From b2c03f1e60e9bd1b78452f30b99079f47ef905f5 Mon Sep 17 00:00:00 2001
From: Ian Fijolek <ian@iamthefij.com>
Date: Sat, 12 Mar 2022 10:07:52 -0800
Subject: [PATCH] Update hosts improve bootstrap and move a few things around

---
 nomad/Makefile                                |   3 +-
 nomad/ansible_hosts.yml                       |  10 +-
 nomad/docker-setup.yaml                       |  47 +++++
 nomad/metrics/grafana.nomad                   | 124 +++++++++++++
 nomad/metrics/metrics.tf                      |  39 ++--
 nomad/metrics/prometheus.nomad                |   3 +-
 nomad/packer/cloud-config                     |  85 +++++++++
 ...oud-init.hcl => ubuntu-cloud-init.pkr.hcl} |  18 +-
 nomad/services.tf                             |  26 +--
 nomad/setup-cluster.yml                       | 168 +++++++++++-------
 nomad/traefik/traefik.nomad                   |   2 +-
 nomad/whoami.nomad                            |   5 -
 12 files changed, 411 insertions(+), 119 deletions(-)
 create mode 100644 nomad/docker-setup.yaml
 create mode 100644 nomad/metrics/grafana.nomad
 create mode 100644 nomad/packer/cloud-config
 rename nomad/packer/{ubuntu-cloud-init.hcl => ubuntu-cloud-init.pkr.hcl} (51%)

diff --git a/nomad/Makefile b/nomad/Makefile
index 69bfb89..7ede4e2 100644
--- a/nomad/Makefile
+++ b/nomad/Makefile
@@ -56,10 +56,11 @@ cluster: consul-up nomad-up
 venv/bin/ansible:
 	python3 -m venv venv
 	./venv/bin/pip install ansible
+	./venv/bin/pip install python-consul
 
 .PHONY: ansible-cluster
 ansible-cluster: venv/bin/ansible
-	./venv/bin/ansible-galaxy install -p ansible_roles -r roles/requirements.yml
+	./venv/bin/ansible-galaxy install -p roles -r roles/requirements.yml
 	./venv/bin/ansible-playbook -K -vv -i ansible_hosts.yml -M ./roles ./setup-cluster.yml
 
 .PHONY: plan
diff --git a/nomad/ansible_hosts.yml b/nomad/ansible_hosts.yml
index 7d39179..83081a5 100644
--- a/nomad/ansible_hosts.yml
+++ b/nomad/ansible_hosts.yml
@@ -3,14 +3,13 @@ all:
   children:
     servers:
       hosts:
-        services.thefij:
-          consul_node_role: bootstrap
+        nomad0.thefij:
+          # consul_node_role: bootstrap
           nomad_node_role: both
-          nomad_node_class: ingress
           nomad_host_volumes:
             - name: mysql-data
               path: /srv/volumes/mysql-data
-              owner: "nomad"
+              owner: "root"
               group: "bin"
               mode: "0755"
               read_only: false
@@ -19,6 +18,9 @@ all:
           #   dns_san: ["services.thefij"]
           #   ip_san: ["192.168.2.41", "127.0.0.1"]
         # motionpi.thefij: {}
+        nomad1.thefij:
+          nomad_node_class: ingress
+          nomad_node_role: both
 
     consul_instances:
       children:
diff --git a/nomad/docker-setup.yaml b/nomad/docker-setup.yaml
new file mode 100644
index 0000000..06c8817
--- /dev/null
+++ b/nomad/docker-setup.yaml
@@ -0,0 +1,47 @@
+---
+- name: Setup Docker on host
+  hosts: docker_hosts
+  vars:
+    user_name: "{{ create_user | default(ansible_user) }}"
+    docker_config_path: >-
+      {% if ansible_facts.os_family == 'Darwin' -%}
+        ~/.docker/daemon.json
+      {%- else -%}
+        /etc/docker/daemon.json
+      {%- endif %}
+    ansible_python_interpreter: python3
+
+  roles:
+    - docker_install
+
+  tasks:
+
+    - name: Add to Docker group
+      user:
+        name: "{{ user_name }}"
+        groups: docker
+        append: true
+      become: true
+
+    - name: Use journald logging driver  # noqa 207
+      json_merge:
+        path: "{{ docker_config_path }}"
+        allow_create: true
+        format_indent: true
+        update_json: {
+          "log-driver": "journald",
+          "log-opts": {
+            "tag": "{{ '{{ .Name }}/{{ .ImageName }}/{{ .ID }}' }}",
+            "labels": "com.docker.compose.project,com.docker.compose.service"
+          }
+        }
+      become: true
+      notify: Restart Docker daemon
+
+  handlers:
+    - name: Restart Docker daemon
+      service:
+        name: docker
+        state: restarted
+      become: true
+      when: ansible_facts['os_family'] != "Darwin"
diff --git a/nomad/metrics/grafana.nomad b/nomad/metrics/grafana.nomad
new file mode 100644
index 0000000..ef096ce
--- /dev/null
+++ b/nomad/metrics/grafana.nomad
@@ -0,0 +1,124 @@
+job "grafana" {
+  datacenters = ["dc1"]
+
+  group "grafana" {
+    count = 1
+
+    network {
+      mode = "bridge"
+
+      port "web" {
+        host_network = "loopback"
+        to = 3000
+      }
+    }
+
+    service {
+      port = "web"
+
+      connect {
+        sidecar_service {
+          proxy {
+            local_service_port = 3000
+
+            upstreams {
+              destination_name = "prometheus"
+              local_bind_port = 9090
+            }
+          }
+        }
+
+        sidecar_task {
+          resources {
+            cpu    = 50
+            memory = 50
+          }
+        }
+      }
+
+      check {
+        type = "http"
+        path = "/"
+        port = "web"
+        interval = "10s"
+        timeout = "10s"
+      }
+
+      tags = [
+        "traefik.enable=true",
+        "traefik.http.routers.grafana.entrypoints=web,websecure",
+        "traefik.http.routers.grafana.rule=Host(`grafana.dev.homelab`)",
+        "traefik.subdomain=grafana-sub",
+        "traefik.http.routers.grafana.tls=true",
+      ]
+    }
+
+    task "grafana" {
+      driver = "docker"
+
+      config {
+        image = "grafana/grafana:7.3.6"
+        ports = ["web"]
+
+        mount {
+          type = "bind"
+          target = "/etc/grafana/grafana.ini"
+          source = "local/config/grafana.ini"
+        }
+
+        mount {
+          type = "bind"
+          target = "/etc/grafana/provisioning"
+          source = "local/config/provisioning"
+        }
+      }
+
+      env = {
+        "GF_SECURITY_ADMIN_PASSWORD" = "password",
+        "GF_INSTALL_PLUGINS" = "grafana-clock-panel,grafana-piechart-panel,grafana-polystat-panel",
+      }
+
+      template {
+        data = <<EOF
+[paths]
+# Path to where grafana can store temp files, sessions, and the sqlite3 db (if that is used)
+data = /var/lib/grafana
+
+# folder that contains provisioning config files that grafana will apply on startup and while running.
+provisioning = /etc/grafana/provisioning
+[server]
+# Protocol (http, https, socket)
+protocol = http
+
+http_port = 3000
+        EOF
+        change_mode = "signal"
+        change_signal = "SIGHUP"
+        destination = "local/config/grafana.ini"
+      }
+
+      template {
+        data = <<EOF
+---
+apiVersion: 1
+
+datasources:
+  - name: Prometheus
+    url: http://${NOMAD_UPSTREAM_ADDR_prometheus}
+    type: prometheus
+    access: proxy
+    isDefault: true
+    version: 1
+        EOF
+        change_mode = "signal"
+        change_signal = "SIGHUP"
+        destination = "local/config/provisioning/datasources/prometheus.yml"
+      }
+
+      resources {
+        cpu = 100
+        memory = 200
+      }
+    }
+  }
+}
diff --git a/nomad/metrics/metrics.tf b/nomad/metrics/metrics.tf
index 31c3379..e35d98d 100644
--- a/nomad/metrics/metrics.tf
+++ b/nomad/metrics/metrics.tf
@@ -9,13 +9,13 @@ variable "consul_address" {
   description = "address of consul server for dynamic scraping"
 }
 
-resource "nomad_job" "exporters" {
-  hcl2 {
-    enabled = true
-  }
-
-  jobspec = file("${path.module}/exporters.nomad")
-}
+# resource "nomad_job" "exporters" {
+#   hcl2 {
+#     enabled = true
+#   }
+#
+#   jobspec = file("${path.module}/exporters.nomad")
+# }
 
 resource "nomad_job" "prometheus" {
   hcl2 {
@@ -27,20 +27,11 @@ resource "nomad_job" "prometheus" {
 
   jobspec = file("${path.module}/prometheus.nomad")
 }
-#
-# resource "nomad_job" "prometheus" {
-#   hcl2 {
-#     enabled = true
-#   }
-#
-# }
-#
-# resource "nomad_job" "grafana" {
-#   hcl2 {
-#     enabled = true
-#     vars = {
-#       "base_hostname" = "${var.base_hostname}",
-#     }
-#   }
-#
-# }
+
+resource "nomad_job" "grafana" {
+  hcl2 {
+    enabled = true
+  }
+
+  jobspec = file("${path.module}/grafana.nomad")
+}
diff --git a/nomad/metrics/prometheus.nomad b/nomad/metrics/prometheus.nomad
index 3accaef..c59e463 100644
--- a/nomad/metrics/prometheus.nomad
+++ b/nomad/metrics/prometheus.nomad
@@ -14,12 +14,13 @@ job "prometheus" {
       mode = "bridge"
 
       port "web" {
-        host_network = "nomad-bridge"
+        host_network = "loopback"
         to = 9090
       }
     }
 
     service {
+      name = "prometheus"
       port = "web"
 
       connect {
diff --git a/nomad/packer/cloud-config b/nomad/packer/cloud-config
new file mode 100644
index 0000000..5384a70
--- /dev/null
+++ b/nomad/packer/cloud-config
@@ -0,0 +1,85 @@
+#cloud-config
+
+hostname: node1
+
+users:
+  name: iamthefij
+  gecos: Ian Fijolek
+  groups: users, sudoers
+  # sudo: ALL=(ALL) NOPASSWD:ALL
+  ssh_authorized_keys:
+    - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDqVH0C0Vf5cA+QnUlkYHnJ9hWs6hUiOuoIOS7+8fSlK05Chy8WbLijE8MEA6R4dvkWtWnmx8bJnpwJl/mMHendX86ko879EonHNGSLBvbHeMJTjvSVmH2UdLCMhG4+nhj7WgAC7z7o/EtRohD0BQYFAkGaC7PYWSJMExi0sCStPjqjFdDHXrsrLR0Xho2tcLEsW6jZboj5D0j8fcFN2Yn3c3yiHdS3UqHatP1QwaqVLZnujcJZXpOBZqON45SoWy+N4c0Xm0bNc/cZLU3+cPnHKdwBMsJ17Np0CA9PWuC+/6CR/f1de4+SjcMnYtpNOQ0PMlKo0FH1Iim6a2zu6Ia7 ianfijolek-home
+    - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDXmLEpRejmI4+dWXW4bpFBXVNsdeyMQHPh57tFNqewCyuWLs0TQYoMlCVe90GYOLz670aeWQ98otImIOmkhgmhilntTP4fSWonAjdATh9sHfPP9ZdhlxoMlr2rcdkudNY2IZh0OxfBGXiwGwMiB57ZHBntls1xTcztWm95e19Ys7UnjY/ewwhKbNHz4ibhdCR37UjWE5fl0J28Iea1FPWJhOLlO0bo2iMolHQ2r1++eA0qFT1T6irLuXWEfzK10XDcDCxtyloBYSc6s5ICDbYda68eIqIcAhrwXwr1eAGvW+0Q/C0HQvg8nICS09Mz6BSRrHsfVtxF709yW/A9i7dW5LxL2KGQfyWLQs5CiimvSRFe2d932nnl0Yi0j4z4co5nJs5U3XGdZA7b+gN9iumNY91dofhOk46OlUdLoZ3nrVpCFGHsFiOkTpArgneCjiyImjk35WETJWytp68mTwQrepVHT4WwqvLi28sGdV2m+9IeJD/w535+xJ5GcNwZ4CYdFOte8z+2k4sVIT1qmUxB2wfcDKrPRTyUrXw8f1EcdXNB02yAq8RVzetVW5XrR1rJ1Ht+YhkH+553DPOSwqBMyzH6VBf6SPsqzwo3Z0ZuBEdBmLdh1o8Rrxu3+dApETUYBbeXQGkbYwEuhsEUk8+fnl5gp19sZSXgM/yrpk170w== ansible-home-devterm
+    - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDEgJzZmKLLA1D055xAGqyzaCnKo2s9aBeSPT9OY+7bDqHxYE/HUTp5zf3uO7yQ970/fI3XmDHoUE08ZyLOBXECPL0zsSljYx2tDivhEg8VwORfbp2J2cUVcd1EciZX36OuZWmRitqnYSzVglbRoAjGbmwap20vWjvsnc2mD9wiJl4Jj7VZsS8S97Di/Zos2ksLWeh7i8jrOxVXQtb6UGu3d1CLd/XXIkVSMIBSQBHwq5yB+13p1+RdMl7mosflzX6bm2gaB+bMBIXbak1BkQRxTS2FSdMDebJ9NCrj17R0SOJjtUCRfwG5gV2CGqp1E/WcEIfKGmHlaIMYx8B9MmDnZvcmoBAuZ83+xYPdzs6/b68VRMRonw9U+xLNjJTsNvQstyFx8afINABjrPrMdvMDmS6Of7GrXycKH6bZ9H2WZzK0WGFbrjz7WCl4WUTkbhmJlGqyq7USWx33eLgpexn0N0bR4HgsoFNvwsIFLpBMPuYtdsHKJ7Md4N8OPC/5PUj7enn9zr0jJm1SB4c3kyrw3V9dtUpEkZwD5UHMX3BYgZ8Mk/EUf1avbHs+wk2D94GgKKVKphNYUFJFeQ2MmvGIHXZqT5Y+LmolaCMeiQHRN4hR8lWZ3YEW1EPfb8EuEWwDtZBdkTdq3WBD/5dxLVGxKfWqyARd6DQKbrEjyUb2/Q== ansible-host
+    - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICNlio04oYMNhFNp1tH142OEPX6s6Foul7xJBEJrxA23 ifij@C02FQ1A8Q05Q
+    - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC+mAHEhjAGuSrK7otwuh0P0cnzpde78XVxy6TnrVIcAxOii4tt66f8L+AkacWxBvST+OXfBR0EPMuIr8ya8KsHVA2f7W+XTcH/s3WwHuNvSIf7M3Pt1bGOVtU53HAxeMkNjjJ0kPK9MRiYeONIcj2wuZUwIywH+zCJZiRuYjWTEcz4h6hlaBfwdBtuC5WcoQYUwyuudT0iYFMvG4VA1fk6rqEtM9DkLuCGgXZJb6kn5v4ZSHo7tTelpEAyooaPX7Z94YQ87/oNdUi5NFQRZ6tZFQPLAm3U67IwS3u+Di84vt/rkDL/nnIVbzN9w+DFl60RHG61sf4rnFj4In7e/ypD/IY3NPjFgKJa1ItzoNlJcx+W5RtvP0TjqaUjkbVeUUzE6enRxRGRnHmW5Rz2VbkeQnywEwhy5EZ8I8/exWuvgP5UrW7byUUcMMIHRYMvTf4yqS3+ycoLxQpRncTg5oAY7gMpwXBoPOGFheiP7A6AAKTbZjgT+0uWxlZhxiERyeudDQyhWIQryDBtXtr0JgK/kudn3w4aFvf9Q+mR3hLepSIprHqBzgYTdIjBcX6yyn1CDZyBpI1DOKC2pApou/Pj1iM7nPRu5vjs/C27JaEbarn3nPYNSflUmn9kwKYP3p+HsKczPHhkphcJRGn8J+8BSJPTYTBmtsIMix2Ale/ObQ== WorkingCopy@IansiPad-28012021
+    - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCl1REER7jgH2G0uSinEA48++6F+OffkyyLuBA6KXg38+i+BmRnwETzyaBYoahD/QD9lrfGicUXUM4Vp4cX/hYvWbXc4VVwYzMBpZ6w3ZW0jzLYlILU9e1iUnMqkKkVHd+rYS/djTEBA3qev6Sn1IBg9t/LSE1+zLn2xH15RusKsCOzL0o/yCiSWtiLipGuywaNt6ZcmiJQmk87HhS68uQIVQr9EoG2gcNJt/1Nd0ykuBWmLZq8QXp40P4TBDCIOWBjHLjaknm1+yroooAHV1oNaPymSMXgXK2HqdvvEjyUc6H1euIcWuU+vORiAxdZDaIQVD8Y4+Slp1RsG1t2ICXY9/htZdulTkUQCGaCSMh3o7tq0RDA/oPiAmEpvzGe7NR5R74lkj6sVIFK/zu+3w8MgaMBQXiG8EmFj7G9UBWW5g53h6sG0nho8z7wJ4m14l2RwNT9d1PyLw6YVbmBAIFyMiI20c9ITbVECCIVrGW1S6pAC4EGvUfx5zlayW+CmZk86Ut9NXWhPGw2Whd2J/J7Q6TFXD/ASd0elTqMn6CeqrALZQnR/LpXmlqfrWI42Qiqh1Mz1IhZhNff2grVpCK2rxYpIsom3Yn+mZn8hZYSQ8BNF3VoQmNK0Og/t3iUekBvQLRk26z0bNLNdWHNz+uofBbEiOyxCwiJF0fQpxk/Yw== ansible-home-ianubuntu
+
+
+apt:
+  sources:
+    hashicorp:
+      source: deb https://apt.releases.hashicorp.com $RELEASE main
+      key: |
+        -----BEGIN PGP PUBLIC KEY BLOCK-----
+
+        mQINBF60TuYBEADLS1MP7XrMlRkn1Y54cb2UclUMH8HkIRfBrhk5Leo9kNZc/2QD
+        LmdQbi3UbZkz0uVkHqbFDgV5lAnukCnxgr9BqnL0GJpO78le7gCCbM5bR4rTJ6Ar
+        OOtIKf25smGTIpbSwNdj8BOLqiExGFj/9L5X9S5kfq3vtuYt+lmxKkIrEPjSYnFR
+        TQ2mTL8RM932GJod/5VJ2+6YvrCjtPu5/rW02H1U2ZHiTtX6ZGnIvv/sprKyFRqT
+        x4Ib+o9XwXof/LuxTMpVwIHSzCYanH5hPc7yRGKzIntBS+dDom+h9smx7FTgpHwt
+        QRFGLtVoHXqON6nXTLFDkEzxr+fXq/bgB1Kc1TuzvoK601ztQGhhDaEPloKqNWM8
+        Ho7JU1RpnoWr5jOFTYiPM9uyCtFNsJmD9mt4K8sQQN7T2inR5Us0o510FqePRFeX
+        wOJUMi1CbeYqVHfKQ5cWYujcK8pv3l1a6dSBmFfcdxtwIoA16JzCrgsCeumTDvKu
+        hOiTctb28srL/9WwlijUzZy6R2BGBbhP937f2NbMS/rpby7M1WizKeo2tkKVyK+w
+        SUWSw6EtFJi7kRSkH7rvy/ysU9I2ma88TyvyOgIz1NRRXYsW7+brgwXnuJraOLaB
+        5aiuhlngKpTPvP9CFib7AW2QOXustMZ7pOUREmxgS4kqxo74CuFws163TwARAQAB
+        tFFIYXNoaUNvcnAgU2VjdXJpdHkgKEhhc2hpQ29ycCBQYWNrYWdlIFNpZ25pbmcp
+        IDxzZWN1cml0eStwYWNrYWdpbmdAaGFzaGljb3JwLmNvbT6JAk4EEwEIADgWIQTo
+        oDLglNjrTqGJ0nDaQYyIoyGfewUCXrRO5gIbAwULCQgHAgYVCgkICwIEFgIDAQIe
+        AQIXgAAKCRDaQYyIoyGfe6/WD/9dTM/1OSgbvSPpPJOOcn5L1nOKRBJpztr4V0ky
+        GoCDakIQ/sykbcuHXP79FGLzrM8zQOsbvVp/Z2lsWBnxkT8KWM+8LZxYToRGdZhr
+        huFPHV9df0vAsZGisu4ejHDneHOTO3KqVotkky34jUSjBL7Q8uwXHY9r+5hb452N
+        vafN1w0Y1QVhb6JjjwWHR8Rf9qkSIEi6m9o8a1M54yQC2y/Zrs6+4F3zZ4uYfTvz
+        MyFfj0P5VmAoaowLSRdb2/JTObu0+zpKN+PjZA8BcnOf/pvqmEz83FIfo6zJLScx
+        TVaAwj5Iz/jS04x7EvBuIP3vpgv1R6r+t0qU/7hpu7Oc0dsxhL+C8BpVY26/2hvX
+        ozN5eG0ysSwexqwls+bnRgd6KdoHlWFNfbW8RCPKyb/s+tmFqGAY/QmxMkukgnXQ
+        WvBoa0Gdv2AFVLYup9tEO1zF4zBPh5oQwAXDNudLTHJ4KmyEwWsOQJUjNB4y4a7j
+        iGgK77T4KKXpo7pVDP8Ur+tmNH/d+/YFjxrfJvWt4ypE5dZmFO/FrUMvIGglOLDt
+        A+SiQe73IpEebB8PiqNlqJ2NU7artuRxYQVColt+/1puIHwV+h0SnMoUEvYqAtxP
+        J/N3JaiytWlesPPFWvhU/JGUAld5coEU2gbYtlenV/YmdjilIBu50sMSPGF5/6gv
+        BAA/DbkCDQRetE7mARAA0OH1pn0vdEfSm1kdqIDP3BXBD0BRHNNgGpyXXRRJFaip
+        bmpu7jSv3FsvN/NmG3BcLXXLFvwY/eIOr6fxRye+a5FSQEtvBnI1GHNmD5GAVT/H
+        KiwrT5e3ReR/FQS7hCXWU4OA2bKmSEdkJ952NhyYeyAKbkOBgbnlEhtWOAdMI7ws
+        peHAlHDqfGVOKXDh+FddCUQj/yZ2rblSzFdcC9gtcJSyHWgOQdVAEesEZ16hcZoj
+        +6O+6BXOQWOo7EPD7lA9a1qesBkSRcxQn48IVVZ2Qx2P2FtCfF+SFX+HQdqJGl15
+        qxE5CXTuJCMmCVnWhvcLW405uF/HmMFXdqGobEDiQsFFQrfpPVOi4T90VkW8P81s
+        uPoAlWht1CppNnmhWlvPQsPK/oSMBBOvOEH1EnWJate8yIkveNbqzrE7Xt3sjF6k
+        yqXaF+qW8OcDvSH/fgvVd21G10Cm77Z2WaKWvfi221oWj+WrgT8cCYv0AVmaLRMe
+        dajuYlPRQ8KaZaESza2eXggOMP5LQs/mQgfHfwSRekSbKg/L6ctp+xrZ0DPj4iIl
+        8+H4DxTILopAFWXA1a+uMVp8mV77gA9PyV3nIkrwgaZQ8MdhoKwvN/+SbvhpdzyF
+        UekzMP/HOaC6JgAomluwnFCdMDFa3FMCF3QUcIyY556QdoFD7g6033xqV6vL+d8A
+        EQEAAYkCNgQYAQgAIBYhBOigMuCU2OtOoYnScNpBjIijIZ97BQJetE7mAhsMAAoJ
+        ENpBjIijIZ97lecP+wTgSqhCz3TlUshR8lVrzECueIg3jh3+lY56am9X4MoZ2DAW
+        IXKjWKVWO55WPYD15A7+TbDyb4zh55m81LxSpV0CSRN4aPuixosWP4d0l+363D2F
+        oudz+QyvoK5J2sKFPMfhdTgGsEYVO/Zbhus5oNi0kjUTD9U7jHWPS3ilvk/g2F+k
+        T68lL9+oooleeT+kcBvbKt487JUOwMrkmHqNZdh8qmvMASAuqBcEcqjz96kVEMJY
+        bhn2skexKfIncoo/btixzJUbnplpDfibFxUHhvWWdwIv4kl3YnrCKKGSDoJcG1mV
+        sQegK4jWVGrqY8MnCI48iotP18ZxyqOycsZvs2jNmFlKwD9s1mrlr97HZ1MYbLWr
+        Hq06owH0AzVRM7tzMK7EuHkFLcoa8qh3oijn8O0B7xNOKpTZ2DjajQ/1w8nqmMi5
+        Z3Wie6ivKng/7p6c6HDrKjoQYc0/fuh1YnL60JG2Arn1OwdBsLDlzPL+Ro5iNwoJ
+        hZ+stxoZT48iAIWonBsLU11Y+MSwWdN1Eh411HTTunrEs6SafMEhnPi7vvUIZhny
+        Es0qOM/IUR1I0VtsurSn8aA6Y2Bp73+HuqFLx13/tPKBIUo6D7n/ywUlDCo7wtCw
+        aSgXPw6uF+0CyLOQ0haf2j6w1OB8ayEGSkTPER5rImCJf3MGw8IECGrErAd+
+        =EMKC
+        -----END PGP PUBLIC KEY BLOCK-----
+
+packages:
+  - python3
+  - python3-pip
+  - git
+  - nomad
+  - consul
+  - vault
+
+# vim: set ft=yaml.cloudinit :
diff --git a/nomad/packer/ubuntu-cloud-init.hcl b/nomad/packer/ubuntu-cloud-init.pkr.hcl
similarity index 51%
rename from nomad/packer/ubuntu-cloud-init.hcl
rename to nomad/packer/ubuntu-cloud-init.pkr.hcl
index 1f9eb5e..c098bcf 100644
--- a/nomad/packer/ubuntu-cloud-init.hcl
+++ b/nomad/packer/ubuntu-cloud-init.pkr.hcl
@@ -9,19 +9,27 @@ packer {
 
 
 source "qemu" "focal-arm64" {
-  iso_url           = "https://cloud-images.ubuntu.com/releases/focal/release/ubuntu-20.04-server-cloudimg-arm64.img"
-  iso_checksum      = "sha256:fee6bc4fcce3267b6a03a2449d5b471b7edf6ef990d6761607bd3960e2df4d9d"
+  qemu_binary       = "qemu-system-aarch64"
+  # machine_type      = "raspi3b"
+  machine_type      = "virt"
+  headless          = true
+  # Can't use boot command with this true
+  # disable_vnc       = true
+
+  iso_url           = "https://cloud-images.ubuntu.com/releases/focal/release-20220308/ubuntu-20.04-server-cloudimg-arm64.img"
+  iso_checksum      = "sha256:e905900cd0a0d716a72f83dc94a6e2260275dc0e867c84196a8d6d1bc783b304"
+
   output_directory  = "focal_arm64"
   shutdown_command  = "echo 'packer' | sudo -S shutdown -P now"
   disk_size         = "5000M"
-  format            = "qcow2"
+  format            = "raw"
   ssh_username      = "root"
   ssh_password      = "s0m3password"
   ssh_timeout       = "20m"
   boot_wait         = "10s"
-  boot_command      = []
+  # boot_command      = []
 }
 
 build {
-  sources = ["source.qemu.example"]
+  sources = ["source.qemu.focal-arm64"]
 }
diff --git a/nomad/services.tf b/nomad/services.tf
index e5fd47b..ce6cd81 100644
--- a/nomad/services.tf
+++ b/nomad/services.tf
@@ -1,7 +1,7 @@
 # Configure Consul provider
 variable "consul_address" {
   type    = string
-  default = "http://192.168.2.41:8500"
+  default = "http://nomad0.thefij:8500"
 }
 
 variable "base_hostname" {
@@ -32,11 +32,11 @@ provider "nomad" {
 
 # Define services as modules
 
-# module "mysql-server" {
-#   source = "./mysql"
-#
-#   base_hostname = var.base_hostname
-# }
+module "mysql-server" {
+  source = "./mysql"
+
+  base_hostname = var.base_hostname
+}
 
 module "blocky" {
   source = "./blocky"
@@ -58,13 +58,13 @@ module "metrics" {
   base_hostname = var.base_hostname
 }
 
-# module "nextcloud" {
-#   source = "./nextcloud"
-#
-#   base_hostname = var.base_hostname
-#
-#   depends_on = [module.mysql-server]
-# }
+module "nextcloud" {
+  source = "./nextcloud"
+
+  base_hostname = var.base_hostname
+
+  depends_on = [module.mysql-server]
+}
 
 resource "nomad_job" "whoami" {
   hcl2 {
diff --git a/nomad/setup-cluster.yml b/nomad/setup-cluster.yml
index 0a7bd05..49d0ef9 100644
--- a/nomad/setup-cluster.yml
+++ b/nomad/setup-cluster.yml
@@ -2,27 +2,38 @@
 - name: Build Consul cluster
   hosts: consul_instances
   any_errors_fatal: true
-  become: true
 
   roles:
-    - name: ansible-consul
-      consul_version: "1.11.3"
-      consul_install_remotely: true
-      consul_install_upgrade: true
-      consul_architecture_map:
-        x86_64: amd64
-        armhfv6: arm
-        armv7l: arm
+    - role: ansible-consul
+      vars:
+        consul_version: "1.11.3"
+        consul_install_remotely: true
+        consul_install_upgrade: true
 
-      # consul_tls_enable: true
-      consul_connect_enabled: true
-      consul_ports_grpc: 8502
-      consul_client_address: "0.0.0.0"
+        consul_node_role: server
+        consul_bootstrap_expect: true
 
-      # Enable metrics
-      consul_config_custom:
-        telemetry:
-          prometheus_retention_time: "2h"
+        consul_user: consul
+        consul_manage_user: true
+        consul_group: bin
+        consul_manage_group: true
+
+        consul_architecture_map:
+          x86_64: amd64
+          armhfv6: arm
+          armv7l: arm
+
+        # consul_tls_enable: true
+        consul_connect_enabled: true
+        consul_ports_grpc: 8502
+        consul_client_address: "0.0.0.0"
+
+        # Enable metrics
+        consul_config_custom:
+          telemetry:
+            prometheus_retention_time: "2h"
+
+      become: true
 
 
   tasks:
@@ -30,21 +41,35 @@
       systemd:
         state: started
         name: consul
+      become: true
 
     - name: Add values
-      # TODO: This can be run from localhost by using an address
       block:
-        - name: Install pip
+        - name: Install python-consul
           pip:
             name: python-consul
+            extra_args: --index-url https://pypi.org/simple
 
         - name: Add a value to Consul
           consul_kv:
+            host: "{{ inventory_hostname }}"
             key: ansible_test
             value: Hello from Ansible!
 
+      delegate_to: localhost
       run_once: true
 
+# Not on Ubuntu 20.04
+# - name: Install Podman
+#   hosts: nomad_instances
+#   become: true
+#
+#   tasks:
+#     - name: Install Podman
+#       package:
+#         name: podman
+#         state: present
+
 - name: Build Nomad cluster
   hosts: nomad_instances
   any_errors_fatal: true
@@ -52,59 +77,72 @@
 
   roles:
     - name: ansible-nomad
-      nomad_version: "1.2.6"
-      nomad_install_remotely: true
-      nomad_install_upgrade: true
-      nomad_allow_purge_config: true
+      vars:
+        nomad_version: "1.2.6"
+        nomad_install_remotely: true
+        nomad_install_upgrade: true
+        nomad_allow_purge_config: true
 
-      # Properly map install arch
-      nomad_architecture_map:
-        x86_64: amd64
-        armhfv6: arm
-        armv7l: arm
+        nomad_user: root
+        nomad_manage_user: true
+        nomad_group: bin
+        nomad_manage_group: true
 
-      nomad_encrypt_enable: true
-      # nomad_use_consul: true
+        # Properly map install arch
+        nomad_architecture_map:
+          x86_64: amd64
+          armhfv6: arm
+          armv7l: arm
 
-      # Metrics
-      nomad_telemetry: true
-      nomad_telemetry_prometheus_metrics: true
-      nomad_telemetry_publish_allocation_metrics: true
-      nomad_telemetry_publish_node_metrics: true
+        nomad_encrypt_enable: true
+        # nomad_use_consul: true
 
-      # Enable container plugins
-      nomad_cni_enable: true
-      nomad_cni_version: 1.0.1
-      nomad_docker_enable: true
-      nomad_docker_dmsetup: false
+        # Metrics
+        nomad_telemetry: true
+        nomad_telemetry_prometheus_metrics: true
+        nomad_telemetry_publish_allocation_metrics: true
+        nomad_telemetry_publish_node_metrics: true
 
-      # Customize docker plugin
-      nomad_plugins:
-        docker:
-          config:
-            volumes:
-              enabled: true
-              selinuxlabel: "z"
-            extra_labels:
-              - "job_name"
-              - "job_id"
-              - "task_group_name"
-              - "task_name"
-              - "namespace"
-              - "node_name"
-              - "node_id"
+        # Enable container plugins
+        nomad_cni_enable: true
+        nomad_cni_version: 1.0.1
+        nomad_docker_enable: true
+        nomad_docker_dmsetup: false
+        # nomad_podman_enable: true
 
-      # Bind nomad
-      nomad_bind_address: 0.0.0.0
+        # Customize docker plugin
+        nomad_plugins:
+          docker:
+            config:
+              volumes:
+                enabled: true
+                selinuxlabel: "z"
+              extra_labels:
+                - "job_name"
+                - "job_id"
+                - "task_group_name"
+                - "task_name"
+                - "namespace"
+                - "node_name"
+                - "node_id"
 
-      # Create networks for binding task ports
-      nomad_host_networks:
-        - name: nomad-bridge
-          interface: nomad
-          reserved_ports: "22"
-        - name: loopback
-          interface: lo
-          reserved_ports: "22"
+        # Bind nomad
+        nomad_bind_address: 0.0.0.0
+
+        # Create networks for binding task ports
+        nomad_host_networks:
+          - name: nomad-bridge
+            interface: nomad
+            reserved_ports: "22"
+          - name: loopback
+            interface: lo
+            reserved_ports: "22"
+
+        nomad_config_custom:
+          ui:
+            enabled: true
+            consul:
+              ui_url: "http://{{ ansible_hostname }}:8500/ui"
 
   tasks:
     - name: Start Nomad
diff --git a/nomad/traefik/traefik.nomad b/nomad/traefik/traefik.nomad
index 38e27f4..ee52355 100644
--- a/nomad/traefik/traefik.nomad
+++ b/nomad/traefik/traefik.nomad
@@ -86,7 +86,7 @@ job "traefik" {
           "--providers.consulcatalog.endpoint.address=${var.consul_address}",
           "--providers.consulcatalog.servicename=traefik",
           "--providers.consulcatalog.prefix=traefik",
-          "--providers.consulcatalog.defaultrule=Host(`{{normalize .Name}}.${var.base_hostname}`)",
+          "--providers.consulcatalog.defaultrule=Host(`{{normalize .Name}}.${var.base_hostname}`) || ({{hasKey .Labels \"subdomain\" }} && Host(`{{get .Labels \"subdomain\"}}.${var.base_hostname}`))",
         ]
 
         ports = ["web", "websecure"]
diff --git a/nomad/whoami.nomad b/nomad/whoami.nomad
index 6de955f..398ce1a 100644
--- a/nomad/whoami.nomad
+++ b/nomad/whoami.nomad
@@ -18,11 +18,6 @@ job "whoami" {
   group "whoami" {
     count = var.count
 
-    constraint {
-      operator = "distinct_hosts"
-      value = "true"
-    }
-
     network {
       mode = "bridge"
       port "web" {