From 7493fb27ecc35c3aef440558ec406ef21b8dafe9 Mon Sep 17 00:00:00 2001 From: Ian Fijolek Date: Thu, 27 Oct 2022 14:28:34 -0700 Subject: [PATCH] Big refactor to split core and services for better ordering --- .secrets-baseline | 22 +- nomad/ansible_hosts.yml | 10 +- nomad/bootstrap-values.yml | 2 +- nomad/core.tf | 132 +----------- nomad/core/.terraform.lock.hcl | 59 +++++ .../blocky}/.terraform.lock.hcl | 0 nomad/{ => core}/blocky/blocky.nomad | 0 nomad/{ => core}/blocky/blocky.tf | 0 nomad/{ => core}/blocky/config.yml | 0 nomad/{ => core}/ddclient.nomad | 0 nomad/{ => core}/lldap.nomad | 0 nomad/{ => core}/loki-config.yml | 0 nomad/core/main.tf | 134 ++++++++++++ nomad/{ => core}/metrics/.terraform.lock.hcl | 0 nomad/{ => core}/metrics/exporters.nomad | 0 nomad/{ => core}/metrics/grafana.nomad | 0 nomad/{ => core}/metrics/grafana/grafana.ini | 0 .../dashboards/default/minitor-monitor.json | 0 .../dashboards/default/nomad.json | 0 .../default/prometheus-stats-2-r2.json | 0 .../dashboards/default/traefik-2.json | 0 .../dashboards/default/traefik.json | 0 .../grafana/provisioning/dashboards/main.yml | 0 .../grafana/provisioning/datasources/loki.yml | 0 .../provisioning/datasources/prometheus.yml | 0 .../grafana/provisioning/notifiers/main.yml | 0 .../grafana/provisioning/notifiers/slack.yml | 0 nomad/{ => core}/metrics/metrics.tf | 0 nomad/{ => core}/metrics/prometheus.nomad | 0 nomad/{ => core}/syslogng.nomad | 0 nomad/{ => core}/traefik/.terraform.lock.hcl | 0 nomad/{ => core}/traefik/traefik.nomad | 0 nomad/{ => core}/traefik/traefik.tf | 0 nomad/core/vars.tf | 5 + nomad/databases/.terraform.lock.hcl | 40 ++++ nomad/media/.terraform.lock.hcl | 20 -- nomad/mysql/.terraform.lock.hcl | 38 ---- nomad/service.nomad | 12 ++ nomad/services.tf | 86 +------- nomad/services/.terraform.lock.hcl | 40 ++++ .../backups}/.terraform.lock.hcl | 28 +-- nomad/{ => services}/backups/backup.nomad | 16 ++ nomad/{ => services}/backups/backups.tf | 11 +- nomad/{ => services}/backups/jobs/consul.hcl | 0 nomad/{ => services}/backups/jobs/lldap.hcl | 0 .../{ => services}/backups/jobs/nextcloud.hcl | 0 nomad/services/backups/jobs/nzbget.hcl | 21 ++ nomad/services/backups/jobs/sonarr.hcl | 27 +++ nomad/services/ip-dvr.nomad | 201 ++++++++++++++++++ nomad/services/main.tf | 139 ++++++++++++ .../media}/.terraform.lock.hcl | 1 + nomad/{ => services}/media/caddy.nomad | 0 nomad/{ => services}/media/media.tf | 0 .../nextcloud}/.terraform.lock.hcl | 1 + .../nextcloud/nextcloud-backup.hcl | 0 .../{ => services}/nextcloud/nextcloud.nomad | 0 nomad/{ => services}/nextcloud/nextcloud.tf | 0 nomad/{ => services}/whoami.nomad | 0 nomad/setup-cluster.yml | 58 +++-- nomad/vault-kv.tf | 5 - 60 files changed, 786 insertions(+), 322 deletions(-) create mode 100644 nomad/core/.terraform.lock.hcl rename nomad/{backups => core/blocky}/.terraform.lock.hcl (100%) rename nomad/{ => core}/blocky/blocky.nomad (100%) rename nomad/{ => core}/blocky/blocky.tf (100%) rename nomad/{ => core}/blocky/config.yml (100%) rename nomad/{ => core}/ddclient.nomad (100%) rename nomad/{ => core}/lldap.nomad (100%) rename nomad/{ => core}/loki-config.yml (100%) create mode 100644 nomad/core/main.tf rename nomad/{ => core}/metrics/.terraform.lock.hcl (100%) rename nomad/{ => core}/metrics/exporters.nomad (100%) rename nomad/{ => core}/metrics/grafana.nomad (100%) rename nomad/{ => core}/metrics/grafana/grafana.ini (100%) rename nomad/{ => core}/metrics/grafana/provisioning/dashboards/default/minitor-monitor.json (100%) rename nomad/{ => core}/metrics/grafana/provisioning/dashboards/default/nomad.json (100%) rename nomad/{ => core}/metrics/grafana/provisioning/dashboards/default/prometheus-stats-2-r2.json (100%) rename nomad/{ => core}/metrics/grafana/provisioning/dashboards/default/traefik-2.json (100%) rename nomad/{ => core}/metrics/grafana/provisioning/dashboards/default/traefik.json (100%) rename nomad/{ => core}/metrics/grafana/provisioning/dashboards/main.yml (100%) rename nomad/{ => core}/metrics/grafana/provisioning/datasources/loki.yml (100%) rename nomad/{ => core}/metrics/grafana/provisioning/datasources/prometheus.yml (100%) rename nomad/{ => core}/metrics/grafana/provisioning/notifiers/main.yml (100%) rename nomad/{ => core}/metrics/grafana/provisioning/notifiers/slack.yml (100%) rename nomad/{ => core}/metrics/metrics.tf (100%) rename nomad/{ => core}/metrics/prometheus.nomad (100%) rename nomad/{ => core}/syslogng.nomad (100%) rename nomad/{ => core}/traefik/.terraform.lock.hcl (100%) rename nomad/{ => core}/traefik/traefik.nomad (100%) rename nomad/{ => core}/traefik/traefik.tf (100%) create mode 100644 nomad/core/vars.tf create mode 100644 nomad/databases/.terraform.lock.hcl delete mode 100644 nomad/media/.terraform.lock.hcl delete mode 100644 nomad/mysql/.terraform.lock.hcl create mode 100644 nomad/services/.terraform.lock.hcl rename nomad/{redis => services/backups}/.terraform.lock.hcl (52%) rename nomad/{ => services}/backups/backup.nomad (92%) rename nomad/{ => services}/backups/backups.tf (58%) rename nomad/{ => services}/backups/jobs/consul.hcl (100%) rename nomad/{ => services}/backups/jobs/lldap.hcl (100%) rename nomad/{ => services}/backups/jobs/nextcloud.hcl (100%) create mode 100644 nomad/services/backups/jobs/nzbget.hcl create mode 100644 nomad/services/backups/jobs/sonarr.hcl create mode 100644 nomad/services/ip-dvr.nomad create mode 100644 nomad/services/main.tf rename nomad/{nextcloud => services/media}/.terraform.lock.hcl (95%) rename nomad/{ => services}/media/caddy.nomad (100%) rename nomad/{ => services}/media/media.tf (100%) rename nomad/{blocky => services/nextcloud}/.terraform.lock.hcl (95%) rename nomad/{ => services}/nextcloud/nextcloud-backup.hcl (100%) rename nomad/{ => services}/nextcloud/nextcloud.nomad (100%) rename nomad/{ => services}/nextcloud/nextcloud.tf (100%) rename nomad/{ => services}/whoami.nomad (100%) delete mode 100644 nomad/vault-kv.tf diff --git a/.secrets-baseline b/.secrets-baseline index fc3063a..f5bbf61 100644 --- a/.secrets-baseline +++ b/.secrets-baseline @@ -115,10 +115,10 @@ } ], "results": { - "nomad/metrics/grafana/grafana.ini": [ + "nomad/core/metrics/grafana/grafana.ini": [ { "type": "Basic Auth Credentials", - "filename": "nomad/metrics/grafana/grafana.ini", + "filename": "nomad/core/metrics/grafana/grafana.ini", "hashed_secret": "e5e9fa1ba31ecd1ae84f75caaa474f3a663f05f4", "is_verified": false, "line_number": 78, @@ -126,7 +126,7 @@ }, { "type": "Secret Keyword", - "filename": "nomad/metrics/grafana/grafana.ini", + "filename": "nomad/core/metrics/grafana/grafana.ini", "hashed_secret": "55ebda65c08313526e7ba08ad733e5ebea9900bd", "is_verified": false, "line_number": 109, @@ -134,7 +134,7 @@ }, { "type": "Secret Keyword", - "filename": "nomad/metrics/grafana/grafana.ini", + "filename": "nomad/core/metrics/grafana/grafana.ini", "hashed_secret": "d033e22ae348aeb5660fc2140aec35850c4da997", "is_verified": false, "line_number": 151, @@ -142,7 +142,7 @@ }, { "type": "Secret Keyword", - "filename": "nomad/metrics/grafana/grafana.ini", + "filename": "nomad/core/metrics/grafana/grafana.ini", "hashed_secret": "10bea62ff1e1a7540dc7a6bc10f5fa992349023f", "is_verified": false, "line_number": 154, @@ -150,7 +150,7 @@ }, { "type": "Secret Keyword", - "filename": "nomad/metrics/grafana/grafana.ini", + "filename": "nomad/core/metrics/grafana/grafana.ini", "hashed_secret": "5718bce97710e6be87ea160b36eaefb5032857d3", "is_verified": false, "line_number": 239, @@ -158,17 +158,17 @@ }, { "type": "Secret Keyword", - "filename": "nomad/metrics/grafana/grafana.ini", + "filename": "nomad/core/metrics/grafana/grafana.ini", "hashed_secret": "10aed9d7ebef778a9b3033dba3f7813b639e0d50", "is_verified": false, "line_number": 252, "is_secret": false } ], - "nomad/syslogng.nomad": [ + "nomad/core/syslogng.nomad": [ { "type": "Base64 High Entropy String", - "filename": "nomad/syslogng.nomad", + "filename": "nomad/core/syslogng.nomad", "hashed_secret": "298b5925fe7c7458cb8a12a74621fdedafea5ad6", "is_verified": false, "line_number": 159, @@ -176,7 +176,7 @@ }, { "type": "Base64 High Entropy String", - "filename": "nomad/syslogng.nomad", + "filename": "nomad/core/syslogng.nomad", "hashed_secret": "3a1cec2d3c3de7e4da4d99c6731ca696c24b72b4", "is_verified": false, "line_number": 159, @@ -210,5 +210,5 @@ } ] }, - "generated_at": "2022-09-05T03:20:56Z" + "generated_at": "2022-10-27T21:28:03Z" } diff --git a/nomad/ansible_hosts.yml b/nomad/ansible_hosts.yml index 267e3ac..1a320d8 100644 --- a/nomad/ansible_hosts.yml +++ b/nomad/ansible_hosts.yml @@ -35,8 +35,14 @@ all: group: "bin" mode: "0755" read_only: false - - name: authentik-data - path: /srv/volumes/gitea + - name: sonarr-data + path: /srv/volumes/sonarr + owner: "root" + group: "bin" + mode: "0755" + read_only: false + - name: nzbget-data + path: /srv/volumes/nzbget owner: "root" group: "bin" mode: "0755" diff --git a/nomad/bootstrap-values.yml b/nomad/bootstrap-values.yml index 1143c85..1a3237c 100644 --- a/nomad/bootstrap-values.yml +++ b/nomad/bootstrap-values.yml @@ -68,7 +68,7 @@ "{{ item.value }}" loop: "{{ hashi_vault_values | default({}) | dict2items }}" retries: 2 - delay: 5 + delay: 10 - name: Write userpass no_log: true diff --git a/nomad/core.tf b/nomad/core.tf index 7eb8f0b..3d47af9 100644 --- a/nomad/core.tf +++ b/nomad/core.tf @@ -2,133 +2,11 @@ module "databases" { source = "./databases" } -module "blocky" { - source = "./blocky" +module "core" { + source = "./core" base_hostname = var.base_hostname - depends_on = [module.databases] -} - -module "traefik" { - source = "./traefik" - - base_hostname = var.base_hostname -} - -module "nomad_login" { - source = "./levant" - - template_path = "service.nomad" - variables = { - name = "nomad-login" - image = "iamthefij/nomad-vault-login" - service_port = 5000 - ingress = true - ingress_rule = "Host(`nomad.thefij.rocks`) && PathPrefix(`/login`)" - env = jsonencode({ - VAULT_ADDR = "http://$${attr.unique.network.ip-address}:8200", - }) - } -} - -module "metrics" { - source = "./metrics" -} - -module "loki" { - source = "./levant" - - template_path = "service.nomad" - variables = { - name = "loki" - image = "grafana/loki:2.2.1" - service_port = 3100 - ingress = true - sticky_disk = true - healthcheck = "/ready" - templates = jsonencode([ - { - data = file("./loki-config.yml") - dest = "/etc/loki/local-config.yaml" - } - ]) - } -} - -resource "consul_config_entry" "loki_intent" { - name = "loki" - kind = "service-intentions" - - config_json = jsonencode({ - Sources = [ - { - Action = "allow" - Name = "grafana" - Precedence = 9 - Type = "consul" - }, - { - Action = "allow" - Name = "promtail" - Precedence = 9 - Type = "consul" - }, - { - Action = "allow" - Name = "syslogng-promtail" - Precedence = 9 - Type = "consul" - }, - ] - }) -} - -resource "nomad_job" "syslog-ng" { - jobspec = file("${path.module}/syslogng.nomad") -} - -resource "nomad_job" "ddclient" { - jobspec = file("${path.module}/ddclient.nomad") -} - -resource "nomad_job" "lldap" { - jobspec = file("${path.module}/lldap.nomad") -} - -resource "consul_config_entry" "syslogng_promtail_intent" { - name = "syslogng-promtail" - kind = "service-intentions" - - config_json = jsonencode({ - Sources = [ - { - Action = "allow" - Name = "syslogng" - Precedence = 9 - Type = "consul" - }, - ] - }) -} - -resource "consul_config_entry" "global_access" { - name = "*" - kind = "service-intentions" - - config_json = jsonencode({ - Sources = [ - { - Action = "allow" - Name = "traefik" - Precedence = 6 - Type = "consul" - }, - { - Action = "deny" - Name = "*" - Precedence = 5 - Type = "consul" - }, - ] - }) + + # Metrics and Blocky depend on databases + depends_on = [module.databases] } diff --git a/nomad/core/.terraform.lock.hcl b/nomad/core/.terraform.lock.hcl new file mode 100644 index 0000000..d9f93d1 --- /dev/null +++ b/nomad/core/.terraform.lock.hcl @@ -0,0 +1,59 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/consul" { + version = "2.16.2" + hashes = [ + "h1:epldE7sZPBTQHnWEA4WlNJIOVT1UEX+/02SMg5nniaE=", + "zh:0a2e11ca2ba650954951a087a1daec95eee2f3000456b295409a9880c4a10b1a", + "zh:34f6bda06a0d1c213fa8d87d4313687681e67bc8c40c4cbaa7dbe59ce24a4f7e", + "zh:5b85cf93db11ee890f720c317a38158927071feb634855786a0c0cd65825a43c", + "zh:75ef915f3d087e6045751a66fbb7066a852a0944ec8c97200d1134dd84df7ffc", + "zh:8a4a95697bd91ad51a581c12fe50ac61a114afba27895d027f77ac4154a7ea15", + "zh:973d538c8d72793861a1ac9718249a9493f417a2b5096846367560054fd843b9", + "zh:9feb2bdc06fdc2d8370cc9aad9a0c69e7e5ae38aac43f315c3f57507c57be030", + "zh:c5709672d0afecbbe298bf519741ebcb9d04f02a73b5ee0c186dfa241aa5a524", + "zh:c65c60570de6da7190e1e7762577655a463caeb59bc5d38e33034821ed0cbcb9", + "zh:c958d6282650fc472aade61d5df4300936033f43cfb898293ef86aceccdfdf1d", + "zh:cdd3632c81e1d11d3becd193aaa061688840f39147950c45c4301d042743ae6a", + "zh:f3d3efac504c9484a025beb919d22b290aa6dbff256f6e86c1f8ce7817e077e5", + ] +} + +provider "registry.terraform.io/hashicorp/external" { + version = "2.2.2" + hashes = [ + "h1:e7RpnZ2PbJEEPnfsg7V0FNwbfSk0/Z3FdrLsXINBmDY=", + "zh:0b84ab0af2e28606e9c0c1289343949339221c3ab126616b831ddb5aaef5f5ca", + "zh:10cf5c9b9524ca2e4302bf02368dc6aac29fb50aeaa6f7758cce9aa36ae87a28", + "zh:56a016ee871c8501acb3f2ee3b51592ad7c3871a1757b098838349b17762ba6b", + "zh:719d6ef39c50e4cffc67aa67d74d195adaf42afcf62beab132dafdb500347d39", + "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", + "zh:7fbfc4d37435ac2f717b0316f872f558f608596b389b895fcb549f118462d327", + "zh:8ac71408204db606ce63fe8f9aeaf1ddc7751d57d586ec421e62d440c402e955", + "zh:a4cacdb06f114454b6ed0033add28006afa3f65a0ea7a43befe45fc82e6809fb", + "zh:bb5ce3132b52ae32b6cc005bc9f7627b95259b9ffe556de4dad60d47d47f21f0", + "zh:bb60d2976f125ffd232a7ccb4b3f81e7109578b23c9c6179f13a11d125dca82a", + "zh:f9540ecd2e056d6e71b9ea5f5a5cf8f63dd5c25394b9db831083a9d4ea99b372", + "zh:ffd998b55b8a64d4335a090b6956b4bf8855b290f7554dd38db3302de9c41809", + ] +} + +provider "registry.terraform.io/hashicorp/nomad" { + version = "1.4.19" + hashes = [ + "h1:EdBny2gaLr/IE+l+6csyCKeIGFMYZ/4tHKpcbS7ArgE=", + "zh:2f3ceeb3318a6304026035b0ac9ee3e52df04913bb9ee78827e58c5398b41254", + "zh:3fbe76c7d957d20dfe3c8c0528b33084651f22a95be9e0452b658e0922916e2a", + "zh:595671a05828cfe6c42ef73aac894ac39f81a52cc662a76f37eb74ebe04ddf75", + "zh:5d76e8788d2af3e60daf8076babf763ec887480bbb9734baccccd8fcddf4f03e", + "zh:676985afeaca6e67b22d60d43fd0ed7055763029ffebc3026089fe2fd3b4a288", + "zh:69152ce6164ac999a640cff962ece45208270e1ac37c10dac484eeea5cf47275", + "zh:6da0b15c05b81f947ec8e139bd81eeeb05c0d36eb5a967b985d0625c60998b40", + "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", + "zh:822c0a3bbada5e38099a379db8b2e339526843699627c3be3664cc3b3752bab7", + "zh:af23af2f98a84695b25c8eba7028a81ad4aad63c44aefb79e01bbe2dc82e7f78", + "zh:e36cac9960b7506d92925b667254322520966b9c3feb3ca6102e57a1fb9b1761", + "zh:ffd1e096c1cc35de879c740a91918e9f06b627818a3cb4b1d87b829b54a6985f", + ] +} diff --git a/nomad/backups/.terraform.lock.hcl b/nomad/core/blocky/.terraform.lock.hcl similarity index 100% rename from nomad/backups/.terraform.lock.hcl rename to nomad/core/blocky/.terraform.lock.hcl diff --git a/nomad/blocky/blocky.nomad b/nomad/core/blocky/blocky.nomad similarity index 100% rename from nomad/blocky/blocky.nomad rename to nomad/core/blocky/blocky.nomad diff --git a/nomad/blocky/blocky.tf b/nomad/core/blocky/blocky.tf similarity index 100% rename from nomad/blocky/blocky.tf rename to nomad/core/blocky/blocky.tf diff --git a/nomad/blocky/config.yml b/nomad/core/blocky/config.yml similarity index 100% rename from nomad/blocky/config.yml rename to nomad/core/blocky/config.yml diff --git a/nomad/ddclient.nomad b/nomad/core/ddclient.nomad similarity index 100% rename from nomad/ddclient.nomad rename to nomad/core/ddclient.nomad diff --git a/nomad/lldap.nomad b/nomad/core/lldap.nomad similarity index 100% rename from nomad/lldap.nomad rename to nomad/core/lldap.nomad diff --git a/nomad/loki-config.yml b/nomad/core/loki-config.yml similarity index 100% rename from nomad/loki-config.yml rename to nomad/core/loki-config.yml diff --git a/nomad/core/main.tf b/nomad/core/main.tf new file mode 100644 index 0000000..a78a4ce --- /dev/null +++ b/nomad/core/main.tf @@ -0,0 +1,134 @@ + +module "blocky" { + source = "./blocky" + + base_hostname = var.base_hostname + # Not in this module + # depends_on = [module.databases] +} + +module "traefik" { + source = "./traefik" + + base_hostname = var.base_hostname +} + +module "nomad_login" { + source = "../levant" + + template_path = "service.nomad" + variables = { + name = "nomad-login" + image = "iamthefij/nomad-vault-login" + service_port = 5000 + ingress = true + ingress_rule = "Host(`nomad.thefij.rocks`) && PathPrefix(`/login`)" + env = jsonencode({ + VAULT_ADDR = "http://$${attr.unique.network.ip-address}:8200", + }) + } +} + +module "metrics" { + source = "./metrics" + # Not in this module + # depends_on = [module.databases] +} + +module "loki" { + source = "../levant" + + template_path = "service.nomad" + variables = { + name = "loki" + image = "grafana/loki:2.2.1" + service_port = 3100 + ingress = true + sticky_disk = true + healthcheck = "/ready" + templates = jsonencode([ + { + data = file("${path.module}/loki-config.yml") + dest = "/etc/loki/local-config.yaml" + } + ]) + } +} + +resource "consul_config_entry" "loki_intent" { + name = "loki" + kind = "service-intentions" + + config_json = jsonencode({ + Sources = [ + { + Action = "allow" + Name = "grafana" + Precedence = 9 + Type = "consul" + }, + { + Action = "allow" + Name = "promtail" + Precedence = 9 + Type = "consul" + }, + { + Action = "allow" + Name = "syslogng-promtail" + Precedence = 9 + Type = "consul" + }, + ] + }) +} + +resource "nomad_job" "syslog-ng" { + jobspec = file("${path.module}/syslogng.nomad") +} + +resource "nomad_job" "ddclient" { + jobspec = file("${path.module}/ddclient.nomad") +} + +resource "nomad_job" "lldap" { + jobspec = file("${path.module}/lldap.nomad") +} + +resource "consul_config_entry" "syslogng_promtail_intent" { + name = "syslogng-promtail" + kind = "service-intentions" + + config_json = jsonencode({ + Sources = [ + { + Action = "allow" + Name = "syslogng" + Precedence = 9 + Type = "consul" + }, + ] + }) +} + +resource "consul_config_entry" "global_access" { + name = "*" + kind = "service-intentions" + + config_json = jsonencode({ + Sources = [ + { + Action = "allow" + Name = "traefik" + Precedence = 6 + Type = "consul" + }, + { + Action = "deny" + Name = "*" + Precedence = 5 + Type = "consul" + }, + ] + }) +} diff --git a/nomad/metrics/.terraform.lock.hcl b/nomad/core/metrics/.terraform.lock.hcl similarity index 100% rename from nomad/metrics/.terraform.lock.hcl rename to nomad/core/metrics/.terraform.lock.hcl diff --git a/nomad/metrics/exporters.nomad b/nomad/core/metrics/exporters.nomad similarity index 100% rename from nomad/metrics/exporters.nomad rename to nomad/core/metrics/exporters.nomad diff --git a/nomad/metrics/grafana.nomad b/nomad/core/metrics/grafana.nomad similarity index 100% rename from nomad/metrics/grafana.nomad rename to nomad/core/metrics/grafana.nomad diff --git a/nomad/metrics/grafana/grafana.ini b/nomad/core/metrics/grafana/grafana.ini similarity index 100% rename from nomad/metrics/grafana/grafana.ini rename to nomad/core/metrics/grafana/grafana.ini diff --git a/nomad/metrics/grafana/provisioning/dashboards/default/minitor-monitor.json b/nomad/core/metrics/grafana/provisioning/dashboards/default/minitor-monitor.json similarity index 100% rename from nomad/metrics/grafana/provisioning/dashboards/default/minitor-monitor.json rename to nomad/core/metrics/grafana/provisioning/dashboards/default/minitor-monitor.json diff --git a/nomad/metrics/grafana/provisioning/dashboards/default/nomad.json b/nomad/core/metrics/grafana/provisioning/dashboards/default/nomad.json similarity index 100% rename from nomad/metrics/grafana/provisioning/dashboards/default/nomad.json rename to nomad/core/metrics/grafana/provisioning/dashboards/default/nomad.json diff --git a/nomad/metrics/grafana/provisioning/dashboards/default/prometheus-stats-2-r2.json b/nomad/core/metrics/grafana/provisioning/dashboards/default/prometheus-stats-2-r2.json similarity index 100% rename from nomad/metrics/grafana/provisioning/dashboards/default/prometheus-stats-2-r2.json rename to nomad/core/metrics/grafana/provisioning/dashboards/default/prometheus-stats-2-r2.json diff --git a/nomad/metrics/grafana/provisioning/dashboards/default/traefik-2.json b/nomad/core/metrics/grafana/provisioning/dashboards/default/traefik-2.json similarity index 100% rename from nomad/metrics/grafana/provisioning/dashboards/default/traefik-2.json rename to nomad/core/metrics/grafana/provisioning/dashboards/default/traefik-2.json diff --git a/nomad/metrics/grafana/provisioning/dashboards/default/traefik.json b/nomad/core/metrics/grafana/provisioning/dashboards/default/traefik.json similarity index 100% rename from nomad/metrics/grafana/provisioning/dashboards/default/traefik.json rename to nomad/core/metrics/grafana/provisioning/dashboards/default/traefik.json diff --git a/nomad/metrics/grafana/provisioning/dashboards/main.yml b/nomad/core/metrics/grafana/provisioning/dashboards/main.yml similarity index 100% rename from nomad/metrics/grafana/provisioning/dashboards/main.yml rename to nomad/core/metrics/grafana/provisioning/dashboards/main.yml diff --git a/nomad/metrics/grafana/provisioning/datasources/loki.yml b/nomad/core/metrics/grafana/provisioning/datasources/loki.yml similarity index 100% rename from nomad/metrics/grafana/provisioning/datasources/loki.yml rename to nomad/core/metrics/grafana/provisioning/datasources/loki.yml diff --git a/nomad/metrics/grafana/provisioning/datasources/prometheus.yml b/nomad/core/metrics/grafana/provisioning/datasources/prometheus.yml similarity index 100% rename from nomad/metrics/grafana/provisioning/datasources/prometheus.yml rename to nomad/core/metrics/grafana/provisioning/datasources/prometheus.yml diff --git a/nomad/metrics/grafana/provisioning/notifiers/main.yml b/nomad/core/metrics/grafana/provisioning/notifiers/main.yml similarity index 100% rename from nomad/metrics/grafana/provisioning/notifiers/main.yml rename to nomad/core/metrics/grafana/provisioning/notifiers/main.yml diff --git a/nomad/metrics/grafana/provisioning/notifiers/slack.yml b/nomad/core/metrics/grafana/provisioning/notifiers/slack.yml similarity index 100% rename from nomad/metrics/grafana/provisioning/notifiers/slack.yml rename to nomad/core/metrics/grafana/provisioning/notifiers/slack.yml diff --git a/nomad/metrics/metrics.tf b/nomad/core/metrics/metrics.tf similarity index 100% rename from nomad/metrics/metrics.tf rename to nomad/core/metrics/metrics.tf diff --git a/nomad/metrics/prometheus.nomad b/nomad/core/metrics/prometheus.nomad similarity index 100% rename from nomad/metrics/prometheus.nomad rename to nomad/core/metrics/prometheus.nomad diff --git a/nomad/syslogng.nomad b/nomad/core/syslogng.nomad similarity index 100% rename from nomad/syslogng.nomad rename to nomad/core/syslogng.nomad diff --git a/nomad/traefik/.terraform.lock.hcl b/nomad/core/traefik/.terraform.lock.hcl similarity index 100% rename from nomad/traefik/.terraform.lock.hcl rename to nomad/core/traefik/.terraform.lock.hcl diff --git a/nomad/traefik/traefik.nomad b/nomad/core/traefik/traefik.nomad similarity index 100% rename from nomad/traefik/traefik.nomad rename to nomad/core/traefik/traefik.nomad diff --git a/nomad/traefik/traefik.tf b/nomad/core/traefik/traefik.tf similarity index 100% rename from nomad/traefik/traefik.tf rename to nomad/core/traefik/traefik.tf diff --git a/nomad/core/vars.tf b/nomad/core/vars.tf new file mode 100644 index 0000000..25f4421 --- /dev/null +++ b/nomad/core/vars.tf @@ -0,0 +1,5 @@ +variable "base_hostname" { + type = string + description = "Base hostname to serve content from" + default = "dev.homelab" +} diff --git a/nomad/databases/.terraform.lock.hcl b/nomad/databases/.terraform.lock.hcl new file mode 100644 index 0000000..c6f6ebf --- /dev/null +++ b/nomad/databases/.terraform.lock.hcl @@ -0,0 +1,40 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/consul" { + version = "2.15.1" + hashes = [ + "h1:PexyQBRLDA+SR+sWlzYBZswry5O5h/tTfj87CaECtLc=", + "zh:1806830a3cf103e65e772a7d28fd4df2788c29a029fb2def1326bc777ad107ed", + "zh:252be544fb4c9daf09cad7d3776daf5fa66b62740d3ea9d6d499a7b1697c3433", + "zh:50985fe02a8e5ae47c75d7c28c911b25d7dc4716cff2ed55ca05889ab77a1f73", + "zh:54cf0ec90538703c66937c77e8d72a38d5af47437eb0b8b55eb5836c5d288878", + "zh:704f536c621337e06fffef6d5f49ac81f52d249f937250527c12884cb83aefed", + "zh:896d8ef6d0b555299f124eb25bce8a17d735da14ef21f07582098d301f47da30", + "zh:976277a85b0a0baafe267cc494f766448d1da5b6936ddcb3ce393bd4d22f08d2", + "zh:c7faa9a2b11bc45833a3e8e340f22f1ecf01597eaeffa7669234b4549d7dfa85", + "zh:caf851ef9c8ce482864badf7058f9278d4537112fa236efd8f1a9315801d9061", + "zh:db203435d58b0ac842540861b3307a623423275d85754c171773f3b210ae5b24", + "zh:f3d3efac504c9484a025beb919d22b290aa6dbff256f6e86c1f8ce7817e077e5", + "zh:f710a37190429045d109edd35de69db3b5f619919c2fa04c77a3a639fea9fd7d", + ] +} + +provider "registry.terraform.io/hashicorp/nomad" { + version = "1.4.17" + hashes = [ + "h1:iPylWr144mqXvM8NBVMTm+MS6JRhqIihlpJG91GYDyA=", + "zh:146f97eacd9a0c78b357a6cfd2cb12765d4b18e9660a75500ee3e748c6eba41a", + "zh:2eb89a6e5cee9aea03a96ea9f141096fe3baf219b2700ce30229d2d882f5015f", + "zh:3d0f971f79b615c1014c75e2f99f34bd4b4da542ca9f31d5ea7fadc4e9de39c1", + "zh:46099a750c752ce05aa14d663a86478a5ad66d95aff3d69367f1d3628aac7792", + "zh:71e56006b013dcfe1e4e059b2b07148b44fcd79351ae2c357e0d97e27ae0d916", + "zh:74febd25d776688f0558178c2f5a0e6818bbf4cdaa2e160d7049da04103940f0", + "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", + "zh:af18c064a5f0dd5422d6771939274841f635b619ab392c73d5bf9720945fdb85", + "zh:c133d7a862079da9f06e301c530eacbd70e9288fa2276ec0704df907270ee328", + "zh:c894cf98d239b9f5a4b7cde9f5c836face0b5b93099048ee817b0380ea439c65", + "zh:c918642870f0cafdbe4d7dd07c909701fc3ddb47cac8357bdcde1327bf78c11d", + "zh:f8f5655099a57b4b9c0018a2d49133771e24c7ff8262efb1ceb140fd224aa9b6", + ] +} diff --git a/nomad/media/.terraform.lock.hcl b/nomad/media/.terraform.lock.hcl deleted file mode 100644 index 4a078a2..0000000 --- a/nomad/media/.terraform.lock.hcl +++ /dev/null @@ -1,20 +0,0 @@ -# This file is maintained automatically by "terraform init". -# Manual edits may be lost in future updates. - -provider "registry.terraform.io/hashicorp/nomad" { - version = "1.4.16" - hashes = [ - "h1:tyfjD/maKzb0RxxD9KWgLnkJu9lnYziYsQgGw85Giz8=", - "zh:0d4fbb7030d9caac3b123e60afa44f50c83cc2a983e1866aec7f30414abe7b0e", - "zh:0db080228e07c72d6d8ca8c45249d6f97cd0189fce82a77abbdcd49a52e57572", - "zh:0df88393271078533a217654b96f0672c60eb59570d72e6aefcb839eea87a7a0", - "zh:2883b335bb6044b0db6a00e602d6926c047c7f330294a73a90d089f98b24d084", - "zh:390158d928009a041b3a182bdd82376b50530805ae92be2b84ed7c3b0fa902a0", - "zh:7169b8f8df4b8e9659c49043848fd5f7f8473d0471f67815e8b04980f827f5ef", - "zh:9417ee1383b1edd137024882d7035be4dca51fb4f725ca00ed87729086ec1755", - "zh:a22910b5a29eeab5610350700b4899267c1b09b66cf21f7e4d06afc61d425800", - "zh:a6185c9cd7aa458cd81861058ba568b6411fbac344373a20155e20256f4a7557", - "zh:b6260ca9f034df1b47905b4e2a9c33b67dbf77224a694d5b10fb09ae92ffad4c", - "zh:d87c12a6a7768f2b6c2a59495c7dc00f9ecc52b1b868331d4c284f791e278a1e", - ] -} diff --git a/nomad/mysql/.terraform.lock.hcl b/nomad/mysql/.terraform.lock.hcl deleted file mode 100644 index 027dbaa..0000000 --- a/nomad/mysql/.terraform.lock.hcl +++ /dev/null @@ -1,38 +0,0 @@ -# This file is maintained automatically by "terraform init". -# Manual edits may be lost in future updates. - -provider "registry.terraform.io/hashicorp/consul" { - version = "2.15.0" - hashes = [ - "h1:o+Su3YqeOkHgf86GEArIVDZfaZQphYFjAOwpi/b0bzs=", - "zh:0bd2a9873099d89bd52e9eee623dd20ccb275d1e2f750da229a53a4d5b23450c", - "zh:1c9f87d4d97b2c61d006c0bef159d61d2a661a103025f8276ebbeb000129f931", - "zh:25b73a34115255c464be10a53f2510c4a1db958a71be31974d30654d5472e624", - "zh:32fa31329731db2bf4b7d0f09096416ca146f05b58f4482bbd4ee0f28cefbbcc", - "zh:59136b73d3abe7cc5b06d9e12d123ad21298ca86ed49a4060a3cd7c2a28a74a1", - "zh:a191f3210773ca25c543a92f2d392b85e6a053d596293655b1f25b33eb843b4c", - "zh:b8b6033cf0687eadc1099f11d9fb2ca9429ff40c2d85bd6cb047c0f6bc5d5d8d", - "zh:bb7d67ed28aa9b28fc5154161af003383f940b2beda0d4577857cad700f39cd1", - "zh:be615288f59327b975532a1999deab60a022e6819fe80e5a32526155210ecbba", - "zh:de1e3d5c34eef87eb301e74717754babb6dc8e19e3a964919e1165c5a076a719", - "zh:eb8c61b20d8ce2bfff9f735ca8456a0d6368af13aa1f43866f61c70f88cc491c", - ] -} - -provider "registry.terraform.io/hashicorp/nomad" { - version = "1.4.16" - hashes = [ - "h1:tyfjD/maKzb0RxxD9KWgLnkJu9lnYziYsQgGw85Giz8=", - "zh:0d4fbb7030d9caac3b123e60afa44f50c83cc2a983e1866aec7f30414abe7b0e", - "zh:0db080228e07c72d6d8ca8c45249d6f97cd0189fce82a77abbdcd49a52e57572", - "zh:0df88393271078533a217654b96f0672c60eb59570d72e6aefcb839eea87a7a0", - "zh:2883b335bb6044b0db6a00e602d6926c047c7f330294a73a90d089f98b24d084", - "zh:390158d928009a041b3a182bdd82376b50530805ae92be2b84ed7c3b0fa902a0", - "zh:7169b8f8df4b8e9659c49043848fd5f7f8473d0471f67815e8b04980f827f5ef", - "zh:9417ee1383b1edd137024882d7035be4dca51fb4f725ca00ed87729086ec1755", - "zh:a22910b5a29eeab5610350700b4899267c1b09b66cf21f7e4d06afc61d425800", - "zh:a6185c9cd7aa458cd81861058ba568b6411fbac344373a20155e20256f4a7557", - "zh:b6260ca9f034df1b47905b4e2a9c33b67dbf77224a694d5b10fb09ae92ffad4c", - "zh:d87c12a6a7768f2b6c2a59495c7dc00f9ecc52b1b868331d4c284f791e278a1e", - ] -} diff --git a/nomad/service.nomad b/nomad/service.nomad index f2b62d7..d9f36a5 100644 --- a/nomad/service.nomad +++ b/nomad/service.nomad @@ -21,6 +21,10 @@ # read_only = bool, # ))) # healthcheck = "/" +# upstreams = json(list(dict( +# destination_name = str, +# local_bind_port = int +# ))) # mysql = bool # redis = bool # vault = bool @@ -83,6 +87,14 @@ job "[[.name]]" { local_bind_port = 6379 } [[ end -]] + [[ with .upstreams -]] + [[range $u := . | parseJSON -]] + upstreams { + destination_name = "[[ $u.destination_name ]]" + local_bind_port = [[ $u.local_bind_port ]] + } + [[ end ]] + [[ end -]] } } diff --git a/nomad/services.tf b/nomad/services.tf index 6f51e7a..1f9cac3 100644 --- a/nomad/services.tf +++ b/nomad/services.tf @@ -1,85 +1,5 @@ -# module "nextcloud" { -# source = "./nextcloud" -# -# depends_on = [module.databases] -# } +module "services" { + source = "./services" -module "backups" { - source = "./backups" - - depends_on = [module.databases] -} - -module "media" { - source = "./media" -} - -resource "nomad_job" "whoami" { - hcl2 { - enabled = true - vars = { - "count" = 1, - # "count" = "${2 * length(data.consul_service.nomad.service)}", - } - } - - jobspec = file("${path.module}/whoami.nomad") -} - -module "sonarr" { - source = "./levant" - - template_path = "service.nomad" - variables = { - name = "sonarr" - image = "linuxserver/sonarr" - service_port = 8989 - ingress = true - env = jsonencode({ - PGID = 100 - PUID = 1001 - }) - host_volumes = jsonencode([ - { - name = "tv-sonarr" - dest = "/srv/volumes/media-write/TV Shows" - read_only = false - }, - { - name = "download" - dest = "/srv/volumes/download" - read_only = false - }, - ]) - } -} - -resource "consul_service" "homeassistant" { - name = "hass" - node = consul_node.homeassistant.name - port = 8123 - tags = [ - "traefik.enable=true", - "traefik.consulcatalog.connect=false", - "traefik.http.routers.hass.entryPoints=websecure", - ] - - check { - check_id = "homeassistant:hass" - status = "passing" - name = "Home Assistant Health Check" - http = "192.168.3.65:8123" - interval = "30s" - timeout = "10s" - } -} - -resource "consul_node" "homeassistant" { - name = "homeassistant" - address = "192.168.3.65" - - meta = { - "external-node" = "true" - "external-probe" = "true" - } + depends_on = [module.databases, module.core] } diff --git a/nomad/services/.terraform.lock.hcl b/nomad/services/.terraform.lock.hcl new file mode 100644 index 0000000..4bcdaad --- /dev/null +++ b/nomad/services/.terraform.lock.hcl @@ -0,0 +1,40 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/consul" { + version = "2.16.2" + hashes = [ + "h1:epldE7sZPBTQHnWEA4WlNJIOVT1UEX+/02SMg5nniaE=", + "zh:0a2e11ca2ba650954951a087a1daec95eee2f3000456b295409a9880c4a10b1a", + "zh:34f6bda06a0d1c213fa8d87d4313687681e67bc8c40c4cbaa7dbe59ce24a4f7e", + "zh:5b85cf93db11ee890f720c317a38158927071feb634855786a0c0cd65825a43c", + "zh:75ef915f3d087e6045751a66fbb7066a852a0944ec8c97200d1134dd84df7ffc", + "zh:8a4a95697bd91ad51a581c12fe50ac61a114afba27895d027f77ac4154a7ea15", + "zh:973d538c8d72793861a1ac9718249a9493f417a2b5096846367560054fd843b9", + "zh:9feb2bdc06fdc2d8370cc9aad9a0c69e7e5ae38aac43f315c3f57507c57be030", + "zh:c5709672d0afecbbe298bf519741ebcb9d04f02a73b5ee0c186dfa241aa5a524", + "zh:c65c60570de6da7190e1e7762577655a463caeb59bc5d38e33034821ed0cbcb9", + "zh:c958d6282650fc472aade61d5df4300936033f43cfb898293ef86aceccdfdf1d", + "zh:cdd3632c81e1d11d3becd193aaa061688840f39147950c45c4301d042743ae6a", + "zh:f3d3efac504c9484a025beb919d22b290aa6dbff256f6e86c1f8ce7817e077e5", + ] +} + +provider "registry.terraform.io/hashicorp/nomad" { + version = "1.4.19" + hashes = [ + "h1:EdBny2gaLr/IE+l+6csyCKeIGFMYZ/4tHKpcbS7ArgE=", + "zh:2f3ceeb3318a6304026035b0ac9ee3e52df04913bb9ee78827e58c5398b41254", + "zh:3fbe76c7d957d20dfe3c8c0528b33084651f22a95be9e0452b658e0922916e2a", + "zh:595671a05828cfe6c42ef73aac894ac39f81a52cc662a76f37eb74ebe04ddf75", + "zh:5d76e8788d2af3e60daf8076babf763ec887480bbb9734baccccd8fcddf4f03e", + "zh:676985afeaca6e67b22d60d43fd0ed7055763029ffebc3026089fe2fd3b4a288", + "zh:69152ce6164ac999a640cff962ece45208270e1ac37c10dac484eeea5cf47275", + "zh:6da0b15c05b81f947ec8e139bd81eeeb05c0d36eb5a967b985d0625c60998b40", + "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", + "zh:822c0a3bbada5e38099a379db8b2e339526843699627c3be3664cc3b3752bab7", + "zh:af23af2f98a84695b25c8eba7028a81ad4aad63c44aefb79e01bbe2dc82e7f78", + "zh:e36cac9960b7506d92925b667254322520966b9c3feb3ca6102e57a1fb9b1761", + "zh:ffd1e096c1cc35de879c740a91918e9f06b627818a3cb4b1d87b829b54a6985f", + ] +} diff --git a/nomad/redis/.terraform.lock.hcl b/nomad/services/backups/.terraform.lock.hcl similarity index 52% rename from nomad/redis/.terraform.lock.hcl rename to nomad/services/backups/.terraform.lock.hcl index 027dbaa..429dbc2 100644 --- a/nomad/redis/.terraform.lock.hcl +++ b/nomad/services/backups/.terraform.lock.hcl @@ -2,26 +2,28 @@ # Manual edits may be lost in future updates. provider "registry.terraform.io/hashicorp/consul" { - version = "2.15.0" + version = "2.16.2" hashes = [ - "h1:o+Su3YqeOkHgf86GEArIVDZfaZQphYFjAOwpi/b0bzs=", - "zh:0bd2a9873099d89bd52e9eee623dd20ccb275d1e2f750da229a53a4d5b23450c", - "zh:1c9f87d4d97b2c61d006c0bef159d61d2a661a103025f8276ebbeb000129f931", - "zh:25b73a34115255c464be10a53f2510c4a1db958a71be31974d30654d5472e624", - "zh:32fa31329731db2bf4b7d0f09096416ca146f05b58f4482bbd4ee0f28cefbbcc", - "zh:59136b73d3abe7cc5b06d9e12d123ad21298ca86ed49a4060a3cd7c2a28a74a1", - "zh:a191f3210773ca25c543a92f2d392b85e6a053d596293655b1f25b33eb843b4c", - "zh:b8b6033cf0687eadc1099f11d9fb2ca9429ff40c2d85bd6cb047c0f6bc5d5d8d", - "zh:bb7d67ed28aa9b28fc5154161af003383f940b2beda0d4577857cad700f39cd1", - "zh:be615288f59327b975532a1999deab60a022e6819fe80e5a32526155210ecbba", - "zh:de1e3d5c34eef87eb301e74717754babb6dc8e19e3a964919e1165c5a076a719", - "zh:eb8c61b20d8ce2bfff9f735ca8456a0d6368af13aa1f43866f61c70f88cc491c", + "h1:epldE7sZPBTQHnWEA4WlNJIOVT1UEX+/02SMg5nniaE=", + "zh:0a2e11ca2ba650954951a087a1daec95eee2f3000456b295409a9880c4a10b1a", + "zh:34f6bda06a0d1c213fa8d87d4313687681e67bc8c40c4cbaa7dbe59ce24a4f7e", + "zh:5b85cf93db11ee890f720c317a38158927071feb634855786a0c0cd65825a43c", + "zh:75ef915f3d087e6045751a66fbb7066a852a0944ec8c97200d1134dd84df7ffc", + "zh:8a4a95697bd91ad51a581c12fe50ac61a114afba27895d027f77ac4154a7ea15", + "zh:973d538c8d72793861a1ac9718249a9493f417a2b5096846367560054fd843b9", + "zh:9feb2bdc06fdc2d8370cc9aad9a0c69e7e5ae38aac43f315c3f57507c57be030", + "zh:c5709672d0afecbbe298bf519741ebcb9d04f02a73b5ee0c186dfa241aa5a524", + "zh:c65c60570de6da7190e1e7762577655a463caeb59bc5d38e33034821ed0cbcb9", + "zh:c958d6282650fc472aade61d5df4300936033f43cfb898293ef86aceccdfdf1d", + "zh:cdd3632c81e1d11d3becd193aaa061688840f39147950c45c4301d042743ae6a", + "zh:f3d3efac504c9484a025beb919d22b290aa6dbff256f6e86c1f8ce7817e077e5", ] } provider "registry.terraform.io/hashicorp/nomad" { version = "1.4.16" hashes = [ + "h1:PQxNPNmMVOErxryTWIJwr22k95DTSODmgRylqjc2TjI=", "h1:tyfjD/maKzb0RxxD9KWgLnkJu9lnYziYsQgGw85Giz8=", "zh:0d4fbb7030d9caac3b123e60afa44f50c83cc2a983e1866aec7f30414abe7b0e", "zh:0db080228e07c72d6d8ca8c45249d6f97cd0189fce82a77abbdcd49a52e57572", diff --git a/nomad/backups/backup.nomad b/nomad/services/backups/backup.nomad similarity index 92% rename from nomad/backups/backup.nomad rename to nomad/services/backups/backup.nomad index dc52494..f196cb3 100644 --- a/nomad/backups/backup.nomad +++ b/nomad/services/backups/backup.nomad @@ -158,17 +158,33 @@ CONSUL_HTTP_ADDR={{ env "attr.unique.network.ip-address" }}:8500 # Consul backup ${file("${module_path}/jobs/consul.hcl")} {{ end -}} + {{ range service "nextcloud" -}} # Nextcloud .Node {{ .Node }} {{ if eq .Node (env "node.unique.name") -}} ${file("${module_path}/jobs/nextcloud.hcl")} {{ end -}} {{ end -}} + {{ range service "lldap" -}} # Lldap .Node {{ .Node }} {{ if eq .Node (env "node.unique.name") -}} ${file("${module_path}/jobs/lldap.hcl")} {{ end -}} +{{ end -}} + +{{ range service "sonarr" -}} +# Lldap .Node {{ .Node }} +{{ if eq .Node (env "node.unique.name") -}} +${file("${module_path}/jobs/sonarr.hcl")} +{{ end -}} +{{ end -}} + +{{ range service "nzbget" -}} +# Lldap .Node {{ .Node }} +{{ if eq .Node (env "node.unique.name") -}} +${file("${module_path}/jobs/nzbget.hcl")} +{{ end -}} {{ end -}} EOF destination = "jobs/node-jobs.hcl" diff --git a/nomad/backups/backups.tf b/nomad/services/backups/backups.tf similarity index 58% rename from nomad/backups/backups.tf rename to nomad/services/backups/backups.tf index a65b875..d7ce59d 100644 --- a/nomad/backups/backups.tf +++ b/nomad/services/backups/backups.tf @@ -5,8 +5,17 @@ resource "nomad_job" "backups" { }) } +# Get Nomad clients from Consul +data "consul_service" "nomad" { + name = "nomad-client" +} + resource "nomad_job" "backups-oneoff" { - for_each = toset(["n1", "n2", "n3"]) + # TODO: Get list of nomad hosts dynamically + for_each = toset([ + for node in data.consul_service.nomad.service : + node.node_name + ]) jobspec = templatefile("${path.module}/backup.nomad", { module_path = "${path.module}", batch_node = each.key, diff --git a/nomad/backups/jobs/consul.hcl b/nomad/services/backups/jobs/consul.hcl similarity index 100% rename from nomad/backups/jobs/consul.hcl rename to nomad/services/backups/jobs/consul.hcl diff --git a/nomad/backups/jobs/lldap.hcl b/nomad/services/backups/jobs/lldap.hcl similarity index 100% rename from nomad/backups/jobs/lldap.hcl rename to nomad/services/backups/jobs/lldap.hcl diff --git a/nomad/backups/jobs/nextcloud.hcl b/nomad/services/backups/jobs/nextcloud.hcl similarity index 100% rename from nomad/backups/jobs/nextcloud.hcl rename to nomad/services/backups/jobs/nextcloud.hcl diff --git a/nomad/services/backups/jobs/nzbget.hcl b/nomad/services/backups/jobs/nzbget.hcl new file mode 100644 index 0000000..bbc7588 --- /dev/null +++ b/nomad/services/backups/jobs/nzbget.hcl @@ -0,0 +1,21 @@ +job "nzbget" { + schedule = "@daily" + + config { + repo = "rclone::ftp,env_auth:/nomad/nzbget" + passphrase = env("BACKUP_PASSPHRASE") + } + + backup { + paths = ["/data/nzbget"] + # Because path is absolute + restore_opts { + Target = "/" + } + } + + forget { + KeepLast = 2 + Prune = true + } +} diff --git a/nomad/services/backups/jobs/sonarr.hcl b/nomad/services/backups/jobs/sonarr.hcl new file mode 100644 index 0000000..572335f --- /dev/null +++ b/nomad/services/backups/jobs/sonarr.hcl @@ -0,0 +1,27 @@ +job "sonarr" { + schedule = "@daily" + + config { + repo = "rclone::ftp,env_auth:/nomad/sonarr" + passphrase = env("BACKUP_PASSPHRASE") + } + + # sqlite "Backup database" { + # path = "/data/lldap/users.db" + # # sqlite3 /data/lldap/users.db .backup /data/lldap/users.db.bak + # dump_to = "/data/lldap/users.db.bak" + # } + + backup { + paths = ["/data/sonarr"] + # Because path is absolute + restore_opts { + Target = "/" + } + } + + forget { + KeepLast = 2 + Prune = true + } +} diff --git a/nomad/services/ip-dvr.nomad b/nomad/services/ip-dvr.nomad new file mode 100644 index 0000000..0431ebd --- /dev/null +++ b/nomad/services/ip-dvr.nomad @@ -0,0 +1,201 @@ +job "ipdvr" { + region = "global" + datacenters = ["dc1"] + + type = "service" + + group "nzbget" { + network { + mode = "bridge" + port "main" { + host_network = "loopback" + to = 6789 + } + } + + volume "nzbget-data" { + type = "host" + read_only = false + source = "nzbget-data" + } + + volume "download" { + type = "host" + read_only = false + source = "download" + } + + service { + name = "nzbget" + port = "main" + + connect { + sidecar_service { + proxy { + local_service_port = 6789 + } + } + + sidecar_task { + resources { + cpu = 50 + memory = 20 + memory_max = 50 + } + } + } + + # check { + # type = "http" + # path = "/" + # port = "main" + # interval = "10s" + # timeout = "10s" + # } + + tags = [ + "traefik.enable=true", + "traefik.http.routers.nzbget.entryPoints=websecure", + ] + } + + task "nzbget" { + driver = "docker" + + config { + image = "linuxserver/nzbget" + ports = ["main"] + } + + env = { + "PGID" = 100 + "PUID" = 1001 + "TZ" = "America/Los_Angeles" + } + + volume_mount { + volume = "nzbget-data" + destination = "/config" + read_only = false + } + + volume_mount { + volume = "download" + destination = "/downloads" + read_only = false + } + + resources { + cpu = 200 + memory = 200 + memory_max = 500 + } + } + } + + + group "sonarr" { + network { + mode = "bridge" + port "main" { + host_network = "loopback" + to = 8989 + } + } + + volume "sonarr-data" { + type = "host" + read_only = false + source = "sonarr-data" + } + + volume "tv-sonarr" { + type = "host" + read_only = false + source = "tv-sonarr" + } + + volume "download" { + type = "host" + read_only = false + source = "download" + } + + service { + name = "sonarr" + port = "main" + + connect { + sidecar_service { + proxy { + local_service_port = 8989 + upstreams { + destination_name = "nzbget" + local_bind_port = 6789 + } + } + } + + sidecar_task { + resources { + cpu = 50 + memory = 20 + memory_max = 50 + } + } + } + + # check { + # type = "http" + # path = "/" + # port = "main" + # interval = "10s" + # timeout = "10s" + # } + + tags = [ + "traefik.enable=true", + "traefik.http.routers.sonarr.entryPoints=websecure", + ] + } + + task "sonarr" { + driver = "docker" + + config { + image = "linuxserver/sonarr" + ports = ["main"] + } + + env = { + "PGID" = 100 + "PUID" = 1001 + "TZ" = "America/Los_Angeles" + } + + volume_mount { + volume = "sonarr-data" + destination = "/config" + read_only = false + } + + volume_mount { + volume = "tv-sonarr" + destination = "/tv" + read_only = false + } + + volume_mount { + volume = "download" + destination = "/download" + read_only = false + } + + resources { + cpu = 100 + memory = 200 + memory_max = 500 + } + } + } +} diff --git a/nomad/services/main.tf b/nomad/services/main.tf new file mode 100644 index 0000000..4770538 --- /dev/null +++ b/nomad/services/main.tf @@ -0,0 +1,139 @@ +# module "nextcloud" { +# source = "./nextcloud" +# +# depends_on = [module.databases] +# } + +module "backups" { + source = "./backups" + + # In parent module + # depends_on = [module.databases] +} + +module "media" { + source = "./media" +} + +resource "nomad_job" "whoami" { + hcl2 { + enabled = true + vars = { + "count" = 1, + # "count" = "${2 * length(data.consul_service.nomad.service)}", + } + } + + jobspec = file("${path.module}/whoami.nomad") +} + +resource "nomad_job" "ipdvr" { + jobspec = file("${path.module}/ip-dvr.nomad") +} + +resource "consul_config_entry" "nzbget_intents" { + depends_on = [nomad_job.ipdvr] + + name = "nzbget" + kind = "service-intentions" + + config_json = jsonencode({ + Sources = [ + { + Action = "allow" + Name = "sonarr" + Precedence = 9 + Type = "consul" + }, + ] + }) +} + +# module "nzbget" { +# source "./levant" +# +# template_path = "service.nomad" +# variables = { +# name = "nzbget" +# image = "linuxserver/nzbget" +# service_port = 6789 +# ingress = true +# env = jsonencode({ +# PGID = 100 +# PUID = 1001 +# TZ = "America/Los_Angeles" +# }) +# host_volumes = jsonencode([ +# { +# name = "download" +# dest = "/srv/volumes/download" +# read_only = false +# }, +# ]) +# } +# } +# +# module "sonarr" { +# source = "./levant" +# +# template_path = "service.nomad" +# variables = { +# name = "sonarr" +# image = "linuxserver/sonarr" +# service_port = 8989 +# ingress = true +# env = jsonencode({ +# PGID = 100 +# PUID = 1001 +# TZ = "America/Los_Angeles" +# +# }) +# host_volumes = jsonencode([ +# { +# name = "sonarr-data" +# dest = "/config" +# read_only = false +# }, +# { +# name = "tv-sonarr" +# dest = "/srv/volumes/media-write/TV Shows" +# read_only = false +# }, +# { +# name = "download" +# dest = "/srv/volumes/download" +# read_only = false +# }, +# ]) +# } +# } + +resource "consul_service" "homeassistant" { + name = "hass" + node = consul_node.homeassistant.name + port = 8123 + tags = [ + "traefik.enable=true", + "traefik.consulcatalog.connect=false", + "traefik.http.routers.hass.entryPoints=websecure", + ] + + check { + check_id = "homeassistant:hass" + status = "passing" + name = "Home Assistant Health Check" + http = "192.168.3.65:8123" + interval = "30s" + timeout = "10s" + } +} + +resource "consul_node" "homeassistant" { + name = "homeassistant" + address = "192.168.3.65" + + meta = { + "external-node" = "true" + "external-probe" = "true" + } +} diff --git a/nomad/nextcloud/.terraform.lock.hcl b/nomad/services/media/.terraform.lock.hcl similarity index 95% rename from nomad/nextcloud/.terraform.lock.hcl rename to nomad/services/media/.terraform.lock.hcl index 4a078a2..70d1fae 100644 --- a/nomad/nextcloud/.terraform.lock.hcl +++ b/nomad/services/media/.terraform.lock.hcl @@ -4,6 +4,7 @@ provider "registry.terraform.io/hashicorp/nomad" { version = "1.4.16" hashes = [ + "h1:PQxNPNmMVOErxryTWIJwr22k95DTSODmgRylqjc2TjI=", "h1:tyfjD/maKzb0RxxD9KWgLnkJu9lnYziYsQgGw85Giz8=", "zh:0d4fbb7030d9caac3b123e60afa44f50c83cc2a983e1866aec7f30414abe7b0e", "zh:0db080228e07c72d6d8ca8c45249d6f97cd0189fce82a77abbdcd49a52e57572", diff --git a/nomad/media/caddy.nomad b/nomad/services/media/caddy.nomad similarity index 100% rename from nomad/media/caddy.nomad rename to nomad/services/media/caddy.nomad diff --git a/nomad/media/media.tf b/nomad/services/media/media.tf similarity index 100% rename from nomad/media/media.tf rename to nomad/services/media/media.tf diff --git a/nomad/blocky/.terraform.lock.hcl b/nomad/services/nextcloud/.terraform.lock.hcl similarity index 95% rename from nomad/blocky/.terraform.lock.hcl rename to nomad/services/nextcloud/.terraform.lock.hcl index 4a078a2..70d1fae 100644 --- a/nomad/blocky/.terraform.lock.hcl +++ b/nomad/services/nextcloud/.terraform.lock.hcl @@ -4,6 +4,7 @@ provider "registry.terraform.io/hashicorp/nomad" { version = "1.4.16" hashes = [ + "h1:PQxNPNmMVOErxryTWIJwr22k95DTSODmgRylqjc2TjI=", "h1:tyfjD/maKzb0RxxD9KWgLnkJu9lnYziYsQgGw85Giz8=", "zh:0d4fbb7030d9caac3b123e60afa44f50c83cc2a983e1866aec7f30414abe7b0e", "zh:0db080228e07c72d6d8ca8c45249d6f97cd0189fce82a77abbdcd49a52e57572", diff --git a/nomad/nextcloud/nextcloud-backup.hcl b/nomad/services/nextcloud/nextcloud-backup.hcl similarity index 100% rename from nomad/nextcloud/nextcloud-backup.hcl rename to nomad/services/nextcloud/nextcloud-backup.hcl diff --git a/nomad/nextcloud/nextcloud.nomad b/nomad/services/nextcloud/nextcloud.nomad similarity index 100% rename from nomad/nextcloud/nextcloud.nomad rename to nomad/services/nextcloud/nextcloud.nomad diff --git a/nomad/nextcloud/nextcloud.tf b/nomad/services/nextcloud/nextcloud.tf similarity index 100% rename from nomad/nextcloud/nextcloud.tf rename to nomad/services/nextcloud/nextcloud.tf diff --git a/nomad/whoami.nomad b/nomad/services/whoami.nomad similarity index 100% rename from nomad/whoami.nomad rename to nomad/services/whoami.nomad diff --git a/nomad/setup-cluster.yml b/nomad/setup-cluster.yml index 239e696..a9b5d66 100644 --- a/nomad/setup-cluster.yml +++ b/nomad/setup-cluster.yml @@ -9,7 +9,7 @@ roles: - role: ansible-consul vars: - consul_version: "1.13.1-1" + consul_version: "1.13.3-1" consul_install_upgrade: true consul_install_from_repo: true consul_os_repo_prerequisites: [] @@ -76,7 +76,7 @@ roles: - name: ansible-vault vars: - vault_version: 1.11.3-1 + vault_version: 1.12.0-1 vault_install_hashi_repo: true vault_harden_file_perms: true vault_bin_path: /usr/bin @@ -145,6 +145,25 @@ - unseal_keys_hex is defined - vault_status.json["sealed"] +- name: Install Docker + hosts: nomad_instances + become: true + vars: + docker_architecture_map: + x86_64: amd64 + armv7l: armhf + aarch64: arm64 + docker_apt_arch: "{{ docker_architecture_map[ansible_architecture] }}" + docker_compose_arch: "{{ (ansible_architecture == 'armv7l') | ternary('armv7', ansible_architecture) }}" + roles: + - geerlingguy.docker + + tasks: + - name: Remove snapd + package: + name: snapd + state: absent + # Not on Ubuntu 20.04 # - name: Install Podman # hosts: nomad_instances @@ -206,19 +225,6 @@ state: mounted fstype: nfs4 -- name: Install Docker - hosts: nomad_instances - become: true - vars: - docker_architecture_map: - x86_64: amd64 - armv7l: armhf - aarch64: arm64 - docker_apt_arch: "{{ docker_architecture_map[ansible_architecture] }}" - docker_compose_arch: "{{ (ansible_architecture == 'armv7l') | ternary('armv7', ansible_architecture) }}" - roles: - - geerlingguy.docker - - name: Build Nomad cluster hosts: nomad_instances any_errors_fatal: true @@ -249,10 +255,16 @@ read_only: false - name: download path: /srv/volumes/download - owner: "root" - group: "root" + owner: 1001 + group: 100 mode: "0755" read_only: false + - name: nzbget-data + path: /srv/volumes/container/nzbget/config + read_only: false + - name: gitea-data + path: /srv/volumes/container/gitea + read_only: false - name: all-volumes path: /srv/volumes owner: "root" @@ -263,7 +275,7 @@ roles: - name: ansible-nomad vars: - nomad_version: "1.3.5-1" + nomad_version: "1.4.1-1" nomad_install_upgrade: true nomad_allow_purge_config: true @@ -275,6 +287,8 @@ nomad_bin_dir: /usr/bin nomad_install_from_repo: true + nomad_bootstrap_expect: "{{ [(play_hosts | length), 3] | min }}" + nomad_raft_protocol: 3 nomad_autopilot: true nomad_encrypt_enable: true # nomad_use_consul: true @@ -332,7 +346,7 @@ # Enable vault integration # HACK: Only talk to local Vault for now because it doesn't have HTTPS - # TODO: Would be really great to hvae this over https and point to vault.consul.service + # TODO: Would be really great to have this over https and point to vault.consul.service # nomad_vault_address: "https://vault.service.consul:8200" # Right now, each node only talks to it's local Vault, so if that node is rebooted and # that vault is sealed, it will not have access to vault. This is a problem if a node @@ -351,9 +365,9 @@ ui: enabled: true consul: - ui_url: "http://{{ ansible_hostname }}:8500/ui" + ui_url: "https://{{ ansible_hostname }}:8500/ui" vault: - ui_url: "http://{{ ansible_hostname }}:8200/ui" + ui_url: "https://{{ ansible_hostname }}:8200/ui" consul: tags: - "traefik.enable=true" @@ -481,3 +495,5 @@ systemd: state: restarted name: nomad + retries: 6 + delay: 5 diff --git a/nomad/vault-kv.tf b/nomad/vault-kv.tf deleted file mode 100644 index b22745b..0000000 --- a/nomad/vault-kv.tf +++ /dev/null @@ -1,5 +0,0 @@ -resource "vault_mount" "kv" { - path = "kv" - type = "kv-v2" - description = "Catch all kv mount" -}