29 Commits

Author SHA1 Message Date
f5898b0283 Add workload ACL management for mysql and postgres access
Allows required jobs to access shared secrets and auto generates psks
for stunnel.

Currently supporting MySQL, Postgres, and LDAP.
2023-08-29 12:48:48 -07:00
013dd8248b Make base_hostname more configurable 2023-08-24 15:03:36 -07:00
d5078b24da Refactor use of wesher to be behind a variable toggle
Occasionally I run into issues with Wesher. This makes it easier to
disable use of Wesher by setting TF_VAR_use_wesher to false.
2023-08-24 12:51:32 -07:00
f333031c25 bootstrap blocky with stunnel 2023-07-26 23:23:23 -07:00
0a7ad7a9dc Enable redis for authelia
This also splits redis instances by service
2023-07-07 15:50:23 -07:00
f606e0a17e Remove blocky client groups because fallback server masks them 2023-07-05 15:45:55 -07:00
2c128b25f3 Add additional blocking for wemo 2023-06-20 09:42:33 -07:00
f11fad30a5 Use stunnel for mysql
Doesn't remove wesher or normal mysql service
2023-05-09 13:20:36 -07:00
7d8bc45090 Move blocky custom mappings above catchall 2023-04-04 13:12:34 -07:00
c38ba8589a Clean blocky config for latest version 2023-03-27 15:21:35 -07:00
c7f85bd985 Fix blocky redis stunnel lookup 2023-03-27 15:21:19 -07:00
f17dec7b57 Add nomad services to nomad zone using hosts in blocky 2023-03-27 15:20:50 -07:00
a748adbab0 Store blocky config in local task dir 2023-03-27 15:19:53 -07:00
98ea2a1ca0 A whole lot of incremental fixes for nomad variables and such
Also adds stunnel between redis and clients
2023-03-24 16:32:37 -07:00
d8307935f5 Refactor everything for nomad vars 2023-03-24 11:24:36 -07:00
5fb0e0841e Blocky do not create read only user to reduce password exposure 2023-03-24 09:56:56 -07:00
00697ebb02 Blocky use wgoverlay for api 2023-03-24 09:56:29 -07:00
46dc44aca4 Simplify mysql for blocky 2023-03-24 08:55:27 -07:00
4430b3570e Fix blocky template 2023-03-24 08:55:27 -07:00
65cb6afaf9 WIP: Moving vars and service discovery to Nomad
Starting with core
2023-03-24 08:55:23 -07:00
3a95fb46db Add more conditional checks to Blocky so it is more resiliant
Hopefully this will allow it to deploy if mysql or vault are down
2023-02-27 11:54:33 -08:00
91c2ff6345 Update blocklists 2022-12-22 15:13:31 -08:00
fd731971d3 Try to stabilize DNS
Add all cluster nodes to each nodes resolv.conf and update blocky config
template to delay render on update to avoid unnecessary restarts
2022-11-27 22:46:25 -08:00
2db266bda7 Update blocky upstream dns to bootstrap better (hopefully) and forward to consul 2022-11-15 10:26:26 -08:00
bb400a3f1c Add blocky metrics to grafana 2022-11-11 16:21:17 -08:00
3077e66e70 Limit all existing services to websecure entrypoint
This will be a bigger issue if exposing a public entrypoint.
2022-11-10 13:37:50 -08:00
1fad6b691c Update some metrics 2022-11-07 20:50:18 -08:00
0996cfbf67 Update hooks 2022-11-02 12:59:32 -07:00
45c597b040 Big refactor to split core and services for better ordering 2022-10-27 14:28:34 -07:00