153 lines
3.0 KiB
HCL
153 lines
3.0 KiB
HCL
|
|
module "blocky" {
|
|
source = "./blocky"
|
|
|
|
base_hostname = var.base_hostname
|
|
# Not in this module
|
|
# depends_on = [module.databases]
|
|
}
|
|
|
|
module "traefik" {
|
|
source = "./traefik"
|
|
|
|
base_hostname = var.base_hostname
|
|
}
|
|
|
|
module "nomad_login" {
|
|
source = "IamTheFij/levant/nomad"
|
|
version = "0.1.0"
|
|
|
|
template_path = "service.nomad"
|
|
variables = {
|
|
name = "nomad-login"
|
|
image = "iamthefij/nomad-vault-login"
|
|
service_port = 5000
|
|
ingress = true
|
|
ingress_rule = "Host(`nomad.thefij.rocks`) && PathPrefix(`/login`)"
|
|
env = jsonencode({
|
|
VAULT_ADDR = "http://$${attr.unique.network.ip-address}:8200",
|
|
})
|
|
}
|
|
}
|
|
|
|
module "metrics" {
|
|
source = "./metrics"
|
|
# Not in this module
|
|
# depends_on = [module.databases]
|
|
}
|
|
|
|
module "loki" {
|
|
source = "IamTheFij/levant/nomad"
|
|
version = "0.1.0"
|
|
|
|
template_path = "service.nomad"
|
|
variables = {
|
|
name = "loki"
|
|
image = "grafana/loki:2.2.1"
|
|
service_port = 3100
|
|
ingress = true
|
|
sticky_disk = true
|
|
healthcheck = "/ready"
|
|
templates = jsonencode([
|
|
{
|
|
data = file("${path.module}/loki-config.yml")
|
|
dest = "/etc/loki/local-config.yaml"
|
|
}
|
|
])
|
|
}
|
|
}
|
|
|
|
resource "consul_config_entry" "loki_intent" {
|
|
name = "loki"
|
|
kind = "service-intentions"
|
|
|
|
config_json = jsonencode({
|
|
Sources = [
|
|
{
|
|
Action = "allow"
|
|
Name = "grafana"
|
|
Precedence = 9
|
|
Type = "consul"
|
|
},
|
|
{
|
|
Action = "allow"
|
|
Name = "promtail"
|
|
Precedence = 9
|
|
Type = "consul"
|
|
},
|
|
{
|
|
Action = "allow"
|
|
Name = "syslogng-promtail"
|
|
Precedence = 9
|
|
Type = "consul"
|
|
},
|
|
]
|
|
})
|
|
}
|
|
|
|
resource "nomad_job" "syslog-ng" {
|
|
jobspec = file("${path.module}/syslogng.nomad")
|
|
}
|
|
|
|
resource "nomad_job" "ddclient" {
|
|
jobspec = file("${path.module}/ddclient.nomad")
|
|
}
|
|
|
|
resource "nomad_job" "lldap" {
|
|
jobspec = file("${path.module}/lldap.nomad")
|
|
}
|
|
|
|
resource "consul_config_entry" "syslogng_promtail_intent" {
|
|
name = "syslogng-promtail"
|
|
kind = "service-intentions"
|
|
|
|
config_json = jsonencode({
|
|
Sources = [
|
|
{
|
|
Action = "allow"
|
|
Name = "syslogng"
|
|
Precedence = 9
|
|
Type = "consul"
|
|
},
|
|
]
|
|
})
|
|
}
|
|
|
|
resource "consul_config_entry" "global_access" {
|
|
name = "*"
|
|
kind = "service-intentions"
|
|
|
|
config_json = jsonencode({
|
|
Sources = [
|
|
{
|
|
Action = "allow"
|
|
Name = "traefik"
|
|
Precedence = 6
|
|
Type = "consul"
|
|
},
|
|
{
|
|
Action = "deny"
|
|
Name = "*"
|
|
Precedence = 5
|
|
Type = "consul"
|
|
},
|
|
]
|
|
})
|
|
}
|
|
|
|
resource "consul_config_entry" "ldap_intents" {
|
|
name = "ldap"
|
|
kind = "service-intentions"
|
|
|
|
config_json = jsonencode({
|
|
Sources = [
|
|
{
|
|
Action = "allow"
|
|
Name = "authelia"
|
|
Precedence = 9
|
|
Type = "consul"
|
|
},
|
|
]
|
|
})
|
|
}
|