c65c60570de6da7190e1e7762577655a463caeb59bc5d38e33034821ed0cbcb9",
|
||||
"zh:c958d6282650fc472aade61d5df4300936033f43cfb898293ef86aceccdfdf1d",
|
||||
"zh:cdd3632c81e1d11d3becd193aaa061688840f39147950c45c4301d042743ae6a",
|
||||
"zh:f3d3efac504c9484a025beb919d22b290aa6dbff256f6e86c1f8ce7817e077e5",
|
||||
]
|
||||
}
|
||||
|
||||
provider "registry.terraform.io/hashicorp/nomad" {
|
||||
version = "1.4.19"
|
||||
hashes = [
|
||||
"h1:EdBny2gaLr/IE+l+6csyCKeIGFMYZ/4tHKpcbS7ArgE=",
|
||||
"zh:2f3ceeb3318a6304026035b0ac9ee3e52df04913bb9ee78827e58c5398b41254",
|
||||
"zh:3fbe76c7d957d20dfe3c8c0528b33084651f22a95be9e0452b658e0922916e2a",
|
||||
"zh:595671a05828cfe6c42ef73aac894ac39f81a52cc662a76f37eb74ebe04ddf75",
|
||||
"zh:5d76e8788d2af3e60daf8076babf763ec887480bbb9734baccccd8fcddf4f03e",
|
||||
"zh:676985afeaca6e67b22d60d43fd0ed7055763029ffebc3026089fe2fd3b4a288",
|
||||
"zh:69152ce6164ac999a640cff962ece45208270e1ac37c10dac484eeea5cf47275",
|
||||
"zh:6da0b15c05b81f947ec8e139bd81eeeb05c0d36eb5a967b985d0625c60998b40",
|
||||
"zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
|
||||
"zh:822c0a3bbada5e38099a379db8b2e339526843699627c3be3664cc3b3752bab7",
|
||||
"zh:af23af2f98a84695b25c8eba7028a81ad4aad63c44aefb79e01bbe2dc82e7f78",
|
||||
"zh:e36cac9960b7506d92925b667254322520966b9c3feb3ca6102e57a1fb9b1761",
|
||||
"zh:ffd1e096c1cc35de879c740a91918e9f06b627818a3cb4b1d87b829b54a6985f",
|
||||
]
|
||||
}
|
@ -2,26 +2,28 @@
|
||||
# Manual edits may be lost in future updates.
|
||||
|
||||
provider "registry.terraform.io/hashicorp/consul" {
|
||||
version = "2.15.0"
|
||||
version = "2.16.2"
|
||||
hashes = [
|
||||
"h1:o+Su3YqeOkHgf86GEArIVDZfaZQphYFjAOwpi/b0bzs=",
|
||||
"zh:0bd2a9873099d89bd52e9eee623dd20ccb275d1e2f750da229a53a4d5b23450c",
|
||||
"zh:1c9f87d4d97b2c61d006c0bef159d61d2a661a103025f8276ebbeb000129f931",
|
||||
"zh:25b73a34115255c464be10a53f2510c4a1db958a71be31974d30654d5472e624",
|
||||
"zh:32fa31329731db2bf4b7d0f09096416ca146f05b58f4482bbd4ee0f28cefbbcc",
|
||||
"zh:59136b73d3abe7cc5b06d9e12d123ad21298ca86ed49a4060a3cd7c2a28a74a1",
|
||||
"zh:a191f3210773ca25c543a92f2d392b85e6a053d596293655b1f25b33eb843b4c",
|
||||
"zh:b8b6033cf0687eadc1099f11d9fb2ca9429ff40c2d85bd6cb047c0f6bc5d5d8d",
|
||||
"zh:bb7d67ed28aa9b28fc5154161af003383f940b2beda0d4577857cad700f39cd1",
|
||||
"zh:be615288f59327b975532a1999deab60a022e6819fe80e5a32526155210ecbba",
|
||||
"zh:de1e3d5c34eef87eb301e74717754babb6dc8e19e3a964919e1165c5a076a719",
|
||||
"zh:eb8c61b20d8ce2bfff9f735ca8456a0d6368af13aa1f43866f61c70f88cc491c",
|
||||
"h1:epldE7sZPBTQHnWEA4WlNJIOVT1UEX+/02SMg5nniaE=",
|
||||
"zh:0a2e11ca2ba650954951a087a1daec95eee2f3000456b295409a9880c4a10b1a",
|
||||
"zh:34f6bda06a0d1c213fa8d87d4313687681e67bc8c40c4cbaa7dbe59ce24a4f7e",
|
||||
"zh:5b85cf93db11ee890f720c317a38158927071feb634855786a0c0cd65825a43c",
|
||||
"zh:75ef915f3d087e6045751a66fbb7066a852a0944ec8c97200d1134dd84df7ffc",
|
||||
"zh:8a4a95697bd91ad51a581c12fe50ac61a114afba27895d027f77ac4154a7ea15",
|
||||
"zh:973d538c8d72793861a1ac9718249a9493f417a2b5096846367560054fd843b9",
|
||||
"zh:9feb2bdc06fdc2d8370cc9aad9a0c69e7e5ae38aac43f315c3f57507c57be030",
|
||||
"zh:c5709672d0afecbbe298bf519741ebcb9d04f02a73b5ee0c186dfa241aa5a524",
|
||||
"zh:c65c60570de6da7190e1e7762577655a463caeb59bc5d38e33034821ed0cbcb9",
|
||||
"zh:c958d6282650fc472aade61d5df4300936033f43cfb898293ef86aceccdfdf1d",
|
||||
"zh:cdd3632c81e1d11d3becd193aaa061688840f39147950c45c4301d042743ae6a",
|
||||
"zh:f3d3efac504c9484a025beb919d22b290aa6dbff256f6e86c1f8ce7817e077e5",
|
||||
]
|
||||
}
|
||||
|
||||
provider "registry.terraform.io/hashicorp/nomad" {
|
||||
version = "1.4.16"
|
||||
hashes = [
|
||||
"h1:PQxNPNmMVOErxryTWIJwr22k95DTSODmgRylqjc2TjI=",
|
||||
"h1:tyfjD/maKzb0RxxD9KWgLnkJu9lnYziYsQgGw85Giz8=",
|
||||
"zh:0d4fbb7030d9caac3b123e60afa44f50c83cc2a983e1866aec7f30414abe7b0e",
|
||||
"zh:0db080228e07c72d6d8ca8c45249d6f97cd0189fce82a77abbdcd49a52e57572",
|
@ -158,17 +158,33 @@ CONSUL_HTTP_ADDR={{ env "attr.unique.network.ip-address" }}:8500
|
||||
# Consul backup
|
||||
${file("${module_path}/jobs/consul.hcl")}
|
||||
{{ end -}}
|
||||
|
||||
{{ range service "nextcloud" -}}
|
||||
# Nextcloud .Node {{ .Node }}
|
||||
{{ if eq .Node (env "node.unique.name") -}}
|
||||
${file("${module_path}/jobs/nextcloud.hcl")}
|
||||
{{ end -}}
|
||||
{{ end -}}
|
||||
|
||||
{{ range service "lldap" -}}
|
||||
# Lldap .Node {{ .Node }}
|
||||
{{ if eq .Node (env "node.unique.name") -}}
|
||||
${file("${module_path}/jobs/lldap.hcl")}
|
||||
{{ end -}}
|
||||
{{ end -}}
|
||||
|
||||
{{ range service "sonarr" -}}
|
||||
# Lldap .Node {{ .Node }}
|
||||
{{ if eq .Node (env "node.unique.name") -}}
|
||||
${file("${module_path}/jobs/sonarr.hcl")}
|
||||
{{ end -}}
|
||||
{{ end -}}
|
||||
|
||||
{{ range service "nzbget" -}}
|
||||
# Lldap .Node {{ .Node }}
|
||||
{{ if eq .Node (env "node.unique.name") -}}
|
||||
${file("${module_path}/jobs/nzbget.hcl")}
|
||||
{{ end -}}
|
||||
{{ end -}}
|
||||
EOF
|
||||
destination = "jobs/node-jobs.hcl"
|
@ -5,8 +5,17 @@ resource "nomad_job" "backups" {
|
||||
})
|
||||
}
|
||||
|
||||
# Get Nomad clients from Consul
|
||||
data "consul_service" "nomad" {
|
||||
name = "nomad-client"
|
||||
}
|
||||
|
||||
resource "nomad_job" "backups-oneoff" {
|
||||
for_each = toset(["n1", "n2", "n3"])
|
||||
# TODO: Get list of nomad hosts dynamically
|
||||
for_each = toset([
|
||||
for node in data.consul_service.nomad.service :
|
||||
node.node_name
|
||||
])
|
||||
jobspec = templatefile("${path.module}/backup.nomad", {
|
||||
module_path = "${path.module}",
|
||||
batch_node = each.key,
|
21
services/backups/jobs/nzbget.hcl
Normal file
21
services/backups/jobs/nzbget.hcl
Normal file
@ -0,0 +1,21 @@
|
||||
job "nzbget" {
|
||||
schedule = "@daily"
|
||||
|
||||
config {
|
||||
repo = "rclone::ftp,env_auth:/nomad/nzbget"
|
||||
passphrase = env("BACKUP_PASSPHRASE")
|
||||
}
|
||||
|
||||
backup {
|
||||
paths = ["/data/nzbget"]
|
||||
# Because path is absolute
|
||||
restore_opts {
|
||||
Target = "/"
|
||||
}
|
||||
}
|
||||
|
||||
forget {
|
||||
KeepLast = 2
|
||||
Prune = true
|
||||
}
|
||||
}
|
27
services/backups/jobs/sonarr.hcl
Normal file
27
services/backups/jobs/sonarr.hcl
Normal file
@ -0,0 +1,27 @@
|
||||
job "sonarr" {
|
||||
schedule = "@daily"
|
||||
|
||||
config {
|
||||
repo = "rclone::ftp,env_auth:/nomad/sonarr"
|
||||
passphrase = env("BACKUP_PASSPHRASE")
|
||||
}
|
||||
|
||||
# sqlite "Backup database" {
|
||||
# path = "/data/lldap/users.db"
|
||||
# # sqlite3 /data/lldap/users.db .backup /data/lldap/users.db.bak
|
||||
# dump_to = "/data/lldap/users.db.bak"
|
||||
# }
|
||||
|
||||
backup {
|
||||
paths = ["/data/sonarr"]
|
||||
# Because path is absolute
|
||||
restore_opts {
|
||||
Target = "/"
|
||||
}
|
||||
}
|
||||
|
||||
forget {
|
||||
KeepLast = 2
|
||||
Prune = true
|
||||
}
|
||||
}
|
201
services/ip-dvr.nomad
Normal file
201
services/ip-dvr.nomad
Normal file
@ -0,0 +1,201 @@
|
||||
job "ipdvr" {
|
||||
region = "global"
|
||||
datacenters = ["dc1"]
|
||||
|
||||
type = "service"
|
||||
|
||||
group "nzbget" {
|
||||
network {
|
||||
mode = "bridge"
|
||||
port "main" {
|
||||
host_network = "loopback"
|
||||
to = 6789
|
||||
}
|
||||
}
|
||||
|
||||
volume "nzbget-data" {
|
||||
type = "host"
|
||||
read_only = false
|
||||
source = "nzbget-data"
|
||||
}
|
||||
|
||||
volume "download" {
|
||||
type = "host"
|
||||
read_only = false
|
||||
source = "download"
|
||||
}
|
||||
|
||||
service {
|
||||
name = "nzbget"
|
||||
port = "main"
|
||||
|
||||
connect {
|
||||
sidecar_service {
|
||||
proxy {
|
||||
local_service_port = 6789
|
||||
}
|
||||
}
|
||||
|
||||
sidecar_task {
|
||||
resources {
|
||||
cpu = 50
|
||||
memory = 20
|
||||
memory_max = 50
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
# check {
|
||||
# type = "http"
|
||||
# path = "/"
|
||||
# port = "main"
|
||||
# interval = "10s"
|
||||
# timeout = "10s"
|
||||
# }
|
||||
|
||||
tags = [
|
||||
"traefik.enable=true",
|
||||
"traefik.http.routers.nzbget.entryPoints=websecure",
|
||||
]
|
||||
}
|
||||
|
||||
task "nzbget" {
|
||||
driver = "docker"
|
||||
|
||||
config {
|
||||
image = "linuxserver/nzbget"
|
||||
ports = ["main"]
|
||||
}
|
||||
|
||||
env = {
|
||||
"PGID" = 100
|
||||
"PUID" = 1001
|
||||
"TZ" = "America/Los_Angeles"
|
||||
}
|
||||
|
||||
volume_mount {
|
||||
volume = "nzbget-data"
|
||||
destination = "/config"
|
||||
read_only = false
|
||||
}
|
||||
|
||||
volume_mount {
|
||||
volume = "download"
|
||||
destination = "/downloads"
|
||||
read_only = false
|
||||
}
|
||||
|
||||
resources {
|
||||
cpu = 200
|
||||
memory = 200
|
||||
memory_max = 500
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
group "sonarr" {
|
||||
network {
|
||||
mode = "bridge"
|
||||
port "main" {
|
||||
host_network = "loopback"
|
||||
to = 8989
|
||||
}
|
||||
}
|
||||
|
||||
volume "sonarr-data" {
|
||||
type = "host"
|
||||
read_only = false
|
||||
source = "sonarr-data"
|
||||
}
|
||||
|
||||
volume "tv-sonarr" {
|
||||
type = "host"
|
||||
read_only = false
|
||||
source = "tv-sonarr"
|
||||
}
|
||||
|
||||
volume "download" {
|
||||
type = "host"
|
||||
read_only = false
|
||||
source = "download"
|
||||
}
|
||||
|
||||
service {
|
||||
name = "sonarr"
|
||||
port = "main"
|
||||
|
||||
connect {
|
||||
sidecar_service {
|
||||
proxy {
|
||||
local_service_port = 8989
|
||||
upstreams {
|
||||
destination_name = "nzbget"
|
||||
local_bind_port = 6789
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
sidecar_task {
|
||||
resources {
|
||||
cpu = 50
|
||||
memory = 20
|
||||
memory_max = 50
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
# check {
|
||||
# type = "http"
|
||||
# path = "/"
|
||||
# port = "main"
|
||||
# interval = "10s"
|
||||
# timeout = "10s"
|
||||
# }
|
||||
|
||||
tags = [
|
||||
"traefik.enable=true",
|
||||
"traefik.http.routers.sonarr.entryPoints=websecure",
|
||||
]
|
||||
}
|
||||
|
||||
task "sonarr" {
|
||||
driver = "docker"
|
||||
|
||||
config {
|
||||
image = "linuxserver/sonarr"
|
||||
ports = ["main"]
|
||||
}
|
||||
|
||||
env = {
|
||||
"PGID" = 100
|
||||
"PUID" = 1001
|
||||
"TZ" = "America/Los_Angeles"
|
||||
}
|
||||
|
||||
volume_mount {
|
||||
volume = "sonarr-data"
|
||||
destination = "/config"
|
||||
read_only = false
|
||||
}
|
||||
|
||||
volume_mount {
|
||||
volume = "tv-sonarr"
|
||||
destination = "/tv"
|
||||
read_only = false
|
||||
}
|
||||
|
||||
volume_mount {
|
||||
volume = "download"
|
||||
destination = "/download"
|
||||
read_only = false
|
||||
}
|
||||
|
||||
resources {
|
||||
cpu = 100
|
||||
memory = 200
|
||||
memory_max = 500
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
139
services/main.tf
Normal file
139
services/main.tf
Normal file
@ -0,0 +1,139 @@
|
||||
# module "nextcloud" {
|
||||
# source = "./nextcloud"
|
||||
#
|
||||
# depends_on = [module.databases]
|
||||
# }
|
||||
|
||||
module "backups" {
|
||||
source = "./backups"
|
||||
|
||||
# In parent module
|
||||
# depends_on = [module.databases]
|
||||
}
|
||||
|
||||
module "media" {
|
||||
source = "./media"
|
||||
}
|
||||
|
||||
resource "nomad_job" "whoami" {
|
||||
hcl2 {
|
||||
enabled = true
|
||||
vars = {
|
||||
"count" = 1,
|
||||
# "count" = "${2 * length(data.consul_service.nomad.service)}",
|
||||
}
|
||||
}
|
||||
|
||||
jobspec = file("${path.module}/whoami.nomad")
|
||||
}
|
||||
|
||||
resource "nomad_job" "ipdvr" {
|
||||
jobspec = file("${path.module}/ip-dvr.nomad")
|
||||
}
|
||||
|
||||
resource "consul_config_entry" "nzbget_intents" {
|
||||
depends_on = [nomad_job.ipdvr]
|
||||
|
||||
name = "nzbget"
|
||||
kind = "service-intentions"
|
||||
|
||||
config_json = jsonencode({
|
||||
Sources = [
|
||||
{
|
||||
Action = "allow"
|
||||
Name = "sonarr"
|
||||
Precedence = 9
|
||||
Type = "consul"
|
||||
},
|
||||
]
|
||||
})
|
||||
}
|
||||
|
||||
# module "nzbget" {
|
||||
# source "./levant"
|
||||
#
|
||||
# template_path = "service.nomad"
|
||||
# variables = {
|
||||
# name = "nzbget"
|
||||
# image = "linuxserver/nzbget"
|
||||
# service_port = 6789
|
||||
# ingress = true
|
||||
# env = jsonencode({
|
||||
# PGID = 100
|
||||
# PUID = 1001
|
||||
# TZ = "America/Los_Angeles"
|
||||
# })
|
||||
# host_volumes = jsonencode([
|
||||
# {
|
||||
# name = "download"
|
||||
# dest = "/srv/volumes/download"
|
||||
# read_only = false
|
||||
# },
|
||||
# ])
|
||||
# }
|
||||
# }
|
||||
#
|
||||
# module "sonarr" {
|
||||
# source = "./levant"
|
||||
#
|
||||
# template_path = "service.nomad"
|
||||
# variables = {
|
||||
# name = "sonarr"
|
||||
# image = "linuxserver/sonarr"
|
||||
# service_port = 8989
|
||||
# ingress = true
|
||||
# env = jsonencode({
|
||||
# PGID = 100
|
||||
# PUID = 1001
|
||||
# TZ = "America/Los_Angeles"
|
||||
#
|
||||
# })
|
||||
# host_volumes = jsonencode([
|
||||
# {
|
||||
# name = "sonarr-data"
|
||||
# dest = "/config"
|
||||
# read_only = false
|
||||
# },
|
||||
# {
|
||||
# name = "tv-sonarr"
|
||||
# dest = "/srv/volumes/media-write/TV Shows"
|
||||
# read_only = false
|
||||
# },
|
||||
# {
|
||||
# name = "download"
|
||||
# dest = "/srv/volumes/download"
|
||||
# read_only = false
|
||||
# },
|
||||
# ])
|
||||
# }
|
||||
# }
|
||||
|
||||
resource "consul_service" "homeassistant" {
|
||||
name = "hass"
|
||||
node = consul_node.homeassistant.name
|
||||
port = 8123
|
||||
tags = [
|
||||
"traefik.enable=true",
|
||||
"traefik.consulcatalog.connect=false",
|
||||
"traefik.http.routers.hass.entryPoints=websecure",
|
||||
]
|
||||
|
||||
check {
|
||||
check_id = "homeassistant:hass"
|
||||
status = "passing"
|
||||
name = "Home Assistant Health Check"
|
||||
http = "192.168.3.65:8123"
|
||||
interval = "30s"
|
||||
timeout = "10s"
|
||||
}
|
||||
}
|
||||
|
||||
resource "consul_node" "homeassistant" {
|
||||
name = "homeassistant"
|
||||
address = "192.168.3.65"
|
||||
|
||||
meta = {
|
||||
"external-node" = "true"
|
||||
"external-probe" = "true"
|
||||
}
|
||||
}
|
@ -4,6 +4,7 @@
|
||||
provider "registry.terraform.io/hashicorp/nomad" {
|
||||
version = "1.4.16"
|
||||
hashes = [
|
||||
"h1:PQxNPNmMVOErxryTWIJwr22k95DTSODmgRylqjc2TjI=",
|
||||
"h1:tyfjD/maKzb0RxxD9KWgLnkJu9lnYziYsQgGw85Giz8=",
|
||||
"zh:0d4fbb7030d9caac3b123e60afa44f50c83cc2a983e1866aec7f30414abe7b0e",
|
||||
"zh:0db080228e07c72d6d8ca8c45249d6f97cd0189fce82a77abbdcd49a52e57572",
|
@ -4,6 +4,7 @@
|
||||
provider "registry.terraform.io/hashicorp/nomad" {
|
||||
version = "1.4.16"
|
||||
hashes = [
|
||||
"h1:PQxNPNmMVOErxryTWIJwr22k95DTSODmgRylqjc2TjI=",
|
||||
"h1:tyfjD/maKzb0RxxD9KWgLnkJu9lnYziYsQgGw85Giz8=",
|
||||
"zh:0d4fbb7030d9caac3b123e60afa44f50c83cc2a983e1866aec7f30414abe7b0e",
|
||||
"zh:0db080228e07c72d6d8ca8c45249d6f97cd0189fce82a77abbdcd49a52e57572",
|
@ -9,7 +9,7 @@
|
||||
roles:
|
||||
- role: ansible-consul
|
||||
vars:
|
||||
consul_version: "1.13.1-1"
|
||||
consul_version: "1.13.3-1"
|
||||
consul_install_upgrade: true
|
||||
consul_install_from_repo: true
|
||||
consul_os_repo_prerequisites: []
|
||||
@ -76,7 +76,7 @@
|
||||
roles:
|
||||
- name: ansible-vault
|
||||
vars:
|
||||
vault_version: 1.11.3-1
|
||||
vault_version: 1.12.0-1
|
||||
vault_install_hashi_repo: true
|
||||
vault_harden_file_perms: true
|
||||
vault_bin_path: /usr/bin
|
||||
@ -145,6 +145,25 @@
|
||||
- unseal_keys_hex is defined
|
||||
- vault_status.json["sealed"]
|
||||
|
||||
- name: Install Docker
|
||||
hosts: nomad_instances
|
||||
become: true
|
||||
vars:
|
||||
docker_architecture_map:
|
||||
x86_64: amd64
|
||||
armv7l: armhf
|
||||
aarch64: arm64
|
||||
docker_apt_arch: "{{ docker_architecture_map[ansible_architecture] }}"
|
||||
docker_compose_arch: "{{ (ansible_architecture == 'armv7l') | ternary('armv7', ansible_architecture) }}"
|
||||
roles:
|
||||
- geerlingguy.docker
|
||||
|
||||
tasks:
|
||||
- name: Remove snapd
|
||||
package:
|
||||
name: snapd
|
||||
state: absent
|
||||
|
||||
# Not on Ubuntu 20.04
|
||||
# - name: Install Podman
|
||||
# hosts: nomad_instances
|
||||
@ -206,19 +225,6 @@
|
||||
state: mounted
|
||||
fstype: nfs4
|
||||
|
||||
- name: Install Docker
|
||||
hosts: nomad_instances
|
||||
become: true
|
||||
vars:
|
||||
docker_architecture_map:
|
||||
x86_64: amd64
|
||||
armv7l: armhf
|
||||
aarch64: arm64
|
||||
docker_apt_arch: "{{ docker_architecture_map[ansible_architecture] }}"
|
||||
docker_compose_arch: "{{ (ansible_architecture == 'armv7l') | ternary('armv7', ansible_architecture) }}"
|
||||
roles:
|
||||
- geerlingguy.docker
|
||||
|
||||
- name: Build Nomad cluster
|
||||
hosts: nomad_instances
|
||||
any_errors_fatal: true
|
||||
@ -249,10 +255,16 @@
|
||||
read_only: false
|
||||
- name: download
|
||||
path: /srv/volumes/download
|
||||
owner: "root"
|
||||
group: "root"
|
||||
owner: 1001
|
||||
group: 100
|
||||
mode: "0755"
|
||||
read_only: false
|
||||
- name: nzbget-data
|
||||
path: /srv/volumes/container/nzbget/config
|
||||
read_only: false
|
||||
- name: gitea-data
|
||||
path: /srv/volumes/container/gitea
|
||||
read_only: false
|
||||
- name: all-volumes
|
||||
path: /srv/volumes
|
||||
owner: "root"
|
||||
@ -263,7 +275,7 @@
|
||||
roles:
|
||||
- name: ansible-nomad
|
||||
vars:
|
||||
nomad_version: "1.3.5-1"
|
||||
nomad_version: "1.4.1-1"
|
||||
nomad_install_upgrade: true
|
||||
nomad_allow_purge_config: true
|
||||
|
||||
@ -275,6 +287,8 @@
|
||||
nomad_bin_dir: /usr/bin
|
||||
nomad_install_from_repo: true
|
||||
|
||||
nomad_bootstrap_expect: "{{ [(play_hosts | length), 3] | min }}"
|
||||
nomad_raft_protocol: 3
|
||||
nomad_autopilot: true
|
||||
nomad_encrypt_enable: true
|
||||
# nomad_use_consul: true
|
||||
@ -332,7 +346,7 @@
|
||||
|
||||
# Enable vault integration
|
||||
# HACK: Only talk to local Vault for now because it doesn't have HTTPS
|
||||
# TODO: Would be really great to hvae this over https and point to vault.consul.service
|
||||
# TODO: Would be really great to have this over https and point to vault.consul.service
|
||||
# nomad_vault_address: "https://vault.service.consul:8200"
|
||||
# Right now, each node only talks to it's local Vault, so if that node is rebooted and
|
||||
# that vault is sealed, it will not have access to vault. This is a problem if a node
|
||||
@ -351,9 +365,9 @@
|
||||
ui:
|
||||
enabled: true
|
||||
consul:
|
||||
ui_url: "http://{{ ansible_hostname }}:8500/ui"
|
||||
ui_url: "https://{{ ansible_hostname }}:8500/ui"
|
||||
vault:
|
||||
ui_url: "http://{{ ansible_hostname }}:8200/ui"
|
||||
ui_url: "https://{{ ansible_hostname }}:8200/ui"
|
||||
consul:
|
||||
tags:
|
||||
- "traefik.enable=true"
|
||||
@ -481,3 +495,5 @@
|
||||
systemd:
|
||||
state: restarted
|
||||
name: nomad
|
||||
retries: 6
|
||||
delay: 5
|
||||
|
@ -1,5 +0,0 @@
|
||||
resource "vault_mount" "kv" {
|
||||
path = "kv"
|
||||
type = "kv-v2"
|
||||
description = "Catch all kv mount"
|
||||
}
|
Loading…
Reference in New Issue
Block a user