Commit Graph

185 Commits

Author SHA1 Message Date
5126f5f4d4 Go back to a single ingress node to simplify Traefik TLS
The open source version of Traefik doesn't natively support HA. Running
multiple instances means that the TLS certificates will have to be
managed outside of Traefik and distributed to running jobs via Vault and
Nomad. This is doable, but I've decided to reduce the scope for now to
simplify things and go to a single Ingress node so that Traefik cert
management can be used.
2022-07-21 15:50:13 -07:00
c58056d594 More nextcloud config using Vault 2022-07-08 16:26:26 -07:00
02b448e363 Create levant tf module
Also a template service Nomad job that can be used for some straighforward services
2022-07-08 16:24:03 -07:00
11f5c10f83 Ignore ansible_collections 2022-06-28 12:11:55 -07:00
b2b409a1fe Add example secrets 2022-06-28 12:11:24 -07:00
65ce1b55f0 Fix secrets access from nomad tasks
Probably can be cleaned up and updated to follow least access
2022-06-28 12:11:07 -07:00
c0215bf153 Improve vault bootstrap and nomad connection 2022-06-28 12:10:18 -07:00
bf1ac31cdf Bootstrap vault secrets 2022-06-28 12:09:57 -07:00
41343a6d2c Small improvement to consul kv role 2022-06-28 12:08:23 -07:00
ce09177479 Add missing role requirements file
This uses updated fork of ansible-consul
2022-06-23 20:13:17 -07:00
13e9eac407 Deploy traefik one at a time with autorevert 2022-06-23 20:12:30 -07:00
d40d585358 Install consul dns forwarding 2022-06-23 20:12:09 -07:00
0bfdddf3ee Install consul from repo 2022-06-23 20:11:48 -07:00
617d4ae676 Make blocky config a bit more stable by removing templating based on whami 2022-06-23 20:11:28 -07:00
3d6b405ab6 Fix blocky upstream tcp for quad9 2022-06-23 20:11:09 -07:00
2f4d90abdc Auto revert broken blocky
Also enable traefik
2022-06-23 20:10:36 -07:00
ffdfdeadfb Add Consul lookup for ads dns allowlist 2022-06-23 13:36:06 -07:00
fc2db88276 Add some more upstream dns options
Should pick one later
2022-06-23 13:34:08 -07:00
eb066f5d98 Increase priority of Traefik 2022-06-23 09:51:42 -07:00
e5b61d5307 Update Nomad 2022-06-23 09:51:21 -07:00
6b14507ca6 Generate blocky host mapping from Consul kv 2022-06-23 09:51:09 -07:00
5d2301c791 Update blocky one instance at a time
Avoids dns going down with all instances updating at once
2022-06-23 09:50:23 -07:00
d7fa57864f Deploy backup jobs to all hosts and dynamically determine jobs per node 2022-06-23 09:49:57 -07:00
9ab300c225 Remove csi deployment 2022-06-23 09:49:03 -07:00
520d7c56b9 Move databases to a single module 2022-06-23 09:48:01 -07:00
a02f1a2317 Make traefik a system service
For this to work, will need to put TLS certs in Vault
2022-06-17 15:20:43 -07:00
ce18650e1f Add base hostname to consul in Playbook 2022-06-17 15:19:43 -07:00
16b9440e12 WIP: Add democratic-csi storage plugin 2022-06-17 15:19:19 -07:00
252c9b4111 Make nextcloud backup a non-sidecar task
Avoids restarting whole group when if it fails
2022-06-17 15:16:45 -07:00
8cd2abc6b8 Remove some unecessary traefik configs from tasks 2022-06-17 15:15:37 -07:00
049364df23 Make order of host configs match playbook order 2022-06-17 15:14:55 -07:00
c41babe346 Use new host name in terraform consul address 2022-05-24 20:11:57 -07:00
6cd7bae240 Use new token variable name after bootstrap 2022-05-24 20:11:41 -07:00
de4c96b104 Add autopilot 2022-05-24 20:11:18 -07:00
f50cb98d30 Add docker install 2022-05-24 20:11:07 -07:00
1995434140 Auto initialize vault 2022-05-24 20:10:47 -07:00
d6407d25a0 Wait until mysql is deployed before continuing
Otherwise dependent jobs will fail and take up time restarting
2022-05-24 20:10:26 -07:00
8eb7a58dfd Remove unused playbook 2022-05-24 20:09:45 -07:00
e677259a1d Switch to a 3 node cluster for better resiliance 2022-05-24 20:09:22 -07:00
1352eeb3e8 Fix venv detection for ansible cluster target
This fixes the installation of the consul python library
2022-05-24 20:07:52 -07:00
5f9a04fa5d Make redis optional for blocky to help with resliliance to a single host failing 2022-05-19 16:54:16 -07:00
38597a7eda Dynamically add dns routes to traefik instances to blocky 2022-05-19 16:53:56 -07:00
719c1b62d1 Add dedicated backup module and jobs
Possible alternative to backups deployed with each job
2022-05-18 14:23:46 -07:00
fb9e9017ff Fix prom scraping 2022-05-18 14:22:52 -07:00
8d3d0d0224 Add smarttv block list to default on blocky 2022-05-18 14:22:35 -07:00
f0eacea11f Default nomad cluster to ansible 2022-05-18 14:22:21 -07:00
1b8c2d6bcf nomad: Run block on all hosts 2022-05-18 11:29:00 -07:00
0a003c39b1 WIP: Vault db 2022-05-12 19:27:52 -07:00
b13c5a1388 Bind mysql to loopback 2022-05-09 21:45:08 -07:00
3b8f9734ac Add prom ports to nextcloud backup 2022-05-09 21:44:26 -07:00
2ed2079b45 Use consul http port in traefik 2022-04-15 12:25:15 -07:00
ba1b5166b9 Build traefik static config better when services aren't found 2022-04-15 12:13:00 -07:00
630a85a2f2 no log for some more sensitive info 2022-04-15 12:12:28 -07:00
420e67b68b WIP nomad vault db integration 2022-04-15 12:12:15 -07:00
af743820ec Add nextcloud backup job 2022-04-15 12:11:41 -07:00
f1316367de Lint, format, lock 2022-04-13 14:02:42 -07:00
9e97cd5d49 remove useless blank line 2022-04-05 09:44:40 -07:00
96ca3270fa Create a lot more host volumes
Some are NFS volumes and present on all devices
2022-04-04 22:20:19 -07:00
428306cdb2 Fix nomad vault policies 2022-04-04 22:19:32 -07:00
f1c7e57682 Add Nomad ACL bootstrap 2022-03-23 16:08:18 -07:00
970a9f740e Update bootstrap for acls 2022-03-21 20:13:13 -07:00
3ce91f2d0b Add additional block lists to blocky 2022-03-21 20:12:47 -07:00
05c0afa6fa Add ignore 2022-03-16 09:50:55 -07:00
c67ca9822c Maybe dynamic nomad? 2022-03-15 12:23:47 -07:00
edec1d992a Remove web and metrics entrypoints from services 2022-03-15 12:23:47 -07:00
968b7ddb72 Add vault setup: Not secured 2022-03-15 12:23:47 -07:00
b8fc4016cb Fix mysql intents 2022-03-14 16:56:44 -07:00
30bb579811 Change default bind address to loopback 2022-03-14 15:59:50 -07:00
f5da89c55e Add intents 2022-03-14 15:59:50 -07:00
28c919e5b0 Simplify proxy routing 2022-03-14 15:59:50 -07:00
6a7bfb3fc6 Add redis and prometheus support to blocky 2022-03-14 15:59:50 -07:00
98510a422d Make hostname and consul discovery a bit more dynamic 2022-03-13 10:14:50 -07:00
8efadf3d43 Be a bit more dynamic with host names 2022-03-13 10:13:19 -07:00
b2c03f1e60 Update hosts improve bootstrap and move a few things around 2022-03-12 10:08:05 -08:00
de2729c239 Make nextcloud bootstrap a prestart task 2022-03-11 19:30:25 -08:00
cacabec505 Lots of Nomad updates to support metrics 2022-03-03 09:47:07 -08:00
6110e78edf Add blocky dns 2022-02-28 12:07:34 -08:00
449a5061bc Pass base hostname through modules 2022-02-28 12:07:25 -08:00
4df773f5d7 Move jobs to modules 2022-02-27 15:22:09 -08:00
8bc0c53d83 Move roles back 2022-02-27 15:21:15 -08:00
eb3599e373 Move ansible roles 2022-02-27 14:54:38 -08:00
040b45eab0 Update ansible to deploy nomad and consul to Pi host
This is broken because the Pi doesn't have the right version of ip-tables
2022-02-27 14:54:25 -08:00
daa5a14f4e Add nextcloud 2022-02-17 14:03:50 -08:00
9f49777f1b Update host networks and proxy mapping 2022-02-17 14:03:42 -08:00
87dfd449c4 Add some basic Nomad and k8s tests 2022-02-16 09:56:18 -08:00