IamTheFij
fd4ec07965
Update Consul ACL backend
2022-07-27 13:39:19 -07:00
IamTheFij
ce2d2bb6cd
WIP: Begin config to bootstrap ACLs
...
Following guide here: https://learn.hashicorp.com/tutorials/consul/vault-consul-secrets?in=consul/vault-secure
Unsure of how this will actually authenticate though.
2022-07-27 13:13:22 -07:00
IamTheFij
25ec582eaf
Update Nomad and Vault ACLs
...
Now nomad is read only and tokens can be retrieved from Vault
2022-07-27 13:13:11 -07:00
IamTheFij
92a30e6709
Reduce memory for blocky sidecar
2022-07-27 11:22:02 -07:00
IamTheFij
fb934f3b2f
Hide blocky API from non-traefik route
2022-07-27 11:21:11 -07:00
IamTheFij
fe11b03a43
Get letsencrypt certs working with Traefik
2022-07-27 11:12:08 -07:00
IamTheFij
85fccea867
Fix consul value bootstrap and hide secrets in log
2022-07-27 11:11:03 -07:00
IamTheFij
d70dce8ab5
Add basic auth to traefik
2022-07-26 21:48:16 -07:00
IamTheFij
963a863e2d
Make anonymous nomad read only
2022-07-26 20:20:43 -07:00
IamTheFij
3033c581f3
Add userpass login to Vault
2022-07-26 20:09:52 -07:00
IamTheFij
b4bb0f866e
Make metrics more readable
2022-07-25 21:45:01 -07:00
IamTheFij
4508993068
Reduce task memory
2022-07-25 16:37:51 -07:00
IamTheFij
4ea7947b1a
Fix mysql
2022-07-25 16:29:43 -07:00
IamTheFij
465c2d9c29
WIP: Update oneoff backups
2022-07-25 16:29:35 -07:00
IamTheFij
ee45e92534
Fix consul backup
2022-07-25 16:29:06 -07:00
IamTheFij
3ec1d008e8
Move traefik connect intents to core
2022-07-25 15:54:23 -07:00
IamTheFij
04bdef01b8
Allow bypass of healthcheck
2022-07-25 15:52:47 -07:00
IamTheFij
157005ae7b
Get mysql root from vault
2022-07-25 15:52:47 -07:00
IamTheFij
4a06f31f49
Tweak memory requirements for tasks
2022-07-25 15:52:47 -07:00
IamTheFij
9d4cd68648
Add test consul backup
2022-07-25 15:52:47 -07:00
IamTheFij
18807de608
Clean up Grafana and Loki bootstraps
2022-07-25 15:52:47 -07:00
IamTheFij
de82205147
Remove packer stuff
2022-07-25 15:49:07 -07:00
IamTheFij
96263d1e99
Update lockfile
2022-07-25 15:40:54 -07:00
IamTheFij
9bb8b39fed
Add new playbook and make target for bootstrapping values to Consul and Vault
2022-07-25 15:40:22 -07:00
IamTheFij
888b1236f1
Update playbook, move acls and comment for fixes
...
There are some items that I found are broken on first run and made some changes
2022-07-25 11:48:03 -07:00
IamTheFij
a0aba7f2f0
Make acls module stand alone
2022-07-25 11:48:03 -07:00
IamTheFij
fed875f852
Shorten pip installs
2022-07-25 11:48:03 -07:00
IamTheFij
068da0d539
Add vault kv creation
2022-07-25 11:14:51 -07:00
IamTheFij
464cdf7010
Add loki, promtail, and syslog-ng
2022-07-25 10:46:16 -07:00
IamTheFij
391ad8dee6
Add sticky disk to service template
2022-07-25 10:44:37 -07:00
IamTheFij
d386a839c4
Promethus: Use env for consul address rather than variable
2022-07-25 10:38:48 -07:00
IamTheFij
af4324db6f
Move core services to new tf file
...
Precursor to moving to a module so it can be applied separately
2022-07-25 10:37:32 -07:00
IamTheFij
a7e276c637
WIP: Write a consul backup job
2022-07-21 20:24:50 -07:00
IamTheFij
842e656342
Add consul bootstrap and move vault to an example
2022-07-21 20:16:10 -07:00
IamTheFij
47a74b6166
Fix consul address in levant
2022-07-21 20:11:21 -07:00
IamTheFij
16813e8cb7
Deploy Nomad, Consul, and Vault using apt repo
2022-07-21 19:04:44 -07:00
IamTheFij
60dd856666
Use vault for backups jobs
2022-07-21 19:03:40 -07:00
IamTheFij
24d66bdef3
Add detect-secrets (there are a lot of false positives right now)
2022-07-21 19:01:39 -07:00
IamTheFij
1b88593f88
Major grafana refactor to include automatic loading of provisioning files
2022-07-21 15:54:05 -07:00
IamTheFij
5126f5f4d4
Go back to a single ingress node to simplify Traefik TLS
...
The open source version of Traefik doesn't natively support HA. Running
multiple instances means that the TLS certificates will have to be
managed outside of Traefik and distributed to running jobs via Vault and
Nomad. This is doable, but I've decided to reduce the scope for now to
simplify things and go to a single Ingress node so that Traefik cert
management can be used.
2022-07-21 15:50:13 -07:00
IamTheFij
c58056d594
More nextcloud config using Vault
2022-07-08 16:26:26 -07:00
IamTheFij
02b448e363
Create levant tf module
...
Also a template service Nomad job that can be used for some straighforward services
2022-07-08 16:24:03 -07:00
IamTheFij
11f5c10f83
Ignore ansible_collections
2022-06-28 12:11:55 -07:00
IamTheFij
b2b409a1fe
Add example secrets
2022-06-28 12:11:24 -07:00
IamTheFij
65ce1b55f0
Fix secrets access from nomad tasks
...
Probably can be cleaned up and updated to follow least access
2022-06-28 12:11:07 -07:00
IamTheFij
c0215bf153
Improve vault bootstrap and nomad connection
2022-06-28 12:10:18 -07:00
IamTheFij
bf1ac31cdf
Bootstrap vault secrets
2022-06-28 12:09:57 -07:00
IamTheFij
41343a6d2c
Small improvement to consul kv role
2022-06-28 12:08:23 -07:00
IamTheFij
ce09177479
Add missing role requirements file
...
This uses updated fork of ansible-consul
2022-06-23 20:13:17 -07:00
IamTheFij
13e9eac407
Deploy traefik one at a time with autorevert
2022-06-23 20:12:30 -07:00