My Nomad homelab
Go to file
2023-09-27 21:35:16 -07:00
acls Add nomad ACLs and roles for use in oidc auth 2023-07-07 00:30:02 -07:00
ansible_galaxy Refactor ansible to clean root dir 2022-11-02 14:20:09 -07:00
ansible_playbooks Remount network shares when recovering cluster 2023-09-27 21:26:44 -07:00
backups Remove deprecated hcl2 enabled 2023-08-29 13:02:04 -07:00
core Add waiting for loki and prom dependencies in core 2023-09-27 21:30:22 -07:00
databases Bump lldap to latest release 2023-09-14 12:14:07 -07:00
scripts Update missing services script to restart allocs 2023-09-27 21:30:48 -07:00
services Add ability to set service workload acl for task socket 2023-09-27 21:35:16 -07:00
storage_plugins Remove deprecated hcl2 enabled 2023-08-29 13:02:04 -07:00
.gitignore Ignore nomad variables file 2023-04-14 13:54:43 -07:00
.pre-commit-config.yaml Move scripts to subdir 2023-08-26 15:58:57 -07:00
.secrets-baseline Move metrics out of a module and into core 2023-08-24 13:00:36 -07:00
.terraform.lock.hcl Add workload ACL management for mysql and postgres access 2023-08-29 12:48:48 -07:00
.tflint.hcl Update hooks 2022-11-02 12:59:32 -07:00
ansible.cfg Refactor ansible to clean root dir 2022-11-02 14:20:09 -07:00
main.tf Make base_hostname more configurable 2023-08-24 15:03:36 -07:00
Makefile Move scripts to subdir 2023-08-26 15:58:57 -07:00
providers.tf Remove whitespace 2023-07-07 15:56:25 -07:00
README.md Fix eol on readme 2023-08-24 11:53:54 -07:00
requirements.txt Update hooks 2022-11-02 12:59:32 -07:00
root.tf Add nomad ACLs and roles for use in oidc auth 2023-07-07 00:30:02 -07:00
service.nomad Use stunnel for mysql 2023-05-09 13:20:36 -07:00
vars.tf Make base_hostname more configurable 2023-08-24 15:03:36 -07:00

Homelab Nomad

My configuration for creating my home Nomad cluster and deploying services to it.

This repo is not designed as general purpose templates, but rather to fit my specific needs. That said, I have made an effort for things to be as useful as possible for someone wanting to use or modify this.

Running

make all

Design

Both Ansible and Terraform are used as part of this configuration. All hosts must be reachable over SSH prior to running any of this configuration.

To begin, Ansible runs a playbook to setup the cluster. This includes installing Nomad, bootstrapping the cluster and ACLs, setting up NFS shares, creating Nomad Host Volumes, and setting up Wesher as a Wireguard mesh between hosts.

After this is complete, Nomad variables must be set for services to access and configure correctly. This depends on variables to be set based on the sample file.

Finally, the Terraform configuration can be applied setting up all services deployed on the cluster.

The configuration of new services is intended to be as templated as possible and to avoid requiring changes in multiple places. For example, most services are configured with a template that provides reverse proxy, DNS records, database tunnels, database bootstrapping, metrics scraping, and authentication. The only real exception is backups, which requires a distinct job file, for now.

What does it do?

  • Nomad cluster for scheduling and configuring all services
  • Blocky DNS servers with integrated ad blocking. This also provides service discovery
  • Prometheus with autodiscovery of service metrics
  • Loki and Promtail aggregating logs
  • Minitor for service availability checks
  • Grafana providing dashboards, alerting, and log searching
  • Photoprism for photo management
  • Remote and shared volumes over NFS
  • Authelia for OIDC and Proxy based authentication with 2FA
  • Sonarr and Lidarr for multimedia management
  • Automated block based backups using Restic

Step by step

  1. Update hosts in ansible_playbooks/ansible_hosts.yml
  2. Update ansible_playbook/setup-cluster.yml
    1. Update backup DNS server
    2. Update NFS shares from NAS
    3. Update volumes to make sure they are valid paths
  3. Create ansible_playbooks/vars/nomad_vars.yml based on the sample file. TODO: This is quite specific and probably impossible without more documentation
  4. Run make all
  5. Update your network DNS settings to use the new servers IP addresses