Commit Graph

46 Commits

Author SHA1 Message Date
7477cb7227 Upgrade blocky and init fast 2024-06-24 13:53:13 -07:00
90b7740343 Move Blocky and Exporters away from system to service jobs
This is because service jobs do not get rescheduled when allocs fail
2024-05-30 11:41:40 -07:00
3dcd4c44b3 Tune memory after reviewing grafana 2024-03-26 09:48:31 -07:00
8b90aa0d74 Add 1.1.1.1 dns back to blocky for better resiliance 2024-02-20 10:10:41 -08:00
6b5adbdf39 Remove 404 block list 2024-02-13 12:02:35 -08:00
77ef4b4167 Use quad9 encrypted dns 2024-02-13 12:02:14 -08:00
b35b8cecd5 Blocky: Remove mysql and redis configs from stunnel if server isn't found 2024-02-13 12:01:45 -08:00
b9dfeff6d8 Have blocky use router for upstream in nomad 2024-02-13 12:01:08 -08:00
cda2842f8f Switch to image containing stunnel
Rather than installing on container startup, using an image with
stunnel pre-installed. This avoids issues with DNS breaking
the container on startup.
2024-01-03 13:50:49 -08:00
ca55209316 Fix blocky redis 2023-12-10 20:37:43 -08:00
1b49f015c5 Update blocky config to v0.22 schema 2023-11-30 14:00:27 -08:00
eb25138675 Remove defunct lists 2023-11-30 13:39:22 -08:00
69a0f760b4 Remove defunct lists 2023-11-30 13:39:01 -08:00
bb34b434b8 Add custom blocklists hosted on my gitea server 2023-11-30 13:23:54 -08:00
b29f405090 Bump prometheus versiosn and pin blocky 2023-09-18 21:58:43 -07:00
2bd939e651 Remove deprecated hcl2 enabled 2023-08-29 13:02:04 -07:00
ea8ca478c6 Fix blocky acl 2023-08-29 12:59:14 -07:00
f5898b0283 Add workload ACL management for mysql and postgres access
Allows required jobs to access shared secrets and auto generates psks
for stunnel.

Currently supporting MySQL, Postgres, and LDAP.
2023-08-29 12:48:48 -07:00
013dd8248b Make base_hostname more configurable 2023-08-24 15:03:36 -07:00
d5078b24da Refactor use of wesher to be behind a variable toggle
Occasionally I run into issues with Wesher. This makes it easier to
disable use of Wesher by setting TF_VAR_use_wesher to false.
2023-08-24 12:51:32 -07:00
f333031c25 bootstrap blocky with stunnel 2023-07-26 23:23:23 -07:00
0a7ad7a9dc Enable redis for authelia
This also splits redis instances by service
2023-07-07 15:50:23 -07:00
f606e0a17e Remove blocky client groups because fallback server masks them 2023-07-05 15:45:55 -07:00
2c128b25f3 Add additional blocking for wemo 2023-06-20 09:42:33 -07:00
f11fad30a5 Use stunnel for mysql
Doesn't remove wesher or normal mysql service
2023-05-09 13:20:36 -07:00
7d8bc45090 Move blocky custom mappings above catchall 2023-04-04 13:12:34 -07:00
c38ba8589a Clean blocky config for latest version 2023-03-27 15:21:35 -07:00
c7f85bd985 Fix blocky redis stunnel lookup 2023-03-27 15:21:19 -07:00
f17dec7b57 Add nomad services to nomad zone using hosts in blocky 2023-03-27 15:20:50 -07:00
a748adbab0 Store blocky config in local task dir 2023-03-27 15:19:53 -07:00
98ea2a1ca0 A whole lot of incremental fixes for nomad variables and such
Also adds stunnel between redis and clients
2023-03-24 16:32:37 -07:00
d8307935f5 Refactor everything for nomad vars 2023-03-24 11:24:36 -07:00
5fb0e0841e Blocky do not create read only user to reduce password exposure 2023-03-24 09:56:56 -07:00
00697ebb02 Blocky use wgoverlay for api 2023-03-24 09:56:29 -07:00
46dc44aca4 Simplify mysql for blocky 2023-03-24 08:55:27 -07:00
4430b3570e Fix blocky template 2023-03-24 08:55:27 -07:00
65cb6afaf9 WIP: Moving vars and service discovery to Nomad
Starting with core
2023-03-24 08:55:23 -07:00
3a95fb46db Add more conditional checks to Blocky so it is more resiliant
Hopefully this will allow it to deploy if mysql or vault are down
2023-02-27 11:54:33 -08:00
91c2ff6345 Update blocklists 2022-12-22 15:13:31 -08:00
fd731971d3 Try to stabilize DNS
Add all cluster nodes to each nodes resolv.conf and update blocky config
template to delay render on update to avoid unnecessary restarts
2022-11-27 22:46:25 -08:00
2db266bda7 Update blocky upstream dns to bootstrap better (hopefully) and forward to consul 2022-11-15 10:26:26 -08:00
bb400a3f1c Add blocky metrics to grafana 2022-11-11 16:21:17 -08:00
3077e66e70 Limit all existing services to websecure entrypoint
This will be a bigger issue if exposing a public entrypoint.
2022-11-10 13:37:50 -08:00
1fad6b691c Update some metrics 2022-11-07 20:50:18 -08:00
0996cfbf67 Update hooks 2022-11-02 12:59:32 -07:00
45c597b040 Big refactor to split core and services for better ordering 2022-10-27 14:28:34 -07:00