Lint, format, lock

.gitignore

@@ -37,4 +37,3 @@ terraform.rc
 
 # ---> Ansible
 *.retry
-

.pre-commit-config.yaml

@@ -0,0 +1,22 @@
+---
+repos:
+  - repo: https://github.com/antonbabenko/pre-commit-terraform
+    rev: v1.64.1
+    hooks:
+      - id: terraform_fmt
+      - id: terraform_validate
+      - id: terraform_providers_lock
+      # - id: terraform_tflint
+      # - id: terraform_tfsec
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v4.1.0
+    hooks:
+      - id: check-added-large-files
+      - id: check-merge-conflict
+      - id: end-of-file-fixer
+      - id: trailing-whitespace
+  # - repo: https://github.com/Yelp/detect-secrets
+  #   rev: v1.0.3
+  #   hooks:
+  #     - id: detect-secrets
+  #       args: ['--baseline', '.secrets-baseline']

README.md

@@ -1,2 +1 @@
 # orchestration-tests
-

k8s-test/core/main.tf

@@ -1,15 +1,15 @@
 resource "helm_release" "traefik" {
-  name = "traefik"
+  name       = "traefik"
   repository = "https://helm.traefik.io/traefik"
-  chart = "traefik"
+  chart      = "traefik"
 
   set {
-    name = "ingressClass.enabled"
+    name  = "ingressClass.enabled"
     value = true
   }
 
   set {
-    name = "ingressClass.isDefaultClass"
+    name  = "ingressClass.isDefaultClass"
     value = true
   }
 }

k8s-test/core/providers.tf

@@ -1,22 +1,21 @@
 variable "kube_config_path" {
-  type = string
+  type    = string
   default = "~/.kube/config"
 }
 
 variable "kube_config_context" {
-  type = string
+  type    = string
   default = "colima"
 }
 
 provider "kubernetes" {
-  config_path = var.kube_config_path
+  config_path    = var.kube_config_path
   config_context = var.kube_config_context
 }
 
 provider "helm" {
   kubernetes {
-    config_path = var.kube_config_path
+    config_path    = var.kube_config_path
     config_context = var.kube_config_context
   }
 }
-

k8s-test/services/authentik/.terraform.lock.hcl

@@ -0,0 +1,21 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hashicorp/helm" {
+  version = "2.5.0"
+  hashes = [
+    "h1:cJl2bkAv9vrM8uV/BLdYnOoiTB6BeOPDJ9NBcqbmPd0=",
+    "zh:16b4dfcaf5bdef9fc10926cef8c9992a1bf3de1c99fb679923421e3b5a9d4307",
+    "zh:1e1456943bea1c9f5b1671d55796c65fbe8ac0980c3a79e4fdcaf5fa320e4c8f",
+    "zh:302b57485a8fe540dd55e2306680e51db54a83a630830f9a106c1ac38c1f6a91",
+    "zh:5ea2eafa735f7cd696e8f118271aedab68a46eb1f6f7f00126338fa302a0cc0b",
+    "zh:66bf1709bb20b24bd26b476081207e69500d1a6bc50829b9033a785050d3a8bd",
+    "zh:7166a85433037029caf04246ccff3d455e3a58868a58c29611e3b275e272299a",
+    "zh:809ddc3759c27ca76e5be8cfab45cecea04d0ae49172bbe326e7740bfbcd5aeb",
+    "zh:9335805d3eed0789c1718fd55d91ffe24681536302d1cd2d07ccf649828406bd",
+    "zh:d7c069fe721bc49a3a19f7c54c7498f492322891a7ce7b9adc6b57edae694933",
+    "zh:d9f5514ecf0cf811716b478c677526e18ac2d2cb5f6bec884096e970b2865798",
+    "zh:e899083259416874d75b58813446d0aa045efd9047d324b10810490dd72faa24",
+    "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
+  ]
+}

k8s-test/services/authentik/main.tf

@@ -1,22 +1,22 @@
 locals {
   authentik_chart_values = {
-    "ingress.enabled" = true,
-    "ingress.hosts[0].host" = "authentik.dev.homelab"
-    "ingress.hosts[0].paths[0].path" = "/"
+    "ingress.enabled"                    = true,
+    "ingress.hosts[0].host"              = "authentik.dev.homelab"
+    "ingress.hosts[0].paths[0].path"     = "/"
     "ingress.hosts[0].paths[0].pathType" = "Prefix"
   }
 }
 
 resource "helm_release" "authentik" {
-  name = "authentik"
+  name       = "authentik"
   repository = "https://charts.goauthentik.io/"
-  chart = "authentik"
-  version = "5.2.2"
+  chart      = "authentik"
+  version    = "5.2.2"
 
   dynamic "set" {
     for_each = local.authentik_chart_values
     content {
-      name = set.key
+      name  = set.key
       value = set.value
     }
   }

k8s-test/services/blocky/.terraform.lock.hcl

@@ -0,0 +1,21 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hashicorp/helm" {
+  version = "2.5.0"
+  hashes = [
+    "h1:cJl2bkAv9vrM8uV/BLdYnOoiTB6BeOPDJ9NBcqbmPd0=",
+    "zh:16b4dfcaf5bdef9fc10926cef8c9992a1bf3de1c99fb679923421e3b5a9d4307",
+    "zh:1e1456943bea1c9f5b1671d55796c65fbe8ac0980c3a79e4fdcaf5fa320e4c8f",
+    "zh:302b57485a8fe540dd55e2306680e51db54a83a630830f9a106c1ac38c1f6a91",
+    "zh:5ea2eafa735f7cd696e8f118271aedab68a46eb1f6f7f00126338fa302a0cc0b",
+    "zh:66bf1709bb20b24bd26b476081207e69500d1a6bc50829b9033a785050d3a8bd",
+    "zh:7166a85433037029caf04246ccff3d455e3a58868a58c29611e3b275e272299a",
+    "zh:809ddc3759c27ca76e5be8cfab45cecea04d0ae49172bbe326e7740bfbcd5aeb",
+    "zh:9335805d3eed0789c1718fd55d91ffe24681536302d1cd2d07ccf649828406bd",
+    "zh:d7c069fe721bc49a3a19f7c54c7498f492322891a7ce7b9adc6b57edae694933",
+    "zh:d9f5514ecf0cf811716b478c677526e18ac2d2cb5f6bec884096e970b2865798",
+    "zh:e899083259416874d75b58813446d0aa045efd9047d324b10810490dd72faa24",
+    "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
+  ]
+}

k8s-test/services/blocky/config.yml

@@ -18,4 +18,3 @@ customDNS:
 
 port: 53
 httpPort: 4000
-

k8s-test/services/blocky/main.tf

@@ -1,25 +1,25 @@
 locals {
-  blocky_config = file("${path.module}/blocky_config.yml")
+  blocky_config = file("${path.module}/config.yml")
 }
 
 resource "helm_release" "blocky" {
-  name = "blocky"
+  name       = "blocky"
   repository = "https://k8s-at-home.com/charts/"
-  chart = "blocky"
+  chart      = "blocky"
 
 
   set {
-    name = "env.TZ"
+    name  = "env.TZ"
     value = "America/Los_Angeles"
   }
 
   set {
-    name = "metrics.enabled"
+    name  = "metrics.enabled"
     value = true
   }
 
   set {
-    name = "config"
-    value = "${local.blocky_config}"
+    name  = "config"
+    value = local.blocky_config
   }
 }

k8s-test/services/blocky_config.yml

@@ -18,4 +18,3 @@ customDNS:
 
 port: 53
 httpPort: 4000
-

k8s-test/services/main.tf

@@ -1,17 +1,17 @@
 resource "kubernetes_manifest" "traefik_dashboard" {
   manifest = {
     apiVersion = "traefik.containo.us/v1alpha1"
-    kind = "IngressRoute"
+    kind       = "IngressRoute"
     metadata = {
-      name = "public-traefik-dashboard"
+      name      = "public-traefik-dashboard"
       namespace = "default"
     }
     spec = {
-      entryPoints = [ "web" ]
+      entryPoints = ["web"]
       routes = [
         {
           match = "PathPrefix(`/dashboard`) || PathPrefix(`/api`)"
-          kind = "Rule"
+          kind  = "Rule"
           services = [
             {
               name = "api@internal"
@@ -27,30 +27,30 @@ resource "kubernetes_manifest" "traefik_dashboard" {
 module "whoami" {
   source = "./simple_service"
 
-  name = "whoami"
-  image = "containous/whoami:latest"
+  name         = "whoami"
+  image        = "containous/whoami:latest"
   expose_ports = [80]
 }
 
 module "whoami-ingress" {
   source = "./traefik_ingress"
 
-  app_name = "whoami"
+  app_name    = "whoami"
   match_route = "PathPrefix(`/whoami`)"
 }
 
 module "whoami2" {
   source = "./simple_service"
 
-  name = "whoami2"
-  image = "containous/whoami:latest"
+  name         = "whoami2"
+  image        = "containous/whoami:latest"
   expose_ports = [80]
 }
 
 module "whoami2-ingress" {
   source = "./traefik_ingress"
 
-  app_name = "whoami2"
+  app_name    = "whoami2"
   match_route = "PathPrefix(`/whoami2`)"
 }
 

k8s-test/services/providers.tf

@@ -1,22 +1,21 @@
 variable "kube_config_path" {
-  type = string
+  type    = string
   default = "~/.kube/config"
 }
 
 variable "kube_config_context" {
-  type = string
+  type    = string
   default = "colima"
 }
 
 provider "kubernetes" {
-  config_path = var.kube_config_path
+  config_path    = var.kube_config_path
   config_context = var.kube_config_context
 }
 
 provider "helm" {
   kubernetes {
-    config_path = var.kube_config_path
+    config_path    = var.kube_config_path
     config_context = var.kube_config_context
   }
 }
-

k8s-test/services/simple_service/.terraform.lock.hcl

@@ -0,0 +1,21 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hashicorp/kubernetes" {
+  version = "2.9.0"
+  hashes = [
+    "h1:mKX1pJCT8LbRpTVfoOif+ooWq2Sm2UJ7Fpsh8QQxlnk=",
+    "zh:114113e9cd0489d2db8374f3352cc9b29667a42462f922eb9c891c6daf1c38fa",
+    "zh:31dcf16083142f2978fc933cead038e671798053fb1fd3c18a2331afb7abe264",
+    "zh:44743af5da8cfb9937b0831fdfbadd949a106440420f5f7373734181121f1b98",
+    "zh:63eeacd73e71bcdeb796abde45dac56331ccb5ee39d97138a4a4ae755ef314a7",
+    "zh:645ae4f95508a6a878a21fc8031a09b7c1f95fb87b7d97dfce38d572d4bd5c5c",
+    "zh:782f0dd9fda68406f1783d3b4f25c4077dd4a6a87efe7dcaae68038c2dd57e33",
+    "zh:87dd58eacd557106c9d77fca4211e2c5fa3416c56c8dccad2b30f8d627ffe413",
+    "zh:b61582b7bfdb19d9155b535fe54b2ce5425934e8f5f65389e3cfe75577be4f07",
+    "zh:bf97f54f94d99461a1fc8199ece3300e59b896d6aeaea8395beb4d544557b1cc",
+    "zh:c536669089d75a9ea2582feae0204bd5989622168d99cd71822067be40223105",
+    "zh:e596310a343780d4ef7ad08e05bdbcb91dc41a11ed08b58ad7590903d9d9982f",
+    "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
+  ]
+}

k8s-test/services/simple_service/main.tf

@@ -7,18 +7,18 @@ variable "image" {
 }
 
 variable "replicas" {
-  type = number
+  type    = number
   default = 1
 }
 
 variable "expose_ports" {
-  type = list(number)
+  type    = list(number)
   default = []
 }
 
 variable "host_ports" {
   type = list(object({
-    host_port = number
+    host_port      = number
     container_port = number
   }))
   default = []
@@ -50,7 +50,7 @@ resource "kubernetes_deployment" "simple-service" {
 
       spec {
         container {
-          name = var.name
+          name  = var.name
           image = var.image
 
           dynamic "port" {
@@ -63,7 +63,7 @@ resource "kubernetes_deployment" "simple-service" {
           dynamic "port" {
             for_each = toset(var.host_ports)
             content {
-              host_port = port.key.host_port
+              host_port      = port.key.host_port
               container_port = port.key.container_port
             }
           }

k8s-test/services/traefik_ingress/.terraform.lock.hcl

@@ -0,0 +1,21 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hashicorp/kubernetes" {
+  version = "2.9.0"
+  hashes = [
+    "h1:mKX1pJCT8LbRpTVfoOif+ooWq2Sm2UJ7Fpsh8QQxlnk=",
+    "zh:114113e9cd0489d2db8374f3352cc9b29667a42462f922eb9c891c6daf1c38fa",
+    "zh:31dcf16083142f2978fc933cead038e671798053fb1fd3c18a2331afb7abe264",
+    "zh:44743af5da8cfb9937b0831fdfbadd949a106440420f5f7373734181121f1b98",
+    "zh:63eeacd73e71bcdeb796abde45dac56331ccb5ee39d97138a4a4ae755ef314a7",
+    "zh:645ae4f95508a6a878a21fc8031a09b7c1f95fb87b7d97dfce38d572d4bd5c5c",
+    "zh:782f0dd9fda68406f1783d3b4f25c4077dd4a6a87efe7dcaae68038c2dd57e33",
+    "zh:87dd58eacd557106c9d77fca4211e2c5fa3416c56c8dccad2b30f8d627ffe413",
+    "zh:b61582b7bfdb19d9155b535fe54b2ce5425934e8f5f65389e3cfe75577be4f07",
+    "zh:bf97f54f94d99461a1fc8199ece3300e59b896d6aeaea8395beb4d544557b1cc",
+    "zh:c536669089d75a9ea2582feae0204bd5989622168d99cd71822067be40223105",
+    "zh:e596310a343780d4ef7ad08e05bdbcb91dc41a11ed08b58ad7590903d9d9982f",
+    "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
+  ]
+}

k8s-test/services/traefik_ingress/main.tf

@@ -7,12 +7,12 @@ variable "match_route" {
 }
 
 variable "app_port" {
-  type = number
+  type    = number
   default = 80
 }
 
 variable "app_port_name" {
-  type = string
+  type    = string
   default = "http"
 }
 
@@ -25,12 +25,12 @@ variable "entrypoints" {
 }
 
 variable "namespace" {
-  type = string
+  type    = string
   default = "default"
 }
 
 locals {
-  service_name =  "${var.app_name}-service"
+  service_name = "${var.app_name}-service"
   ingress_name = "${var.app_name}-ingress"
 }
 
@@ -42,7 +42,7 @@ resource "kubernetes_service" "traefik-ingress-service" {
     selector = {
       app = var.app_name
     }
-    
+
     port {
       name = var.app_port_name
       port = var.app_port
@@ -53,9 +53,9 @@ resource "kubernetes_service" "traefik-ingress-service" {
 resource "kubernetes_manifest" "traefik-ingress-route" {
   manifest = {
     apiVersion = "traefik.containo.us/v1alpha1"
-    kind = "IngressRoute"
+    kind       = "IngressRoute"
     metadata = {
-      name = local.ingress_name
+      name      = local.ingress_name
       namespace = var.namespace
     }
     spec = {
@@ -63,7 +63,7 @@ resource "kubernetes_manifest" "traefik-ingress-route" {
       routes = [
         {
           match = var.match_route
-          kind = "Rule"
+          kind  = "Rule"
           services = [
             {
               kind = "Service"

nomad/.gitignore

@@ -2,3 +2,4 @@ roles/
 venv/
 vault-keys.json
 nomad_bootstrap.json
+ca/

nomad/Makefile

@@ -77,4 +77,3 @@ apply:
 # curl -L -o cni-plugins.tgz "https://github.com/containernetworking/plugins/releases/download/v1.0.0/cni-plugins-linux-$( [ $(uname -m) = aarch64 ] && echo arm64 || echo amd64)"-v1.0.0.tgz
 # sudo mkdir -p /opt/cni/bin
 # sudo tar -C /opt/cni/bin -xzf cni-plugins.tgz
-

nomad/acls/.terraform.lock.hcl

@@ -0,0 +1,38 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hashicorp/nomad" {
+  version = "1.4.16"
+  hashes = [
+    "h1:tyfjD/maKzb0RxxD9KWgLnkJu9lnYziYsQgGw85Giz8=",
+    "zh:0d4fbb7030d9caac3b123e60afa44f50c83cc2a983e1866aec7f30414abe7b0e",
+    "zh:0db080228e07c72d6d8ca8c45249d6f97cd0189fce82a77abbdcd49a52e57572",
+    "zh:0df88393271078533a217654b96f0672c60eb59570d72e6aefcb839eea87a7a0",
+    "zh:2883b335bb6044b0db6a00e602d6926c047c7f330294a73a90d089f98b24d084",
+    "zh:390158d928009a041b3a182bdd82376b50530805ae92be2b84ed7c3b0fa902a0",
+    "zh:7169b8f8df4b8e9659c49043848fd5f7f8473d0471f67815e8b04980f827f5ef",
+    "zh:9417ee1383b1edd137024882d7035be4dca51fb4f725ca00ed87729086ec1755",
+    "zh:a22910b5a29eeab5610350700b4899267c1b09b66cf21f7e4d06afc61d425800",
+    "zh:a6185c9cd7aa458cd81861058ba568b6411fbac344373a20155e20256f4a7557",
+    "zh:b6260ca9f034df1b47905b4e2a9c33b67dbf77224a694d5b10fb09ae92ffad4c",
+    "zh:d87c12a6a7768f2b6c2a59495c7dc00f9ecc52b1b868331d4c284f791e278a1e",
+  ]
+}
+
+provider "registry.terraform.io/hashicorp/vault" {
+  version = "3.4.1"
+  hashes = [
+    "h1:oow6cAwKiFpJBBWKsDqNmwZIrFTWWvoeIbqs+vyUDE0=",
+    "zh:1eb8370a1846e34e2bcc4d11eece5733735784a8eab447bbed3cfd822101b577",
+    "zh:2df3989327cea68b2167514b7ebddc67b09340f00bbf3fa85df03c97adfb9d25",
+    "zh:3dd1e317264f574985e856296deef71a76464918bf0566eb0d7f6389ea0586bd",
+    "zh:9750861f2822482aa608ea5a52b385bc42b2e1f2511094e6a975412618c4495d",
+    "zh:9b940e7f78975d29a4d0a116cf43c0bc1cb03bec4ad8d34887d64e6e60bacb9e",
+    "zh:9cb6e7ad2a62529d35dacd20695d49c2f02230cb785d46178cc10f4ec80e5a51",
+    "zh:a12718689bbcb37bcbb9132c18bffd354fad8ab5c8cb89cec1a0ee85c65b8cb7",
+    "zh:a6e38afacca1af4fab04a9f2dc49b8295eb462db68bdc7451352d0f950f804f8",
+    "zh:d6e0e994d51b9e07d5713d4796381f9e129e9de962e79caae2b7055f6f68297e",
+    "zh:ea4bbef7a1bb2553db473fa304c93845674167b61e8c9677107a96c8c696da12",
+    "zh:f985a8b7f4ef7d1eba9cef7d99997ee9c4a54ffe76dab7fa8b1fdec2a9edca7e",
+  ]
+}

nomad/acls/nomad_vault.tf

@@ -4,25 +4,25 @@ resource "nomad_acl_token" "vault" {
 }
 
 resource "vault_nomad_secret_backend" "config" {
-    backend = "nomad"
-    description = "Nomad ACL"
-    token = nomad_acl_token.vault.secret_id
+  backend     = "nomad"
+  description = "Nomad ACL"
+  token       = nomad_acl_token.vault.secret_id
 }
 
 resource "vault_nomad_secret_role" "nomad-deploy" {
-  backend = vault_nomad_secret_backend.config.backend
-  role = "nomad-deploy"
+  backend  = vault_nomad_secret_backend.config.backend
+  role     = "nomad-deploy"
   policies = ["nomad-deploy"]
 }
 
 resource "vault_nomad_secret_role" "admin" {
   backend = vault_nomad_secret_backend.config.backend
-  role = "admin-management"
-  type = "management"
+  role    = "admin-management"
+  type    = "management"
 }
 
 resource "vault_policy" "nomad-deploy" {
-  name = "nomad-deploy"
+  name   = "nomad-deploy"
   policy = <<EOH
 path "nomad/creds/nomad-deploy" {
   capabilities = ["read"]

nomad/ansible_hosts.yml

@@ -42,10 +42,10 @@ all:
 
     consul_instances:
       children:
-        servers: {}
+        # servers: {}
     nomad_instances:
       children:
         servers: {}
     vault_instances:
       children:
-        servers: {}
+        # servers: {}

nomad/blocky/.terraform.lock.hcl

@@ -0,0 +1,20 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hashicorp/nomad" {
+  version = "1.4.16"
+  hashes = [
+    "h1:tyfjD/maKzb0RxxD9KWgLnkJu9lnYziYsQgGw85Giz8=",
+    "zh:0d4fbb7030d9caac3b123e60afa44f50c83cc2a983e1866aec7f30414abe7b0e",
+    "zh:0db080228e07c72d6d8ca8c45249d6f97cd0189fce82a77abbdcd49a52e57572",
+    "zh:0df88393271078533a217654b96f0672c60eb59570d72e6aefcb839eea87a7a0",
+    "zh:2883b335bb6044b0db6a00e602d6926c047c7f330294a73a90d089f98b24d084",
+    "zh:390158d928009a041b3a182bdd82376b50530805ae92be2b84ed7c3b0fa902a0",
+    "zh:7169b8f8df4b8e9659c49043848fd5f7f8473d0471f67815e8b04980f827f5ef",
+    "zh:9417ee1383b1edd137024882d7035be4dca51fb4f725ca00ed87729086ec1755",
+    "zh:a22910b5a29eeab5610350700b4899267c1b09b66cf21f7e4d06afc61d425800",
+    "zh:a6185c9cd7aa458cd81861058ba568b6411fbac344373a20155e20256f4a7557",
+    "zh:b6260ca9f034df1b47905b4e2a9c33b67dbf77224a694d5b10fb09ae92ffad4c",
+    "zh:d87c12a6a7768f2b6c2a59495c7dc00f9ecc52b1b868331d4c284f791e278a1e",
+  ]
+}

nomad/blocky/blocky.tf

@@ -1,7 +1,7 @@
 variable "base_hostname" {
-  type = string
+  type        = string
   description = "Base hostname to serve content from"
-  default = "dev.homelab"
+  default     = "dev.homelab"
 }
 
 locals {

nomad/media/.terraform.lock.hcl

@@ -0,0 +1,20 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hashicorp/nomad" {
+  version = "1.4.16"
+  hashes = [
+    "h1:tyfjD/maKzb0RxxD9KWgLnkJu9lnYziYsQgGw85Giz8=",
+    "zh:0d4fbb7030d9caac3b123e60afa44f50c83cc2a983e1866aec7f30414abe7b0e",
+    "zh:0db080228e07c72d6d8ca8c45249d6f97cd0189fce82a77abbdcd49a52e57572",
+    "zh:0df88393271078533a217654b96f0672c60eb59570d72e6aefcb839eea87a7a0",
+    "zh:2883b335bb6044b0db6a00e602d6926c047c7f330294a73a90d089f98b24d084",
+    "zh:390158d928009a041b3a182bdd82376b50530805ae92be2b84ed7c3b0fa902a0",
+    "zh:7169b8f8df4b8e9659c49043848fd5f7f8473d0471f67815e8b04980f827f5ef",
+    "zh:9417ee1383b1edd137024882d7035be4dca51fb4f725ca00ed87729086ec1755",
+    "zh:a22910b5a29eeab5610350700b4899267c1b09b66cf21f7e4d06afc61d425800",
+    "zh:a6185c9cd7aa458cd81861058ba568b6411fbac344373a20155e20256f4a7557",
+    "zh:b6260ca9f034df1b47905b4e2a9c33b67dbf77224a694d5b10fb09ae92ffad4c",
+    "zh:d87c12a6a7768f2b6c2a59495c7dc00f9ecc52b1b868331d4c284f791e278a1e",
+  ]
+}

nomad/media/caddy.nomad

@@ -43,7 +43,7 @@ job "multimedia" {
         "traefik.http.routers.library.entryPoints=websecure",
       ]
     }
-    
+
     task "main" {
       driver = "docker"
 
@@ -52,7 +52,7 @@ job "multimedia" {
         destination = "/mnt/media"
         read_only = true
       }
-      
+
       config {
         image = "caddy"
         args = [

nomad/metrics/.terraform.lock.hcl

@@ -1,6 +1,24 @@
 # This file is maintained automatically by "terraform init".
 # Manual edits may be lost in future updates.
 
+provider "registry.terraform.io/hashicorp/consul" {
+  version = "2.15.0"
+  hashes = [
+    "h1:o+Su3YqeOkHgf86GEArIVDZfaZQphYFjAOwpi/b0bzs=",
+    "zh:0bd2a9873099d89bd52e9eee623dd20ccb275d1e2f750da229a53a4d5b23450c",
+    "zh:1c9f87d4d97b2c61d006c0bef159d61d2a661a103025f8276ebbeb000129f931",
+    "zh:25b73a34115255c464be10a53f2510c4a1db958a71be31974d30654d5472e624",
+    "zh:32fa31329731db2bf4b7d0f09096416ca146f05b58f4482bbd4ee0f28cefbbcc",
+    "zh:59136b73d3abe7cc5b06d9e12d123ad21298ca86ed49a4060a3cd7c2a28a74a1",
+    "zh:a191f3210773ca25c543a92f2d392b85e6a053d596293655b1f25b33eb843b4c",
+    "zh:b8b6033cf0687eadc1099f11d9fb2ca9429ff40c2d85bd6cb047c0f6bc5d5d8d",
+    "zh:bb7d67ed28aa9b28fc5154161af003383f940b2beda0d4577857cad700f39cd1",
+    "zh:be615288f59327b975532a1999deab60a022e6819fe80e5a32526155210ecbba",
+    "zh:de1e3d5c34eef87eb301e74717754babb6dc8e19e3a964919e1165c5a076a719",
+    "zh:eb8c61b20d8ce2bfff9f735ca8456a0d6368af13aa1f43866f61c70f88cc491c",
+  ]
+}
+
 provider "registry.terraform.io/hashicorp/nomad" {
   version = "1.4.16"
   hashes = [

nomad/metrics/exporters.nomad

@@ -90,7 +90,7 @@ job "metrics" {
 
     task "cadvisor" {
       driver = "docker"
-      
+
       config {
         # image = "iamthefij/cadvisor:0.37.5"
         image = "gcr.io/cadvisor/cadvisor:v0.39.3"
@@ -200,7 +200,7 @@ job "metrics" {
 
     task "node_exporter" {
       driver = "docker"
-      
+
       config {
         image = "prom/node-exporter:v1.0.1"
         args = ["--path.rootfs", "/host"]
@@ -222,4 +222,3 @@ job "metrics" {
     }
   }
 }
-

nomad/metrics/metrics.tf

@@ -1,5 +1,5 @@
 variable "consul_address" {
-  type    = string
+  type        = string
   description = "address of consul server for dynamic scraping"
 }
 

nomad/metrics/prometheus.nomad

@@ -127,7 +127,7 @@ scrape_configs:
       - source_labels: [__meta_consul_address]
         replacement: $1:8500
         target_label: __address__
-        
+
   - job_name: "exporters"
     metrics_path: "/metrics"
     consul_sd_configs:

nomad/mysql/.terraform.lock.hcl

@@ -0,0 +1,38 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hashicorp/consul" {
+  version = "2.15.0"
+  hashes = [
+    "h1:o+Su3YqeOkHgf86GEArIVDZfaZQphYFjAOwpi/b0bzs=",
+    "zh:0bd2a9873099d89bd52e9eee623dd20ccb275d1e2f750da229a53a4d5b23450c",
+    "zh:1c9f87d4d97b2c61d006c0bef159d61d2a661a103025f8276ebbeb000129f931",
+    "zh:25b73a34115255c464be10a53f2510c4a1db958a71be31974d30654d5472e624",
+    "zh:32fa31329731db2bf4b7d0f09096416ca146f05b58f4482bbd4ee0f28cefbbcc",
+    "zh:59136b73d3abe7cc5b06d9e12d123ad21298ca86ed49a4060a3cd7c2a28a74a1",
+    "zh:a191f3210773ca25c543a92f2d392b85e6a053d596293655b1f25b33eb843b4c",
+    "zh:b8b6033cf0687eadc1099f11d9fb2ca9429ff40c2d85bd6cb047c0f6bc5d5d8d",
+    "zh:bb7d67ed28aa9b28fc5154161af003383f940b2beda0d4577857cad700f39cd1",
+    "zh:be615288f59327b975532a1999deab60a022e6819fe80e5a32526155210ecbba",
+    "zh:de1e3d5c34eef87eb301e74717754babb6dc8e19e3a964919e1165c5a076a719",
+    "zh:eb8c61b20d8ce2bfff9f735ca8456a0d6368af13aa1f43866f61c70f88cc491c",
+  ]
+}
+
+provider "registry.terraform.io/hashicorp/nomad" {
+  version = "1.4.16"
+  hashes = [
+    "h1:tyfjD/maKzb0RxxD9KWgLnkJu9lnYziYsQgGw85Giz8=",
+    "zh:0d4fbb7030d9caac3b123e60afa44f50c83cc2a983e1866aec7f30414abe7b0e",
+    "zh:0db080228e07c72d6d8ca8c45249d6f97cd0189fce82a77abbdcd49a52e57572",
+    "zh:0df88393271078533a217654b96f0672c60eb59570d72e6aefcb839eea87a7a0",
+    "zh:2883b335bb6044b0db6a00e602d6926c047c7f330294a73a90d089f98b24d084",
+    "zh:390158d928009a041b3a182bdd82376b50530805ae92be2b84ed7c3b0fa902a0",
+    "zh:7169b8f8df4b8e9659c49043848fd5f7f8473d0471f67815e8b04980f827f5ef",
+    "zh:9417ee1383b1edd137024882d7035be4dca51fb4f725ca00ed87729086ec1755",
+    "zh:a22910b5a29eeab5610350700b4899267c1b09b66cf21f7e4d06afc61d425800",
+    "zh:a6185c9cd7aa458cd81861058ba568b6411fbac344373a20155e20256f4a7557",
+    "zh:b6260ca9f034df1b47905b4e2a9c33b67dbf77224a694d5b10fb09ae92ffad4c",
+    "zh:d87c12a6a7768f2b6c2a59495c7dc00f9ecc52b1b868331d4c284f791e278a1e",
+  ]
+}

nomad/nextcloud/.terraform.lock.hcl

@@ -0,0 +1,20 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hashicorp/nomad" {
+  version = "1.4.16"
+  hashes = [
+    "h1:tyfjD/maKzb0RxxD9KWgLnkJu9lnYziYsQgGw85Giz8=",
+    "zh:0d4fbb7030d9caac3b123e60afa44f50c83cc2a983e1866aec7f30414abe7b0e",
+    "zh:0db080228e07c72d6d8ca8c45249d6f97cd0189fce82a77abbdcd49a52e57572",
+    "zh:0df88393271078533a217654b96f0672c60eb59570d72e6aefcb839eea87a7a0",
+    "zh:2883b335bb6044b0db6a00e602d6926c047c7f330294a73a90d089f98b24d084",
+    "zh:390158d928009a041b3a182bdd82376b50530805ae92be2b84ed7c3b0fa902a0",
+    "zh:7169b8f8df4b8e9659c49043848fd5f7f8473d0471f67815e8b04980f827f5ef",
+    "zh:9417ee1383b1edd137024882d7035be4dca51fb4f725ca00ed87729086ec1755",
+    "zh:a22910b5a29eeab5610350700b4899267c1b09b66cf21f7e4d06afc61d425800",
+    "zh:a6185c9cd7aa458cd81861058ba568b6411fbac344373a20155e20256f4a7557",
+    "zh:b6260ca9f034df1b47905b4e2a9c33b67dbf77224a694d5b10fb09ae92ffad4c",
+    "zh:d87c12a6a7768f2b6c2a59495c7dc00f9ecc52b1b868331d4c284f791e278a1e",
+  ]
+}

nomad/nextcloud/nextcloud.nomad

@@ -67,14 +67,14 @@ job "nextcloud" {
         "traefik.http.routers.nextcloud.entryPoints=websecure",
       ]
     }
-    
+
     task "nextcloud-bootstrap" {
       driver = "docker"
-      
+
       lifecycle {
         hook = "prestart"
         sidecar = false
-      }  
+      }
 
       config {
         image = "mysql:8"
@@ -111,7 +111,7 @@ job "nextcloud" {
         destination = "/var/www/html"
         read_only = false
       }
-      
+
       config {
         image = "nextcloud"
         ports = ["web"]

nomad/providers.tf

@@ -11,28 +11,28 @@ data "consul_service" "nomad" {
 # Get Vault client from Consul
 data "consul_service" "vault" {
   name = "vault"
-  tag = "active"
+  tag  = "active"
 }
 
 locals {
   # Get Nomad address from Consul
-  nomad_node = data.consul_service.nomad.service[0]
+  nomad_node         = data.consul_service.nomad.service[0]
   nomad_node_address = "http://${local.nomad_node.node_address}:${local.nomad_node.port}"
 
   # Get Vault address from Consul
-  vault_node = data.consul_service.vault.service[0]
+  vault_node         = data.consul_service.vault.service[0]
   vault_node_address = "http://${local.vault_node.node_address}:${local.vault_node.port}"
 }
 
 # Configure the Nomad provider
 provider "nomad" {
-  address = local.nomad_node_address
+  address   = local.nomad_node_address
   secret_id = var.nomad_secret_id
-  region  = "global"
+  region    = "global"
 }
 
 # Configure the Vault provider
 provider "vault" {
   address = local.vault_node_address
-  token = var.vault_token
+  token   = var.vault_token
 }

nomad/redis/.terraform.lock.hcl

@@ -0,0 +1,38 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hashicorp/consul" {
+  version = "2.15.0"
+  hashes = [
+    "h1:o+Su3YqeOkHgf86GEArIVDZfaZQphYFjAOwpi/b0bzs=",
+    "zh:0bd2a9873099d89bd52e9eee623dd20ccb275d1e2f750da229a53a4d5b23450c",
+    "zh:1c9f87d4d97b2c61d006c0bef159d61d2a661a103025f8276ebbeb000129f931",
+    "zh:25b73a34115255c464be10a53f2510c4a1db958a71be31974d30654d5472e624",
+    "zh:32fa31329731db2bf4b7d0f09096416ca146f05b58f4482bbd4ee0f28cefbbcc",
+    "zh:59136b73d3abe7cc5b06d9e12d123ad21298ca86ed49a4060a3cd7c2a28a74a1",
+    "zh:a191f3210773ca25c543a92f2d392b85e6a053d596293655b1f25b33eb843b4c",
+    "zh:b8b6033cf0687eadc1099f11d9fb2ca9429ff40c2d85bd6cb047c0f6bc5d5d8d",
+    "zh:bb7d67ed28aa9b28fc5154161af003383f940b2beda0d4577857cad700f39cd1",
+    "zh:be615288f59327b975532a1999deab60a022e6819fe80e5a32526155210ecbba",
+    "zh:de1e3d5c34eef87eb301e74717754babb6dc8e19e3a964919e1165c5a076a719",
+    "zh:eb8c61b20d8ce2bfff9f735ca8456a0d6368af13aa1f43866f61c70f88cc491c",
+  ]
+}
+
+provider "registry.terraform.io/hashicorp/nomad" {
+  version = "1.4.16"
+  hashes = [
+    "h1:tyfjD/maKzb0RxxD9KWgLnkJu9lnYziYsQgGw85Giz8=",
+    "zh:0d4fbb7030d9caac3b123e60afa44f50c83cc2a983e1866aec7f30414abe7b0e",
+    "zh:0db080228e07c72d6d8ca8c45249d6f97cd0189fce82a77abbdcd49a52e57572",
+    "zh:0df88393271078533a217654b96f0672c60eb59570d72e6aefcb839eea87a7a0",
+    "zh:2883b335bb6044b0db6a00e602d6926c047c7f330294a73a90d089f98b24d084",
+    "zh:390158d928009a041b3a182bdd82376b50530805ae92be2b84ed7c3b0fa902a0",
+    "zh:7169b8f8df4b8e9659c49043848fd5f7f8473d0471f67815e8b04980f827f5ef",
+    "zh:9417ee1383b1edd137024882d7035be4dca51fb4f725ca00ed87729086ec1755",
+    "zh:a22910b5a29eeab5610350700b4899267c1b09b66cf21f7e4d06afc61d425800",
+    "zh:a6185c9cd7aa458cd81861058ba568b6411fbac344373a20155e20256f4a7557",
+    "zh:b6260ca9f034df1b47905b4e2a9c33b67dbf77224a694d5b10fb09ae92ffad4c",
+    "zh:d87c12a6a7768f2b6c2a59495c7dc00f9ecc52b1b868331d4c284f791e278a1e",
+  ]
+}

nomad/services.tf

@@ -10,14 +10,14 @@ module "blocky" {
   source = "./blocky"
 
   base_hostname = var.base_hostname
-  depends_on = [module.mysql-server, module.redis]
+  depends_on    = [module.mysql-server, module.redis]
 }
 
 module "traefik" {
   source = "./traefik"
 
   consul_address = var.consul_address
-  base_hostname = var.base_hostname
+  base_hostname  = var.base_hostname
 }
 
 module "metrics" {

nomad/traefik/.terraform.lock.hcl

@@ -0,0 +1,38 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hashicorp/consul" {
+  version = "2.15.0"
+  hashes = [
+    "h1:o+Su3YqeOkHgf86GEArIVDZfaZQphYFjAOwpi/b0bzs=",
+    "zh:0bd2a9873099d89bd52e9eee623dd20ccb275d1e2f750da229a53a4d5b23450c",
+    "zh:1c9f87d4d97b2c61d006c0bef159d61d2a661a103025f8276ebbeb000129f931",
+    "zh:25b73a34115255c464be10a53f2510c4a1db958a71be31974d30654d5472e624",
+    "zh:32fa31329731db2bf4b7d0f09096416ca146f05b58f4482bbd4ee0f28cefbbcc",
+    "zh:59136b73d3abe7cc5b06d9e12d123ad21298ca86ed49a4060a3cd7c2a28a74a1",
+    "zh:a191f3210773ca25c543a92f2d392b85e6a053d596293655b1f25b33eb843b4c",
+    "zh:b8b6033cf0687eadc1099f11d9fb2ca9429ff40c2d85bd6cb047c0f6bc5d5d8d",
+    "zh:bb7d67ed28aa9b28fc5154161af003383f940b2beda0d4577857cad700f39cd1",
+    "zh:be615288f59327b975532a1999deab60a022e6819fe80e5a32526155210ecbba",
+    "zh:de1e3d5c34eef87eb301e74717754babb6dc8e19e3a964919e1165c5a076a719",
+    "zh:eb8c61b20d8ce2bfff9f735ca8456a0d6368af13aa1f43866f61c70f88cc491c",
+  ]
+}
+
+provider "registry.terraform.io/hashicorp/nomad" {
+  version = "1.4.16"
+  hashes = [
+    "h1:tyfjD/maKzb0RxxD9KWgLnkJu9lnYziYsQgGw85Giz8=",
+    "zh:0d4fbb7030d9caac3b123e60afa44f50c83cc2a983e1866aec7f30414abe7b0e",
+    "zh:0db080228e07c72d6d8ca8c45249d6f97cd0189fce82a77abbdcd49a52e57572",
+    "zh:0df88393271078533a217654b96f0672c60eb59570d72e6aefcb839eea87a7a0",
+    "zh:2883b335bb6044b0db6a00e602d6926c047c7f330294a73a90d089f98b24d084",
+    "zh:390158d928009a041b3a182bdd82376b50530805ae92be2b84ed7c3b0fa902a0",
+    "zh:7169b8f8df4b8e9659c49043848fd5f7f8473d0471f67815e8b04980f827f5ef",
+    "zh:9417ee1383b1edd137024882d7035be4dca51fb4f725ca00ed87729086ec1755",
+    "zh:a22910b5a29eeab5610350700b4899267c1b09b66cf21f7e4d06afc61d425800",
+    "zh:a6185c9cd7aa458cd81861058ba568b6411fbac344373a20155e20256f4a7557",
+    "zh:b6260ca9f034df1b47905b4e2a9c33b67dbf77224a694d5b10fb09ae92ffad4c",
+    "zh:d87c12a6a7768f2b6c2a59495c7dc00f9ecc52b1b868331d4c284f791e278a1e",
+  ]
+}

nomad/traefik/traefik.tf

@@ -1,11 +1,11 @@
 variable "base_hostname" {
-  type = string
+  type        = string
   description = "Base hostname to serve content from"
-  default = "dev.homelab"
+  default     = "dev.homelab"
 }
 
 variable "consul_address" {
-  type = string
+  type        = string
   description = "address of consul server for dynamic routes"
 }
 
@@ -21,10 +21,9 @@ resource "nomad_job" "traefik" {
     vars = {
       # "consul_address" = "${var.consul_address}",
       "consul_address" = "http://${data.consul_nodes.all-nodes.nodes[0].address}:8500",
-      "base_hostname" = "${var.base_hostname}",
+      "base_hostname"  = "${var.base_hostname}",
     }
   }
 
   jobspec = file("${path.module}/traefik.nomad")
 }
-

nomad/vars.tf

@@ -4,20 +4,20 @@ variable "consul_address" {
 }
 
 variable "base_hostname" {
-  type = string
+  type        = string
   description = "Base hostname to serve content from"
-  default = "dev.homelab"
+  default     = "dev.homelab"
 }
 
 variable "nomad_secret_id" {
-  type = string
+  type        = string
   description = "Secret ID for ACL bootstrapped Nomad"
-  sensitive = true
-  default = ""
+  sensitive   = true
+  default     = ""
 }
 
 variable "vault_token" {
-  type = string
+  type      = string
   sensitive = true
-  default = ""
+  default   = ""
 }