iamthefij
/
homelab-nomad
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
123 Commits 14 Branches 0 Tags 2 MiB
Commit Graph

123 Commits

Author SHA1 Message Date
IamTheFij 852c44d435 Update Consul ACL backend 2022-07-27 13:39:19 -07:00
IamTheFij 0fbc1c716b WIP: Begin config to bootstrap ACLs 
Following guide here: https://learn.hashicorp.com/tutorials/consul/vault-consul-secrets?in=consul/vault-secure

Unsure of how this will actually authenticate though.
 2022-07-27 13:13:22 -07:00
IamTheFij 64a9302276 Update Nomad and Vault ACLs 
Now nomad is read only and tokens can be retrieved from Vault
 2022-07-27 13:13:11 -07:00
IamTheFij 5e4ca8efda Reduce memory for blocky sidecar 2022-07-27 11:22:02 -07:00
IamTheFij f762cb55f8 Hide blocky API from non-traefik route 2022-07-27 11:21:11 -07:00
IamTheFij a8e5be2162 Get letsencrypt certs working with Traefik 2022-07-27 11:12:08 -07:00
IamTheFij 5e1b679cbb Fix consul value bootstrap and hide secrets in log 2022-07-27 11:11:03 -07:00
IamTheFij 594609db64 Add basic auth to traefik 2022-07-26 21:48:16 -07:00
IamTheFij 7554509671 Make anonymous nomad read only 2022-07-26 20:20:43 -07:00
IamTheFij c21ed2fa3f Add userpass login to Vault 2022-07-26 20:09:52 -07:00
IamTheFij 7356b8d407 Make metrics more readable 2022-07-25 21:45:01 -07:00
IamTheFij 2625f6dcb1 Reduce task memory 2022-07-25 16:37:51 -07:00
IamTheFij aa6db53047 Fix mysql 2022-07-25 16:29:43 -07:00
IamTheFij 56b7ea8a9c WIP: Update oneoff backups 2022-07-25 16:29:35 -07:00
IamTheFij 7acca6d160 Fix consul backup 2022-07-25 16:29:06 -07:00
IamTheFij dcfe43f63d Move traefik connect intents to core 2022-07-25 15:54:23 -07:00
IamTheFij caa84a5340 Allow bypass of healthcheck 2022-07-25 15:52:47 -07:00
IamTheFij a8fe9bfff8 Get mysql root from vault 2022-07-25 15:52:47 -07:00
IamTheFij b300c220b6 Tweak memory requirements for tasks 2022-07-25 15:52:47 -07:00
IamTheFij 459481e8f7 Add test consul backup 2022-07-25 15:52:47 -07:00
IamTheFij 11e89de947 Clean up Grafana and Loki bootstraps 2022-07-25 15:52:47 -07:00
IamTheFij 349f7b930b Remove packer stuff 2022-07-25 15:49:07 -07:00
IamTheFij 2ed2056766 Update lockfile 2022-07-25 15:40:54 -07:00
IamTheFij 1142c0f53f Add new playbook and make target for bootstrapping values to Consul and Vault 2022-07-25 15:40:22 -07:00
IamTheFij 3a9ae20a6b Update playbook, move acls and comment for fixes 
There are some items that I found are broken on first run and made some changes
 2022-07-25 11:48:03 -07:00
IamTheFij b86c57d75d Make acls module stand alone 2022-07-25 11:48:03 -07:00
IamTheFij d5a0ec6828 Shorten pip installs 2022-07-25 11:48:03 -07:00
IamTheFij 18f7cebfc2 Add vault kv creation 2022-07-25 11:14:51 -07:00
IamTheFij 6988e19014 Add loki, promtail, and syslog-ng 2022-07-25 10:46:16 -07:00
IamTheFij 816d6b7097 Add sticky disk to service template 2022-07-25 10:44:37 -07:00
IamTheFij 1e35958044 Promethus: Use env for consul address rather than variable 2022-07-25 10:38:48 -07:00
IamTheFij 1c02e69225 Move core services to new tf file 
Precursor to moving to a module so it can be applied separately
 2022-07-25 10:37:32 -07:00
IamTheFij 2a77067bdc WIP: Write a consul backup job 2022-07-21 20:24:50 -07:00
IamTheFij 5b88413604 Add consul bootstrap and move vault to an example 2022-07-21 20:16:10 -07:00
IamTheFij 5165045ee9 Fix consul address in levant 2022-07-21 20:11:21 -07:00
IamTheFij 5583b2d38e Deploy Nomad, Consul, and Vault using apt repo 2022-07-21 19:04:44 -07:00
IamTheFij f460f890da Use vault for backups jobs 2022-07-21 19:03:40 -07:00
IamTheFij 29946a4df6 Major grafana refactor to include automatic loading of provisioning files 2022-07-21 15:54:05 -07:00
IamTheFij bde0b84d70 Go back to a single ingress node to simplify Traefik TLS 
The open source version of Traefik doesn't natively support HA. Running
multiple instances means that the TLS certificates will have to be
managed outside of Traefik and distributed to running jobs via Vault and
Nomad. This is doable, but I've decided to reduce the scope for now to
simplify things and go to a single Ingress node so that Traefik cert
management can be used.
 2022-07-21 15:50:13 -07:00
IamTheFij 52c7e3d326 More nextcloud config using Vault 2022-07-08 16:26:26 -07:00
IamTheFij 726b634092 Create levant tf module 
Also a template service Nomad job that can be used for some straighforward services
 2022-07-08 16:24:03 -07:00
IamTheFij 54f98e740f Ignore ansible_collections 2022-06-28 12:11:55 -07:00
IamTheFij b9736aba83 Add example secrets 2022-06-28 12:11:24 -07:00
IamTheFij 50dafc6b3e Fix secrets access from nomad tasks 
Probably can be cleaned up and updated to follow least access
 2022-06-28 12:11:07 -07:00
IamTheFij 723b5fab78 Improve vault bootstrap and nomad connection 2022-06-28 12:10:18 -07:00
IamTheFij 1dad4d22a1 Bootstrap vault secrets 2022-06-28 12:09:57 -07:00
IamTheFij ff4e473a89 Small improvement to consul kv role 2022-06-28 12:08:23 -07:00
IamTheFij 8434c22fd2 Add missing role requirements file 
This uses updated fork of ansible-consul
 2022-06-23 20:13:17 -07:00
IamTheFij 46ee046f6c Deploy traefik one at a time with autorevert 2022-06-23 20:12:30 -07:00
IamTheFij 609944df8e Install consul dns forwarding 2022-06-23 20:12:09 -07:00