IamTheFij
a8e5be2162
Get letsencrypt certs working with Traefik
2022-07-27 11:12:08 -07:00
IamTheFij
5e1b679cbb
Fix consul value bootstrap and hide secrets in log
2022-07-27 11:11:03 -07:00
IamTheFij
594609db64
Add basic auth to traefik
2022-07-26 21:48:16 -07:00
IamTheFij
7554509671
Make anonymous nomad read only
2022-07-26 20:20:43 -07:00
IamTheFij
c21ed2fa3f
Add userpass login to Vault
2022-07-26 20:09:52 -07:00
IamTheFij
7356b8d407
Make metrics more readable
2022-07-25 21:45:01 -07:00
IamTheFij
2625f6dcb1
Reduce task memory
2022-07-25 16:37:51 -07:00
IamTheFij
aa6db53047
Fix mysql
2022-07-25 16:29:43 -07:00
IamTheFij
56b7ea8a9c
WIP: Update oneoff backups
2022-07-25 16:29:35 -07:00
IamTheFij
7acca6d160
Fix consul backup
2022-07-25 16:29:06 -07:00
IamTheFij
dcfe43f63d
Move traefik connect intents to core
2022-07-25 15:54:23 -07:00
IamTheFij
caa84a5340
Allow bypass of healthcheck
2022-07-25 15:52:47 -07:00
IamTheFij
a8fe9bfff8
Get mysql root from vault
2022-07-25 15:52:47 -07:00
IamTheFij
b300c220b6
Tweak memory requirements for tasks
2022-07-25 15:52:47 -07:00
IamTheFij
459481e8f7
Add test consul backup
2022-07-25 15:52:47 -07:00
IamTheFij
11e89de947
Clean up Grafana and Loki bootstraps
2022-07-25 15:52:47 -07:00
IamTheFij
349f7b930b
Remove packer stuff
2022-07-25 15:49:07 -07:00
IamTheFij
2ed2056766
Update lockfile
2022-07-25 15:40:54 -07:00
IamTheFij
1142c0f53f
Add new playbook and make target for bootstrapping values to Consul and Vault
2022-07-25 15:40:22 -07:00
IamTheFij
3a9ae20a6b
Update playbook, move acls and comment for fixes
...
There are some items that I found are broken on first run and made some changes
2022-07-25 11:48:03 -07:00
IamTheFij
b86c57d75d
Make acls module stand alone
2022-07-25 11:48:03 -07:00
IamTheFij
d5a0ec6828
Shorten pip installs
2022-07-25 11:48:03 -07:00
IamTheFij
18f7cebfc2
Add vault kv creation
2022-07-25 11:14:51 -07:00
IamTheFij
6988e19014
Add loki, promtail, and syslog-ng
2022-07-25 10:46:16 -07:00
IamTheFij
816d6b7097
Add sticky disk to service template
2022-07-25 10:44:37 -07:00
IamTheFij
1e35958044
Promethus: Use env for consul address rather than variable
2022-07-25 10:38:48 -07:00
IamTheFij
1c02e69225
Move core services to new tf file
...
Precursor to moving to a module so it can be applied separately
2022-07-25 10:37:32 -07:00
IamTheFij
2a77067bdc
WIP: Write a consul backup job
2022-07-21 20:24:50 -07:00
IamTheFij
5b88413604
Add consul bootstrap and move vault to an example
2022-07-21 20:16:10 -07:00
IamTheFij
5165045ee9
Fix consul address in levant
2022-07-21 20:11:21 -07:00
IamTheFij
5583b2d38e
Deploy Nomad, Consul, and Vault using apt repo
2022-07-21 19:04:44 -07:00
IamTheFij
f460f890da
Use vault for backups jobs
2022-07-21 19:03:40 -07:00
IamTheFij
29946a4df6
Major grafana refactor to include automatic loading of provisioning files
2022-07-21 15:54:05 -07:00
IamTheFij
bde0b84d70
Go back to a single ingress node to simplify Traefik TLS
...
The open source version of Traefik doesn't natively support HA. Running
multiple instances means that the TLS certificates will have to be
managed outside of Traefik and distributed to running jobs via Vault and
Nomad. This is doable, but I've decided to reduce the scope for now to
simplify things and go to a single Ingress node so that Traefik cert
management can be used.
2022-07-21 15:50:13 -07:00
IamTheFij
52c7e3d326
More nextcloud config using Vault
2022-07-08 16:26:26 -07:00
IamTheFij
726b634092
Create levant tf module
...
Also a template service Nomad job that can be used for some straighforward services
2022-07-08 16:24:03 -07:00
IamTheFij
54f98e740f
Ignore ansible_collections
2022-06-28 12:11:55 -07:00
IamTheFij
b9736aba83
Add example secrets
2022-06-28 12:11:24 -07:00
IamTheFij
50dafc6b3e
Fix secrets access from nomad tasks
...
Probably can be cleaned up and updated to follow least access
2022-06-28 12:11:07 -07:00
IamTheFij
723b5fab78
Improve vault bootstrap and nomad connection
2022-06-28 12:10:18 -07:00
IamTheFij
1dad4d22a1
Bootstrap vault secrets
2022-06-28 12:09:57 -07:00
IamTheFij
ff4e473a89
Small improvement to consul kv role
2022-06-28 12:08:23 -07:00
IamTheFij
8434c22fd2
Add missing role requirements file
...
This uses updated fork of ansible-consul
2022-06-23 20:13:17 -07:00
IamTheFij
46ee046f6c
Deploy traefik one at a time with autorevert
2022-06-23 20:12:30 -07:00
IamTheFij
609944df8e
Install consul dns forwarding
2022-06-23 20:12:09 -07:00
IamTheFij
ab58652932
Install consul from repo
2022-06-23 20:11:48 -07:00
IamTheFij
b8b74e900b
Make blocky config a bit more stable by removing templating based on whami
2022-06-23 20:11:28 -07:00
IamTheFij
7760d3387e
Fix blocky upstream tcp for quad9
2022-06-23 20:11:09 -07:00
IamTheFij
0ea91e7ffc
Auto revert broken blocky
...
Also enable traefik
2022-06-23 20:10:36 -07:00
IamTheFij
eb129be95e
Add Consul lookup for ads dns allowlist
2022-06-23 13:36:06 -07:00