Simplify proxy routing

nomad/metrics/grafana.nomad

@@ -52,8 +52,6 @@ job "grafana" {
 
       tags = [
         "traefik.enable=true",
-        "traefik.http.routers.grafana.entrypoints=web,websecure",
-        "traefik.http.routers.grafana.tls=true",
       ]
     }
 

nomad/metrics/prometheus.nomad

@@ -54,8 +54,6 @@ job "prometheus" {
       // TODO: Remove traefik tags
       tags = [
         "traefik.enable=true",
-        "traefik.http.routers.prometheus.entrypoints=web,websecure",
-        "traefik.http.routers.prometheus.tls=true",
       ]
     }
 

nomad/mysql/adminer.nomad

@@ -1,9 +1,3 @@
-variable "base_hostname" {
-  type = string
-  description = "Base hostname to serve content from"
-  default = "dev.homelab"
-}
-
 job "adminer" {
   datacenters = ["dc1"]
   type = "service"
@@ -21,6 +15,7 @@ job "adminer" {
     }
 
     service {
+      name = "adminer"
       port = "adminer"
 
       connect {
@@ -50,9 +45,6 @@ job "adminer" {
 
       tags = [
         "traefik.enable=true",
-        "traefik.http.routers.adminer.entrypoints=web,websecure",
-        "traefik.http.routers.adminer.rule=Host(`adminer.${var.base_hostname}`)",
-        "traefik.http.routers.adminer.tls=true",
       ]
     }
 

nomad/mysql/mysql.nomad

@@ -15,7 +15,6 @@ job "mysql-server" {
     network {
       mode = "bridge"
       port "db" {
-        static = 3306
         to = 3306
       }
     }
@@ -31,7 +30,18 @@ job "mysql-server" {
       port = "db"
 
       connect {
-        sidecar_service {}
+        sidecar_service {
+          proxy {
+            local_service_port = 3306
+          }
+        }
+
+        sidecar_task {
+          resources {
+            cpu    = 50
+            memory = 50
+          }
+        }
       }
 
       # Can't use a tcp check with bridge network or proxy

nomad/mysql/mysql.tf

@@ -1,9 +1,3 @@
-variable "base_hostname" {
-  type = string
-  description = "Base hostname to serve content from"
-  default = "dev.homelab"
-}
-
 resource "nomad_job" "mysql-server" {
   hcl2 {
     enabled = true
@@ -15,9 +9,6 @@ resource "nomad_job" "mysql-server" {
 resource "nomad_job" "adminer" {
   hcl2 {
     enabled = true
-    vars = {
-      "base_hostname" = "${var.base_hostname}",
-    }
   }
 
   jobspec = file("${path.module}/adminer.nomad")

nomad/nextcloud/nextcloud.nomad

@@ -29,6 +29,7 @@ job "nextcloud" {
     }
 
     service {
+      name = "nextcloud"
       port = "web"
 
       connect {
@@ -57,8 +58,6 @@ job "nextcloud" {
 
       tags = [
         "traefik.enable=true",
-        "traefik.http.routers.nextcloud.entrypoints=web,websecure",
-        "traefik.http.routers.nextcloud.tls=true",
       ]
 
     }

nomad/nextcloud/nextcloud.tf

@@ -1,15 +1,6 @@
-variable "base_hostname" {
-  type = string
-  description = "Base hostname to serve content from"
-  default = "dev.homelab"
-}
-
 resource "nomad_job" "nextcloud" {
   hcl2 {
     enabled = true
-    vars = {
-      "base_hostname" = "${var.base_hostname}",
-    }
   }
 
   jobspec = file("${path.module}/nextcloud.nomad")

nomad/services.tf

@@ -63,8 +63,6 @@ module "metrics" {
 module "nextcloud" {
   source = "./nextcloud"
 
-  base_hostname = var.base_hostname
-
   depends_on = [module.mysql-server]
 }
 

nomad/traefik/traefik.nomad

@@ -51,7 +51,7 @@ job "traefik" {
 
       tags = [
         "traefik.enable=true",
-        "traefik.http.routers.traefik_dashboard.entrypoints=web,websecure",
+        "traefik.http.routers.traefik_dashboard.entryPoints=web,websecure",
         "traefik.http.routers.traefik_dashboard.rule=Host(`traefik.${var.base_hostname}`)",
         "traefik.http.routers.traefik_dashboard.service=api@internal",
         "traefik.http.routers.traefik_dashboard.tls=true",
@@ -63,34 +63,99 @@ job "traefik" {
 
       config {
         image = "traefik:2.6"
-        args = [
-          "--log.level=DEBUG",
-          "--entryPoints.web.address=:80",
-          "--entryPoints.websecure.address=:443",
-          "--entryPoints.websecure.tls=true",
-          "--entrypoints.web.http.redirections.entryPoint.to=websecure",
-          # "--entryPoints.admin.address=:8080",
-          "--accesslog=true",
-          "--api=true",
-          "--api.dashboard=true",
-          # "--metrics=true",
-          # "--metrics.prometheus=true",
-          # "--metrics.prometheus.entryPoint=admin",
-          # "--metrics.prometheus.manualrouting=true",
-          "--ping=true",
-          "--ping.entryPoint=web",
-          "--providers.consulcatalog=true",
-          "--providers.consulcatalog.connectaware=true",
-          "--providers.consulcatalog.connectbydefault=true",
-          "--providers.consulcatalog.exposedbydefault=false",
-          "--providers.consulcatalog.endpoint.address=${var.consul_address}",
-          "--providers.consulcatalog.defaultrule=Host(`{{normalize .Name}}.${var.base_hostname}`)",
-        ]
 
         ports = ["web", "websecure"]
         network_mode = "host"
 
-        volumes = []
+        mount {
+          type = "bind"
+          target = "/etc/traefik"
+          source = "config"
+        }
+      }
+
+      template {
+        # Avoid conflict with TOML lists [[ ]] and Go templates {{ }}
+        left_delimiter = "<<"
+        right_delimiter = ">>"
+        data = <<EOH
+[log]
+  level = "DEBUG"
+
+[entryPoints]
+  [entryPoints.web]
+    address = ":80"
+    [entryPoints.web.http]
+      [entryPoints.web.http.redirections]
+        [entryPoints.web.http.redirections.entrypoint]
+          to = "websecure"
+          scheme = "https"
+
+  [entryPoints.websecure]
+    address = ":443"
+    [entryPoints.websecure.http.tls]
+      # certResolver = "letsEncrypt"
+
+  [entryPoints.metrics]
+    address = ":8989"
+
+[api]
+  dashboard = true
+
+[ping]
+  entrypoint = "web"
+
+[metrics]
+  [metrics.prometheus]
+    entrypoint = "metrics"
+    # manualRouting = true
+
+[providers.file]
+  directory = "/etc/traefik/conf"
+  watch = true
+
+[providers.consulCatalog]
+  connectAware = true
+  connectByDefault = true
+  exposedByDefault = false
+  defaultRule = "Host(`{{normalize .Name}}.${var.base_hostname}`)"
+  [providers.consulCatalog.endpoint]
+    address = "http://<< env "CONSUL_HTTP_ADDR" >>"
+        EOH
+        destination = "/config/traefik.toml"
+      }
+
+      template {
+        # Avoid conflict with TOML lists [[ ]] and Go templates {{ }}
+        left_delimiter = "<<"
+        right_delimiter = ">>"
+        data = <<EOH
+[http]
+  [http.routers]
+    [http.routers.nomad]
+      entryPoints = ["web", "websecure"]
+      # middlewares = []
+      service = "nomad"
+      rule = "Host(`nomad.${var.base_hostname}`)"
+    [http.routers.consul]
+      entryPoints = ["web", "websecure"]
+      # middlewares = []
+      service = "consul"
+      rule = "Host(`consul.${var.base_hostname}`)"
+
+  [http.services]
+    [http.services.nomad]
+      [http.services.nomad.loadBalancer]
+        [[http.services.nomad.loadBalancer.servers]]
+          url = "http://<< env "NOMAD_IP_web" >>:4646"
+    [http.services.consul]
+      [http.services.consul.loadBalancer]
+        [[http.services.consul.loadBalancer.servers]]
+          url = "http://<< env "NOMAD_IP_web" >>:8500"
+      
+        EOH
+        destination = "/config/conf/route-hashi.toml"
+        change_mode = "noop"
       }
 
       resources {

nomad/whoami.nomad

@@ -1,9 +1,3 @@
-variable "base_hostname" {
-  type = string
-  description = "Base hostname to serve content from"
-  default = "dev.homelab"
-}
-
 variable "count" {
   type = number
   default = 2
@@ -55,8 +49,6 @@ job "whoami" {
 
       tags = [
         "traefik.enable=true",
-        "traefik.http.routers.whoami.entrypoints=web,websecure",
-        "traefik.http.routers.whoami.tls=true",
       ]
     }