852c44d435
Update Consul ACL backend
2022-07-27 13:39:19 -07:00
0fbc1c716b
WIP: Begin config to bootstrap ACLs
...
Following guide here: https://learn.hashicorp.com/tutorials/consul/vault-consul-secrets?in=consul/vault-secure
Unsure of how this will actually authenticate though.
2022-07-27 13:13:22 -07:00
64a9302276
Update Nomad and Vault ACLs
...
Now nomad is read only and tokens can be retrieved from Vault
2022-07-27 13:13:11 -07:00
5e4ca8efda
Reduce memory for blocky sidecar
2022-07-27 11:22:02 -07:00
f762cb55f8
Hide blocky API from non-traefik route
2022-07-27 11:21:11 -07:00
a8e5be2162
Get letsencrypt certs working with Traefik
2022-07-27 11:12:08 -07:00
5e1b679cbb
Fix consul value bootstrap and hide secrets in log
2022-07-27 11:11:03 -07:00
594609db64
Add basic auth to traefik
2022-07-26 21:48:16 -07:00
7554509671
Make anonymous nomad read only
2022-07-26 20:20:43 -07:00
c21ed2fa3f
Add userpass login to Vault
2022-07-26 20:09:52 -07:00
7356b8d407
Make metrics more readable
2022-07-25 21:45:01 -07:00
2625f6dcb1
Reduce task memory
2022-07-25 16:37:51 -07:00
aa6db53047
Fix mysql
2022-07-25 16:29:43 -07:00
56b7ea8a9c
WIP: Update oneoff backups
2022-07-25 16:29:35 -07:00
7acca6d160
Fix consul backup
2022-07-25 16:29:06 -07:00
dcfe43f63d
Move traefik connect intents to core
2022-07-25 15:54:23 -07:00
caa84a5340
Allow bypass of healthcheck
2022-07-25 15:52:47 -07:00
a8fe9bfff8
Get mysql root from vault
2022-07-25 15:52:47 -07:00
b300c220b6
Tweak memory requirements for tasks
2022-07-25 15:52:47 -07:00
459481e8f7
Add test consul backup
2022-07-25 15:52:47 -07:00
11e89de947
Clean up Grafana and Loki bootstraps
2022-07-25 15:52:47 -07:00
349f7b930b
Remove packer stuff
2022-07-25 15:49:07 -07:00
2ed2056766
Update lockfile
2022-07-25 15:40:54 -07:00
1142c0f53f
Add new playbook and make target for bootstrapping values to Consul and Vault
2022-07-25 15:40:22 -07:00
3a9ae20a6b
Update playbook, move acls and comment for fixes
...
There are some items that I found are broken on first run and made some changes
2022-07-25 11:48:03 -07:00
b86c57d75d
Make acls module stand alone
2022-07-25 11:48:03 -07:00
d5a0ec6828
Shorten pip installs
2022-07-25 11:48:03 -07:00
18f7cebfc2
Add vault kv creation
2022-07-25 11:14:51 -07:00
6988e19014
Add loki, promtail, and syslog-ng
2022-07-25 10:46:16 -07:00
816d6b7097
Add sticky disk to service template
2022-07-25 10:44:37 -07:00
1e35958044
Promethus: Use env for consul address rather than variable
2022-07-25 10:38:48 -07:00
1c02e69225
Move core services to new tf file
...
Precursor to moving to a module so it can be applied separately
2022-07-25 10:37:32 -07:00
2a77067bdc
WIP: Write a consul backup job
2022-07-21 20:24:50 -07:00
5b88413604
Add consul bootstrap and move vault to an example
2022-07-21 20:16:10 -07:00
5165045ee9
Fix consul address in levant
2022-07-21 20:11:21 -07:00
5583b2d38e
Deploy Nomad, Consul, and Vault using apt repo
2022-07-21 19:04:44 -07:00
f460f890da
Use vault for backups jobs
2022-07-21 19:03:40 -07:00
29946a4df6
Major grafana refactor to include automatic loading of provisioning files
2022-07-21 15:54:05 -07:00
bde0b84d70
Go back to a single ingress node to simplify Traefik TLS
...
The open source version of Traefik doesn't natively support HA. Running
multiple instances means that the TLS certificates will have to be
managed outside of Traefik and distributed to running jobs via Vault and
Nomad. This is doable, but I've decided to reduce the scope for now to
simplify things and go to a single Ingress node so that Traefik cert
management can be used.
2022-07-21 15:50:13 -07:00
52c7e3d326
More nextcloud config using Vault
2022-07-08 16:26:26 -07:00
726b634092
Create levant tf module
...
Also a template service Nomad job that can be used for some straighforward services
2022-07-08 16:24:03 -07:00
54f98e740f
Ignore ansible_collections
2022-06-28 12:11:55 -07:00
b9736aba83
Add example secrets
2022-06-28 12:11:24 -07:00
50dafc6b3e
Fix secrets access from nomad tasks
...
Probably can be cleaned up and updated to follow least access
2022-06-28 12:11:07 -07:00
723b5fab78
Improve vault bootstrap and nomad connection
2022-06-28 12:10:18 -07:00
1dad4d22a1
Bootstrap vault secrets
2022-06-28 12:09:57 -07:00
ff4e473a89
Small improvement to consul kv role
2022-06-28 12:08:23 -07:00
8434c22fd2
Add missing role requirements file
...
This uses updated fork of ansible-consul
2022-06-23 20:13:17 -07:00
46ee046f6c
Deploy traefik one at a time with autorevert
2022-06-23 20:12:30 -07:00
609944df8e
Install consul dns forwarding
2022-06-23 20:12:09 -07:00