Commit Graph

252 Commits

Author SHA1 Message Date
0ad777c76f Fix unsealing of single vault instance
Checking status of only one node meant that if that node was sealed
we would not try to unseal other nodes
2022-08-30 15:14:00 -07:00
929501b72c Enable consul autopilot 2022-08-30 15:12:52 -07:00
429854897f Update nomad, consul, vault versions 2022-08-30 15:12:35 -07:00
551df5f0c5 Use newer cadvisor 2022-08-30 15:11:52 -07:00
f73a4b13ec Use updated ansible-nomad role
Has better support for multi-arch installs and fixes cni
2022-08-30 15:10:16 -07:00
f9a9a37f6d Add pi4 host 2022-08-30 15:09:48 -07:00
e96a7501dd Rename nomad anon policy file 2022-08-23 10:31:29 -07:00
c62a0118a5 WIP: Allow specifying https endpoints and fetching nomad token 2022-08-23 09:57:57 -07:00
599dd02bdc Add mysql database storage to Grafana 2022-07-29 13:02:22 -07:00
afa6984001 Add Nomad dashboard to grafana 2022-07-29 13:01:59 -07:00
eb0b16abbe Don't deploy Nextcloud 2022-07-29 13:01:40 -07:00
c0afa52edc Stop duplicate nomad scraping
Already getting it from Client service
2022-07-29 13:01:22 -07:00
0e0ff7bbac Increase promtail memory 2022-07-28 16:37:19 -07:00
994c2f4743 Make traefik a service rather than a system job
Sets it up to support auto_revert and auto_promote
2022-07-28 15:11:59 -07:00
795b683046 Traefik wildcard certs 2022-07-28 15:11:24 -07:00
8af70181f3 Remove variable for consul_address for traefik
Now getting from Noamd environment
2022-07-28 15:10:39 -07:00
e3633f9961 Make lldap backup daily 2022-07-28 15:05:00 -07:00
c5538bb623 conditional dns lookups for router assigned domains 2022-07-27 22:04:46 -07:00
b9ef67b925 Working backup and restore 2022-07-27 22:04:22 -07:00
a5fd1942de Make traefik disk ephemeral and sticky 2022-07-27 17:30:35 -07:00
c0f64c9c8a Bump Traefik mem limit
We don't like this crashing
2022-07-27 17:26:13 -07:00
7d27dbb7f9 Skip dump of lldap db 2022-07-27 17:25:41 -07:00
73d193d0a5 Add lldap backup and templatize backup job
Now oneoff and system jobs are all using the same template
2022-07-27 17:02:29 -07:00
0c6f82e93b Increase prometheus memory limit 2022-07-27 16:11:56 -07:00
6c732800e6 Add lldap 2022-07-27 15:57:28 -07:00
eaa81ddc8a Remove set hostname because that's now done in bootstrap 2022-07-27 15:57:12 -07:00
c111427052 Extend ttl for nomad tokens 2022-07-27 15:56:40 -07:00
5e1d1de521 Add ddclient 2022-07-27 14:45:08 -07:00
b996e745ec Clean up services template whitespace 2022-07-27 14:41:42 -07:00
09f11dcd85 Add vault stanza to levant services 2022-07-27 14:41:13 -07:00
c17a3c950a Add further todos for Nomad Vault 2022-07-27 13:40:21 -07:00
64a9302276 Update Nomad and Vault ACLs
Now nomad is read only and tokens can be retrieved from Vault
2022-07-27 13:13:11 -07:00
5e4ca8efda Reduce memory for blocky sidecar 2022-07-27 11:22:02 -07:00
f762cb55f8 Hide blocky API from non-traefik route 2022-07-27 11:21:11 -07:00
a8e5be2162 Get letsencrypt certs working with Traefik 2022-07-27 11:12:08 -07:00
5e1b679cbb Fix consul value bootstrap and hide secrets in log 2022-07-27 11:11:03 -07:00
594609db64 Add basic auth to traefik 2022-07-26 21:48:16 -07:00
7554509671 Make anonymous nomad read only 2022-07-26 20:20:43 -07:00
c21ed2fa3f Add userpass login to Vault 2022-07-26 20:09:52 -07:00
7356b8d407 Make metrics more readable 2022-07-25 21:45:01 -07:00
2625f6dcb1 Reduce task memory 2022-07-25 16:37:51 -07:00
aa6db53047 Fix mysql 2022-07-25 16:29:43 -07:00
56b7ea8a9c WIP: Update oneoff backups 2022-07-25 16:29:35 -07:00
7acca6d160 Fix consul backup 2022-07-25 16:29:06 -07:00
dcfe43f63d Move traefik connect intents to core 2022-07-25 15:54:23 -07:00
caa84a5340 Allow bypass of healthcheck 2022-07-25 15:52:47 -07:00
a8fe9bfff8 Get mysql root from vault 2022-07-25 15:52:47 -07:00
b300c220b6 Tweak memory requirements for tasks 2022-07-25 15:52:47 -07:00
459481e8f7 Add test consul backup 2022-07-25 15:52:47 -07:00
11e89de947 Clean up Grafana and Loki bootstraps 2022-07-25 15:52:47 -07:00