A whole lot of incremental fixes for nomad variables and such

Also adds stunnel between redis and clients
This commit is contained in:
IamTheFij 2023-03-24 16:32:37 -07:00
parent 9204f3c7f0
commit 98ea2a1ca0
28 changed files with 251 additions and 243 deletions

38
.terraform.lock.hcl generated
View File

@ -1,25 +1,6 @@
# This file is maintained automatically by "terraform init". # This file is maintained automatically by "terraform init".
# Manual edits may be lost in future updates. # Manual edits may be lost in future updates.
provider "registry.terraform.io/hashicorp/consul" {
version = "2.17.0"
hashes = [
"h1:k+8ptRn/iiCnE7mC0LVA8FvnukzKnlD3KAcquPFbtN8=",
"zh:1cca5e144b4696900d2410e26499a00c9666e5777b657e9844a4b6d198164a09",
"zh:4fe59329ae4a4fc13751cde4a1044427ca591ecefbaa8dde2ce828f660fbddb1",
"zh:55c42cec7dd10ee1f03eca03d5b8e3bcba7bf281bcd250ac220458aba735ba1f",
"zh:625a0481d0b2599d0e6ac609d9efc151f1c9cad53091e2ee3bfcedc34ccacb34",
"zh:7e9a08b19491f26aa685311a9211bacd7b7027d9cf6eaee16949435221a5f688",
"zh:9d92816f609367204c4df20c29c57ee631f5a65cf6bb782d9d9b3f945ba21353",
"zh:a332ef65a6ba829dc335ade1a3e69ae14e162dc6ca1a991d9d6ad4e596f4c2d7",
"zh:ce7ffac8d852342e9fe25053383613934c8b81d8c2ba2c9d10626b71e329fed7",
"zh:d384a1ef35c766362e8ae3131d00c05e1c0904d8b4b1d964548b91e1025f324b",
"zh:d85067f345b663e8e59fb02705918d3618ce56887a472665bec7f1aeddbc9ea4",
"zh:ddff8512e8181efae6d0d259abcd457d9a394a4a6f99d6bb0b180cabee373097",
"zh:f3d3efac504c9484a025beb919d22b290aa6dbff256f6e86c1f8ce7817e077e5",
]
}
provider "registry.terraform.io/hashicorp/external" { provider "registry.terraform.io/hashicorp/external" {
version = "2.3.1" version = "2.3.1"
hashes = [ hashes = [
@ -57,22 +38,3 @@ provider "registry.terraform.io/hashicorp/nomad" {
"zh:ffd1e096c1cc35de879c740a91918e9f06b627818a3cb4b1d87b829b54a6985f", "zh:ffd1e096c1cc35de879c740a91918e9f06b627818a3cb4b1d87b829b54a6985f",
] ]
} }
provider "registry.terraform.io/hashicorp/vault" {
version = "3.14.0"
hashes = [
"h1:/0pqMLODukJUiVpBdxXbb8vwp0HCtbTXWFq0BaNkcZM=",
"zh:07e797c3b14cc45f1a3fa3adb6269f28f182630b9af9403a2a447919d4e9992a",
"zh:0d88c6c50f7975f60c84d446bf95b26652c9457e62f2d5b24221b769d6daf809",
"zh:1670c513f85788308d317e45038234ac367f52f7bd0ea8f527f0a6291dd23659",
"zh:1b5a07fd053a0d7d1da80cb3e929b44c000c614d3738bb7ff82b4d56ed854017",
"zh:34a43de7f3d3749cbc50b81b84fe38961c3dfbda819708a814c2206045ecf69b",
"zh:416f710365d060c8239522363257e162a267c01463ac95ad2c2dd0acf05b6d35",
"zh:73956090e0e9b69adbcfe1bcaad20ec45779f2e7f3f2fb3a5f865402a2cd2485",
"zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
"zh:e2df6077e925a8438cfd2deb3bce5f1029a2e3edd2a635b12636d426390600dd",
"zh:e3e2797ae1cfc6aff66329ee81baaf780e1f5f295ad887ac7ff4c1e2754a8c8c",
"zh:f34ec435d16244ecf0f909872850070428aeadd352b6a21ab1f787d81f8bae9f",
"zh:f3a930e64b2c10d2ece5acc856d3438cdd375ccfc5ac10fc4a8fe163f74af93a",
]
}

View File

@ -189,7 +189,7 @@
interface: lo interface: lo
reserved_ports: "22" reserved_ports: "22"
- name: wesher - name: wesher
interface: wgoverlay interface: wesher
reserved_ports: "22" reserved_ports: "22"
# Enable ACLs # Enable ACLs

View File

@ -24,7 +24,7 @@ job "blocky" {
} }
port "api" { port "api" {
host_network = "wgoverlay" host_network = "wesher"
to = "4000" to = "4000"
} }
@ -93,6 +93,56 @@ job "blocky" {
} }
} }
task "redis-stunnel" {
driver = "docker"
config {
image = "alpine:3.17"
ports = ["tls"]
args = ["/bin/sh", "${NOMAD_TASK_DIR}/start.sh"]
}
resources {
cpu = 20
memory = 100
}
template {
data = <<EOF
set -e
apk add stunnel
exec stunnel {{ env "NOMAD_TASK_DIR" }}/stunnel.conf
EOF
destination = "${NOMAD_TASK_DIR}/start.sh"
}
template {
data = <<EOF
syslog = no
foreground = yes
delay = yes
[redis_client]
client = yes
accept = 127.0.0.1:6379
{{ range nomadService 1 (env "NOMAD_ALLOC_ID") "redis-tls" -}}
connect = {{ .Address }}:{{ .Port }}
{{- end }}
PSKsecrets = {{ env "NOMAD_SECRETS_DIR" }}/stunnel_psk.txt
EOF
destination = "${NOMAD_TASK_DIR}/stunnel.conf"
}
template {
data = <<EOF
{{ with nomadVar "nomad/jobs/blocky" -}}
{{ .redis_stunnel_psk }}
{{- end }}
EOF
destination = "${NOMAD_SECRETS_DIR}/stunnel_psk.txt"
}
}
task "blocky-bootstrap" { task "blocky-bootstrap" {
driver = "docker" driver = "docker"

View File

@ -94,7 +94,7 @@ prometheus:
{{ range nomadService 1 (env "NOMAD_ALLOC_ID") "redis" -}} {{ range nomadService 1 (env "NOMAD_ALLOC_ID") "redis" -}}
redis: redis:
address: {{ .Address }}:{{ .Port }} address: 127.0.0.1:6379
# password: "" # password: ""
# database: 0 # database: 0
connectionAttempts: 10 connectionAttempts: 10

View File

@ -8,10 +8,12 @@ job "lldap" {
mode = "bridge" mode = "bridge"
port "web" { port "web" {
host_network = "wesher"
to = 17170 to = 17170
} }
port "ldap" { port "ldap" {
host_network = "wesher"
to = 3890 to = 3890
} }
} }
@ -51,13 +53,7 @@ job "lldap" {
config { config {
image = "nitnelave/lldap:v0.4" image = "nitnelave/lldap:v0.4"
ports = ["ldap", "web"] ports = ["ldap", "web"]
args = ["run", "--config-file", "/lldap_config.toml"] args = ["run", "--config-file", "${NOMAD_SECRETS_DIR}/lldap_config.toml"]
mount {
type = "bind"
source = "secrets/lldap_config.toml"
target = "/lldap_config.toml"
}
} }
env = { env = {
@ -70,18 +66,18 @@ job "lldap" {
database_url = "sqlite:///data/users.db?mode=rwc" database_url = "sqlite:///data/users.db?mode=rwc"
key_file = "/data/private_key" key_file = "/data/private_key"
ldap_base_dn = "{{ with nomadVar "nomad/jobs" }}{{ .base_dn }}{{ end }}" ldap_base_dn = "{{ with nomadVar "nomad/jobs" }}{{ .base_dn }}{{ end }}"
{{ with nomadVar "nomad/jobs/lldap" }} {{ with nomadVar "nomad/jobs/lldap" -}}
jwt_secret = "{{ .jwt_secret }}" jwt_secret = "{{ .jwt_secret }}"
ldap_user_dn = "{{ .admin_user }}" ldap_user_dn = "{{ .admin_user }}"
ldap_user_email = "{{ .admin_email }}" ldap_user_email = "{{ .admin_email }}"
ldap_user_pass = "{{ .admin_password }}" ldap_user_pass = "{{ .admin_password }}"
{{ end -}} {{- end }}
{{ with nomadVar "nomad/jobs" -}} {{ with nomadVar "nomad/jobs" -}}
[smtp_options] [smtp_options]
enable_password_reset = true enable_password_reset = true
server = "{{ .smtp_server }}" server = "{{ .smtp_server }}"
port = {{ .smtp_port }} port = {{ .smtp_port }}
tls_required = {{ .smtp_tls }} tls_required = {{ .smtp_tls.Value | toLower }}
user = "{{ .smtp_user }}" user = "{{ .smtp_user }}"
password = "{{ .smtp_password }}" password = "{{ .smtp_password }}"
{{ end -}} {{ end -}}
@ -90,7 +86,7 @@ from = "{{ .smtp_from }}"
reply_to = "{{ .smtp_reply_to }}" reply_to = "{{ .smtp_reply_to }}"
{{ end -}} {{ end -}}
EOH EOH
destination = "secrets/lldap_config.toml" destination = "${NOMAD_SECRETS_DIR}/lldap_config.toml"
change_mode = "restart" change_mode = "restart"
} }

View File

@ -12,29 +12,12 @@ module "traefik" {
base_hostname = var.base_hostname base_hostname = var.base_hostname
} }
module "nomad_login" { module "metrics" {
source = "IamTheFij/levant/nomad" source = "./metrics"
version = "0.1.0" # Not in this module
# depends_on = [module.databases]
template_path = "service.nomad"
variables = {
name = "nomad-login"
image = "iamthefij/nomad-vault-login"
service_port = 5000
ingress = true
ingress_rule = "Host(`nomad.thefij.rocks`) && PathPrefix(`/login`)"
env = jsonencode({
VAULT_ADDR = "http://$${attr.unique.network.ip-address}:8200",
})
}
} }
# module "metrics" {
# source = "./metrics"
# # Not in this module
# # depends_on = [module.databases]
# }
module "loki" { module "loki" {
source = "IamTheFij/levant/nomad" source = "IamTheFij/levant/nomad"
version = "0.1.0" version = "0.1.0"

View File

@ -24,7 +24,7 @@ job "metrics" {
tags = [ tags = [
"prometheus.scrape", "prometheus.scrape",
} ]
} }
task "promtail" { task "promtail" {

View File

@ -8,7 +8,7 @@ job "grafana" {
mode = "bridge" mode = "bridge"
port "web" { port "web" {
host_network = "wgoverlay" host_network = "wesher"
to = 3000 to = 3000
} }
@ -123,8 +123,8 @@ GF_SMTP_USER={{ .smtp_user }}
GF_SMTP_PASSWORD={{ .smtp_password }} GF_SMTP_PASSWORD={{ .smtp_password }}
GF_EXTERNAL_IMAGE_STORAGE_S3_ACCESS_KEY={{ .minio_access_key }} GF_EXTERNAL_IMAGE_STORAGE_S3_ACCESS_KEY={{ .minio_access_key }}
GF_EXTERNAL_IMAGE_STORAGE_S3_SECRET_KEY={{ .minio_secret_key }} GF_EXTERNAL_IMAGE_STORAGE_S3_SECRET_KEY={{ .minio_secret_key }}
GRAFANA_ALERT_EMAIL_ADDRESSES={{ .Data.data.alert_email_addresses }} GRAFANA_ALERT_EMAIL_ADDRESSES={{ .alert_email_addresses }}
{{ if .Data.data.db_name -}} {{ if .db_name -}}
# Database storage # Database storage
GF_DATABASE_TYPE=mysql GF_DATABASE_TYPE=mysql
{{ range nomadService 1 (env "NOMAD_ALLOC_ID") "mysql-server" -}} {{ range nomadService 1 (env "NOMAD_ALLOC_ID") "mysql-server" -}}

View File

@ -2,11 +2,11 @@
apiVersion: 1 apiVersion: 1
datasources: datasources:
{{ range nomadService 1 (env "NOMAD_ALLOC_ID") "loki" -}} {{ range nomadService 1 (env "NOMAD_ALLOC_ID") "loki" }}
- name: Loki - name: Loki
url: http://{{ .Address }}:{{ .Port }} url: "http://{{ .Address }}:{{ .Port }}"
type: loki type: loki
access: proxy access: proxy
isDefault: false isDefault: false
version: 1 version: 1
{{- end }} {{ end }}

View File

@ -2,11 +2,11 @@
apiVersion: 1 apiVersion: 1
datasources: datasources:
{{ range nomadService 1 (env "NOMAD_ALLOC_ID") "prometheus" -}} {{ range nomadService 1 (env "NOMAD_ALLOC_ID") "prometheus" }}
- name: Prometheus - name: Prometheus
url: http://{{ .Address }}:{{ .Port }} url: "http://{{ .Address }}:{{ .Port }}"
type: prometheus type: prometheus
access: proxy access: proxy
isDefault: true isDefault: true
version: 1 version: 1
{{- end }} {{ end }}

View File

@ -8,7 +8,7 @@ job "prometheus" {
mode = "bridge" mode = "bridge"
port "web" { port "web" {
host_network = "wgoverlay" host_network = "wesher"
to = 9090 to = 9090
} }
} }
@ -34,7 +34,7 @@ job "prometheus" {
driver = "docker" driver = "docker"
config { config {
image = "prom/prometheus:v2.30.2" image = "prom/prometheus:v2.43.0"
ports = ["web"] ports = ["web"]
args = [ args = [
"--config.file=/etc/prometheus/config/prometheus.yml", "--config.file=/etc/prometheus/config/prometheus.yml",
@ -91,12 +91,13 @@ scrape_configs:
- job_name: "nomad_services" - job_name: "nomad_services"
metrics_path: "/metrics" metrics_path: "/metrics"
nomad_sd_configs: nomad_sd_configs:
- server: "http://{{env "attr.unique.network.ip-address"}}:8500" - server: "http://{{env "attr.unique.network.ip-address"}}:4646"
relabel_configs: relabel_configs:
- source_labels: [__meta_nomad_tags] - source_labels: [__meta_nomad_tags]
regex: .*(prometheus.scrape).* regex: .*(prometheus.scrape).*
action: keep action: keep
- source_labels: [__meta_nomad_address] - source_labels: [__meta_nomad_service_address,__meta_nomad_service_port]
separator: ":"
target_label: __address__ target_label: __address__
- source_labels: [__meta_nomad_service] - source_labels: [__meta_nomad_service]
target_label: nomad_service target_label: nomad_service

View File

@ -158,6 +158,7 @@ job "traefik" {
provider = "cloudflare" provider = "cloudflare"
resolvers = ["1.1.1.1:53", "8.8.8.8:53"] resolvers = ["1.1.1.1:53", "8.8.8.8:53"]
delayBeforeCheck = 0 delayBeforeCheck = 0
<<- end >>
EOH EOH
destination = "local/config/traefik.toml" destination = "local/config/traefik.toml"
} }
@ -181,16 +182,20 @@ CF_ZONE_API_TOKEN={{ .domain_lego_dns }}
entryPoints = ["websecure"] entryPoints = ["websecure"]
service = "nomad" service = "nomad"
rule = "Host(`nomad.{{ with nomadVar "nomad/jobs" }}{{ .base_hostname }}{{ end }}`)" rule = "Host(`nomad.{{ with nomadVar "nomad/jobs" }}{{ .base_hostname }}{{ end }}`)"
[http.routers.hass]
entryPoints = ["websecure"]
service = "hass"
rule = "Host(`hass.{{ with nomadVar "nomad/jobs" }}{{ .base_hostname }}{{ end }}`)"
[http.services] [http.services]
{{ with nomadService "nomad-client" -}}
[http.services.nomad] [http.services.nomad]
[http.services.nomad.loadBalancer] [http.services.nomad.loadBalancer]
{{ range . -}}
[[http.services.nomad.loadBalancer.servers]] [[http.services.nomad.loadBalancer.servers]]
url = "http://{{ .Address }}:{{ .Port }}" url = "http://127.0.0.1:4646"
{{ end }} [http.services.hass]
{{- end }} [http.services.hass.loadBalancer]
[[http.services.hass.loadBalancer.servers]]
url = "http://192.168.3.65:8123"
EOH EOH
destination = "local/config/conf/route-hashi.toml" destination = "local/config/conf/route-hashi.toml"
change_mode = "noop" change_mode = "noop"
@ -212,7 +217,7 @@ CF_ZONE_API_TOKEN={{ .domain_lego_dns }}
[[tcp.services.syslogngtcp.loadBalancer.servers]] [[tcp.services.syslogngtcp.loadBalancer.servers]]
address = "{{ .Address }}:{{ .Port }}" address = "{{ .Address }}:{{ .Port }}"
{{ end -}} {{ end -}}
{{ end }} {{- end }}
{{ with nomadService "syslogng" -}} {{ with nomadService "syslogng" -}}
[udp.routers] [udp.routers]
@ -227,7 +232,7 @@ CF_ZONE_API_TOKEN={{ .domain_lego_dns }}
[[udp.services.syslogngudp.loadBalancer.servers]] [[udp.services.syslogngudp.loadBalancer.servers]]
address = "{{ .Address }}:{{ .Port }}" address = "{{ .Address }}:{{ .Port }}"
{{ end -}} {{ end -}}
{{ end }} {{- end }}
EOH EOH
destination = "local/config/conf/route-syslog-ng.toml" destination = "local/config/conf/route-syslog-ng.toml"
change_mode = "noop" change_mode = "noop"
@ -241,8 +246,8 @@ CF_ZONE_API_TOKEN={{ .domain_lego_dns }}
[http.middlewares.basic-auth.basicAuth] [http.middlewares.basic-auth.basicAuth]
# TODO: Reference secrets mount # TODO: Reference secrets mount
usersFile = "/etc/traefik/usersfile" usersFile = "/etc/traefik/usersfile"
{{ end }} {{- end }}
{{ end }} {{- end }}
EOH EOH
destination = "local/config/conf/middlewares.toml" destination = "local/config/conf/middlewares.toml"
change_mode = "noop" change_mode = "noop"
@ -250,9 +255,9 @@ CF_ZONE_API_TOKEN={{ .domain_lego_dns }}
template { template {
data = <<EOH data = <<EOH
{{ with nomadVar "nomad/jobs/traefik" }} {{ with nomadVar "nomad/jobs/traefik" -}}
{{ .usersfile }} {{ .usersfile }}
{{ end }} {{- end }}
EOH EOH
destination = "secrets/usersfile" destination = "secrets/usersfile"
change_mode = "noop" change_mode = "noop"

View File

@ -18,9 +18,7 @@ job "mysql-server" {
port "db" { port "db" {
to = 3306 to = 3306
} host_network = "wesher"
port "envoy_metrics" {
to = 9123
} }
} }

View File

@ -15,15 +15,15 @@ job "redis" {
network { network {
mode = "bridge" mode = "bridge"
port "main" { port "tls" {
to = 6379 host_network = "wesher"
} }
} }
service { service {
name = "redis" name = "redis-tls"
provider = "nomad" provider = "nomad"
port = "main" port = "tls"
} }
task "redis" { task "redis" {
@ -41,5 +41,52 @@ job "redis" {
memory_max = 512 memory_max = 512
} }
} }
task "stunnel" {
driver = "docker"
config {
image = "alpine:3.17"
ports = ["tls"]
args = ["/bin/sh", "${NOMAD_TASK_DIR}/start.sh"]
}
resources {
cpu = 100
memory = 100
}
template {
data = <<EOF
set -e
apk add stunnel
exec stunnel ${NOMAD_TASK_DIR}/stunnel.conf
EOF
destination = "${NOMAD_TASK_DIR}/start.sh"
}
template {
data = <<EOF
syslog = no
foreground = yes
delay = yes
[redis_server]
accept = {{ env "NOMAD_PORT_tls" }}
connect = 127.0.0.1:6379
ciphers = PSK
PSKsecrets = {{ env "NOMAD_SECRETS_DIR" }}/stunnel_psk.txt
EOF
destination = "${NOMAD_TASK_DIR}/stunnel.conf"
}
template {
data = <<EOF
test1:oaP4EishaeSaishei6rio6xeeph3az
EOF
destination = "${NOMAD_SECRETS_DIR}/stunnel_psk.txt"
}
}
} }
} }

View File

@ -9,12 +9,14 @@ job "rediscommander" {
mode = "bridge" mode = "bridge"
port "main" { port "main" {
host_network = "wesher"
to = 8081 to = 8081
} }
} }
service { service {
name = "rediscommander" name = "rediscommander"
provider = "nomad"
port = "main" port = "main"
tags = [ tags = [
@ -33,9 +35,7 @@ job "rediscommander" {
template { template {
data = <<EOH data = <<EOH
{{ range nomadService 1 (env "NOMAD_ALLOC_ID") "redis" -}} REDIS_HOSTS=stunnel:127.0.0.1:6379
REDIS_HOSTS=local:{{ .Address }}:{{ .Port }}
{{- end }}
EOH EOH
env = true env = true
destination = "env" destination = "env"
@ -46,5 +46,55 @@ job "rediscommander" {
memory = 50 memory = 50
} }
} }
task "redis-stunnel" {
driver = "docker"
config {
image = "alpine:3.17"
ports = ["tls"]
args = ["/bin/sh", "${NOMAD_TASK_DIR}/start.sh"]
}
resources {
cpu = 100
memory = 100
}
template {
data = <<EOF
set -e
apk add stunnel
exec stunnel {{ env "NOMAD_TASK_DIR" }}/stunnel.conf
EOF
destination = "${NOMAD_TASK_DIR}/start.sh"
}
template {
data = <<EOF
syslog = no
foreground = yes
delay = yes
[redis_client]
client = yes
accept = 127.0.0.1:6379
{{ range nomadService 1 (env "NOMAD_ALLOC_ID") "redis-tls" -}}
connect = {{ .Address }}:{{ .Port }}
{{- end }}
PSKsecrets = {{ env "NOMAD_SECRETS_DIR" }}/stunnel_psk.txt
EOF
destination = "${NOMAD_TASK_DIR}/stunnel.conf"
}
template {
data = <<EOF
{{ with nomadVar "nomad/jobs/rediscommander" -}}
{{ .redis_stunnel_psk }}
{{- end }}
EOF
destination = "${NOMAD_SECRETS_DIR}/stunnel_psk.txt"
}
}
} }
} }

View File

@ -30,7 +30,7 @@ def nomad_req(method: str, path: str, json: dict|None = None) -> dict:
def write_var(path: str, items: dict[str, str | float | int]) -> dict: def write_var(path: str, items: dict[str, str | float | int]) -> dict:
return nomad_req("GET", f"var/{path}", return nomad_req("PUT", f"var/{path}",
json={ json={
"Path": path, "Path": path,
"Items": {k: str(v) for k, v in items.items()}, "Items": {k: str(v) for k, v in items.items()},

View File

@ -1,46 +1,7 @@
# Configure Consul provider
provider "consul" {
address = var.consul_address
}
# Get Nomad client from Consul
data "consul_service" "nomad" {
name = "nomad-client"
}
# Get Vault client from Consul
data "consul_service" "vault" {
name = "vault"
tag = "active"
}
locals {
# Get Nomad address from Consul
nomad_node = data.consul_service.nomad.service[0]
nomad_node_address = "http://${local.nomad_node.node_address}:${local.nomad_node.port}"
# Get Vault address from Consul
vault_node = data.consul_service.vault.service[0]
vault_node_address = "http://${local.vault_node.node_address}:${local.vault_node.port}"
}
# Configure the Vault provider
provider "vault" {
address = length(var.vault_address) == 0 ? local.vault_node_address : var.vault_address
token = var.vault_token
}
# Something that should exist in a post bootstrap module, right now module includes bootstrapping
# which requries Admin
# data "vault_nomad_access_token" "deploy" {
# backend = "nomad"
# role = "deploy"
# }
# Configure the Nomad provider # Configure the Nomad provider
provider "nomad" { provider "nomad" {
address = length(var.nomad_address) == 0 ? local.nomad_node_address : var.nomad_address address = var.nomad_address
secret_id = var.nomad_secret_id secret_id = var.nomad_secret_id
# secret_id = length(var.nomad_secret_id) == 0 ? data.vault_nomad_access_token.admin.secret_id : var.nomad_secret_id
region = "global" region = "global"
} }

View File

@ -51,6 +51,7 @@ job "[[.name]]" {
mode = "bridge" mode = "bridge"
[[ if not (empty .service_port) -]] [[ if not (empty .service_port) -]]
port "main" { port "main" {
host_network = "wesher"
to = [[ .service_port ]] to = [[ .service_port ]]
} }
[[ end -]] [[ end -]]

View File

@ -1,5 +1,5 @@
# module "services" { module "services" {
# source = "./services" source = "./services"
#
# depends_on = [module.databases, module.core] depends_on = [module.databases, module.core]
# } }

View File

@ -49,7 +49,7 @@ job "backup%{ if batch_node != null }-oneoff-${batch_node}%{ endif }" {
} }
service { service {
name = "backups" name = "backup"
provider = "nomad" provider = "nomad"
port = "metrics" port = "metrics"
@ -97,7 +97,7 @@ MYSQL_PORT={{ .Port }}
MYSQL_USER=root MYSQL_USER=root
MYSQL_PASSWORD={{ .mysql_root_password }} MYSQL_PASSWORD={{ .mysql_root_password }}
{{ end -}} {{ end -}}
{{ with nomadVar "nomad/jobs/backups" -}} {{ with nomadVar "nomad/jobs/backup" -}}
BACKUP_PASSPHRASE={{ .backup_passphrase }} BACKUP_PASSPHRASE={{ .backup_passphrase }}
RCLONE_FTP_HOST={{ .nas_ftp_host }} RCLONE_FTP_HOST={{ .nas_ftp_host }}
RCLONE_FTP_USER={{ .nas_ftp_user }} RCLONE_FTP_USER={{ .nas_ftp_user }}

View File

@ -1,4 +1,4 @@
resource "nomad_job" "backups" { resource "nomad_job" "backup" {
jobspec = templatefile("${path.module}/backup.nomad", { jobspec = templatefile("${path.module}/backup.nomad", {
module_path = path.module, module_path = path.module,
batch_node = null, batch_node = null,
@ -10,7 +10,7 @@ resource "nomad_job" "backups" {
# name = "nomad-client" # name = "nomad-client"
# } # }
resource "nomad_job" "backups-oneoff" { resource "nomad_job" "backup-oneoff" {
# TODO: Get list of nomad hosts dynamically # TODO: Get list of nomad hosts dynamically
for_each = toset(["n1", "n2"]) for_each = toset(["n1", "n2"])
# for_each = toset([ # for_each = toset([

View File

@ -1,29 +1,29 @@
resource "consul_service" "homeassistant" { # resource "consul_service" "homeassistant" {
name = "hass" # name = "hass"
node = consul_node.homeassistant.name # node = consul_node.homeassistant.name
port = 8123 # port = 8123
tags = [ # tags = [
"traefik.enable=true", # "traefik.enable=true",
"traefik.consulcatalog.connect=false", # "traefik.consulcatalog.connect=false",
"traefik.http.routers.hass.entryPoints=websecure", # "traefik.http.routers.hass.entryPoints=websecure",
] # ]
#
check { # check {
check_id = "homeassistant:hass" # check_id = "homeassistant:hass"
status = "passing" # status = "passing"
name = "Home Assistant Health Check" # name = "Home Assistant Health Check"
http = "192.168.3.65:8123" # http = "192.168.3.65:8123"
interval = "30s" # interval = "30s"
timeout = "10s" # timeout = "10s"
} # }
} # }
#
resource "consul_node" "homeassistant" { # resource "consul_node" "homeassistant" {
name = "homeassistant" # name = "homeassistant"
address = "192.168.3.65" # address = "192.168.3.65"
#
meta = { # meta = {
"external-node" = "true" # "external-node" = "true"
"external-probe" = "true" # "external-probe" = "true"
} # }
} # }

View File

@ -9,7 +9,7 @@ job "ipdvr" {
mode = "bridge" mode = "bridge"
port "main" { port "main" {
host_network = "wgoverlay" host_network = "wesher"
to = 8080 to = 8080
} }
} }
@ -75,7 +75,7 @@ job "ipdvr" {
network { network {
mode = "bridge" mode = "bridge"
port "main" { port "main" {
host_network = "wgoverlay" host_network = "wesher"
to = 6789 to = 6789
} }
} }
@ -142,7 +142,7 @@ job "ipdvr" {
network { network {
mode = "bridge" mode = "bridge"
port "main" { port "main" {
host_network = "wgoverlay" host_network = "wesher"
to = 8989 to = 8989
} }
} }

View File

@ -172,8 +172,9 @@ module "photoprism_module" {
PHOTOPRISM_DATABASE_USER={{ .db_user }} PHOTOPRISM_DATABASE_USER={{ .db_user }}
PHOTOPRISM_DATABASE_PASSWORD={{ .db_pass }} PHOTOPRISM_DATABASE_PASSWORD={{ .db_pass }}
{{ range nomadService 1 (env "NOMAD_ALLOC_ID") "mysql-server" -}} {{ range nomadService 1 (env "NOMAD_ALLOC_ID") "mysql-server" -}}
PHOTOPRISM_DATABASE_SERVER="{{ .Address" }}:{{ .Port }}" PHOTOPRISM_DATABASE_SERVER="{{ .Address }}:{{ .Port }}"
{{ end -}} {{- end }}
{{- end }}
EOF EOF
dest_prefix = "$${NOMAD_SECRETS_DIR}/" dest_prefix = "$${NOMAD_SECRETS_DIR}/"
dest = "env" dest = "env"

View File

@ -8,7 +8,7 @@ job "multimedia" {
network { network {
mode = "bridge" mode = "bridge"
port "web" { port "web" {
host_network = "wgoverlay" host_network = "wesher"
to = 80 to = 80
} }
} }

View File

@ -10,7 +10,7 @@ job "${name}" {
%{ if service_port != null ~} %{ if service_port != null ~}
port "main" { port "main" {
%{ if ingress } %{ if ingress }
host_network = "wgoverlay" host_network = "wesher"
%{~ endif } %{~ endif }
to = ${service_port} to = ${service_port}
} }

View File

@ -9,56 +9,13 @@ job "whoami" {
type = "service" type = "service"
group "whoami-nomad" {
count = var.count
network {
mode = "bridge"
port "web" {
host_network = "wesher"
to = 80
}
}
service {
name = "whoami-nomad"
provider = "nomad"
port = "web"
tags = [
"traefik.enable=true",
"traefik.http.routers.whoami-nomad.entryPoints=websecure",
"traefik.http.routers.whoami-nomad.middlewares=basic-auth@file",
]
}
task "whoami" {
driver = "docker"
meta = {
"diun.enable" = false
}
config {
image = "containous/whoami:latest"
ports = ["web"]
args = ["--port", "${NOMAD_PORT_web}"]
}
resources {
cpu = 50
memory = 20
}
}
}
group "whoami" { group "whoami" {
count = var.count count = var.count
network { network {
mode = "bridge" mode = "bridge"
port "web" { port "web" {
host_network = "wgoverlay" host_network = "wesher"
to = 80 to = 80
} }
} }

View File

@ -1,7 +1,3 @@
variable "consul_address" {
type = string
default = "http://n1.thefij:8500"
}
variable "nomad_address" { variable "nomad_address" {
type = string type = string