9bb8b39fed
Add new playbook and make target for bootstrapping values to Consul and Vault
2022-07-25 15:40:22 -07:00
888b1236f1
Update playbook, move acls and comment for fixes
...
There are some items that I found are broken on first run and made some changes
2022-07-25 11:48:03 -07:00
a0aba7f2f0
Make acls module stand alone
2022-07-25 11:48:03 -07:00
fed875f852
Shorten pip installs
2022-07-25 11:48:03 -07:00
068da0d539
Add vault kv creation
2022-07-25 11:14:51 -07:00
464cdf7010
Add loki, promtail, and syslog-ng
2022-07-25 10:46:16 -07:00
391ad8dee6
Add sticky disk to service template
2022-07-25 10:44:37 -07:00
d386a839c4
Promethus: Use env for consul address rather than variable
2022-07-25 10:38:48 -07:00
af4324db6f
Move core services to new tf file
...
Precursor to moving to a module so it can be applied separately
2022-07-25 10:37:32 -07:00
a7e276c637
WIP: Write a consul backup job
2022-07-21 20:24:50 -07:00
842e656342
Add consul bootstrap and move vault to an example
2022-07-21 20:16:10 -07:00
47a74b6166
Fix consul address in levant
2022-07-21 20:11:21 -07:00
16813e8cb7
Deploy Nomad, Consul, and Vault using apt repo
2022-07-21 19:04:44 -07:00
60dd856666
Use vault for backups jobs
2022-07-21 19:03:40 -07:00
1b88593f88
Major grafana refactor to include automatic loading of provisioning files
2022-07-21 15:54:05 -07:00
5126f5f4d4
Go back to a single ingress node to simplify Traefik TLS
...
The open source version of Traefik doesn't natively support HA. Running
multiple instances means that the TLS certificates will have to be
managed outside of Traefik and distributed to running jobs via Vault and
Nomad. This is doable, but I've decided to reduce the scope for now to
simplify things and go to a single Ingress node so that Traefik cert
management can be used.
2022-07-21 15:50:13 -07:00
c58056d594
More nextcloud config using Vault
2022-07-08 16:26:26 -07:00
02b448e363
Create levant tf module
...
Also a template service Nomad job that can be used for some straighforward services
2022-07-08 16:24:03 -07:00
11f5c10f83
Ignore ansible_collections
2022-06-28 12:11:55 -07:00
b2b409a1fe
Add example secrets
2022-06-28 12:11:24 -07:00
65ce1b55f0
Fix secrets access from nomad tasks
...
Probably can be cleaned up and updated to follow least access
2022-06-28 12:11:07 -07:00
c0215bf153
Improve vault bootstrap and nomad connection
2022-06-28 12:10:18 -07:00
bf1ac31cdf
Bootstrap vault secrets
2022-06-28 12:09:57 -07:00
41343a6d2c
Small improvement to consul kv role
2022-06-28 12:08:23 -07:00
ce09177479
Add missing role requirements file
...
This uses updated fork of ansible-consul
2022-06-23 20:13:17 -07:00
13e9eac407
Deploy traefik one at a time with autorevert
2022-06-23 20:12:30 -07:00
d40d585358
Install consul dns forwarding
2022-06-23 20:12:09 -07:00
0bfdddf3ee
Install consul from repo
2022-06-23 20:11:48 -07:00
617d4ae676
Make blocky config a bit more stable by removing templating based on whami
2022-06-23 20:11:28 -07:00
3d6b405ab6
Fix blocky upstream tcp for quad9
2022-06-23 20:11:09 -07:00
2f4d90abdc
Auto revert broken blocky
...
Also enable traefik
2022-06-23 20:10:36 -07:00
ffdfdeadfb
Add Consul lookup for ads dns allowlist
2022-06-23 13:36:06 -07:00
fc2db88276
Add some more upstream dns options
...
Should pick one later
2022-06-23 13:34:08 -07:00
eb066f5d98
Increase priority of Traefik
2022-06-23 09:51:42 -07:00
e5b61d5307
Update Nomad
2022-06-23 09:51:21 -07:00
6b14507ca6
Generate blocky host mapping from Consul kv
2022-06-23 09:51:09 -07:00
5d2301c791
Update blocky one instance at a time
...
Avoids dns going down with all instances updating at once
2022-06-23 09:50:23 -07:00
d7fa57864f
Deploy backup jobs to all hosts and dynamically determine jobs per node
2022-06-23 09:49:57 -07:00
9ab300c225
Remove csi deployment
2022-06-23 09:49:03 -07:00
520d7c56b9
Move databases to a single module
2022-06-23 09:48:01 -07:00
a02f1a2317
Make traefik a system service
...
For this to work, will need to put TLS certs in Vault
2022-06-17 15:20:43 -07:00
ce18650e1f
Add base hostname to consul in Playbook
2022-06-17 15:19:43 -07:00
16b9440e12
WIP: Add democratic-csi storage plugin
2022-06-17 15:19:19 -07:00
252c9b4111
Make nextcloud backup a non-sidecar task
...
Avoids restarting whole group when if it fails
2022-06-17 15:16:45 -07:00
8cd2abc6b8
Remove some unecessary traefik configs from tasks
2022-06-17 15:15:37 -07:00
049364df23
Make order of host configs match playbook order
2022-06-17 15:14:55 -07:00
c41babe346
Use new host name in terraform consul address
2022-05-24 20:11:57 -07:00
6cd7bae240
Use new token variable name after bootstrap
2022-05-24 20:11:41 -07:00
de4c96b104
Add autopilot
2022-05-24 20:11:18 -07:00
f50cb98d30
Add docker install
2022-05-24 20:11:07 -07:00
1995434140
Auto initialize vault
2022-05-24 20:10:47 -07:00
d6407d25a0
Wait until mysql is deployed before continuing
...
Otherwise dependent jobs will fail and take up time restarting
2022-05-24 20:10:26 -07:00
8eb7a58dfd
Remove unused playbook
2022-05-24 20:09:45 -07:00
e677259a1d
Switch to a 3 node cluster for better resiliance
2022-05-24 20:09:22 -07:00
1352eeb3e8
Fix venv detection for ansible cluster target
...
This fixes the installation of the consul python library
2022-05-24 20:07:52 -07:00
5f9a04fa5d
Make redis optional for blocky to help with resliliance to a single host failing
2022-05-19 16:54:16 -07:00
38597a7eda
Dynamically add dns routes to traefik instances to blocky
2022-05-19 16:53:56 -07:00
719c1b62d1
Add dedicated backup module and jobs
...
Possible alternative to backups deployed with each job
2022-05-18 14:23:46 -07:00
fb9e9017ff
Fix prom scraping
2022-05-18 14:22:52 -07:00
8d3d0d0224
Add smarttv block list to default on blocky
2022-05-18 14:22:35 -07:00
f0eacea11f
Default nomad cluster to ansible
2022-05-18 14:22:21 -07:00
1b8c2d6bcf
nomad: Run block on all hosts
2022-05-18 11:29:00 -07:00
0a003c39b1
WIP: Vault db
2022-05-12 19:27:52 -07:00
b13c5a1388
Bind mysql to loopback
2022-05-09 21:45:08 -07:00
3b8f9734ac
Add prom ports to nextcloud backup
2022-05-09 21:44:26 -07:00
2ed2079b45
Use consul http port in traefik
2022-04-15 12:25:15 -07:00
ba1b5166b9
Build traefik static config better when services aren't found
2022-04-15 12:13:00 -07:00
630a85a2f2
no log for some more sensitive info
2022-04-15 12:12:28 -07:00
420e67b68b
WIP nomad vault db integration
2022-04-15 12:12:15 -07:00
af743820ec
Add nextcloud backup job
2022-04-15 12:11:41 -07:00
f1316367de
Lint, format, lock
2022-04-13 14:02:42 -07:00
9e97cd5d49
remove useless blank line
2022-04-05 09:44:40 -07:00
96ca3270fa
Create a lot more host volumes
...
Some are NFS volumes and present on all devices
2022-04-04 22:20:19 -07:00
428306cdb2
Fix nomad vault policies
2022-04-04 22:19:32 -07:00
f1c7e57682
Add Nomad ACL bootstrap
2022-03-23 16:08:18 -07:00
970a9f740e
Update bootstrap for acls
2022-03-21 20:13:13 -07:00
3ce91f2d0b
Add additional block lists to blocky
2022-03-21 20:12:47 -07:00
05c0afa6fa
Add ignore
2022-03-16 09:50:55 -07:00
c67ca9822c
Maybe dynamic nomad?
2022-03-15 12:23:47 -07:00
edec1d992a
Remove web and metrics entrypoints from services
2022-03-15 12:23:47 -07:00
968b7ddb72
Add vault setup: Not secured
2022-03-15 12:23:47 -07:00
b8fc4016cb
Fix mysql intents
2022-03-14 16:56:44 -07:00
30bb579811
Change default bind address to loopback
2022-03-14 15:59:50 -07:00
f5da89c55e
Add intents
2022-03-14 15:59:50 -07:00
28c919e5b0
Simplify proxy routing
2022-03-14 15:59:50 -07:00
6a7bfb3fc6
Add redis and prometheus support to blocky
2022-03-14 15:59:50 -07:00
98510a422d
Make hostname and consul discovery a bit more dynamic
2022-03-13 10:14:50 -07:00
8efadf3d43
Be a bit more dynamic with host names
2022-03-13 10:13:19 -07:00
b2c03f1e60
Update hosts improve bootstrap and move a few things around
2022-03-12 10:08:05 -08:00
de2729c239
Make nextcloud bootstrap a prestart task
2022-03-11 19:30:25 -08:00
cacabec505
Lots of Nomad updates to support metrics
2022-03-03 09:47:07 -08:00
6110e78edf
Add blocky dns
2022-02-28 12:07:34 -08:00
449a5061bc
Pass base hostname through modules
2022-02-28 12:07:25 -08:00
4df773f5d7
Move jobs to modules
2022-02-27 15:22:09 -08:00
8bc0c53d83
Move roles back
2022-02-27 15:21:15 -08:00
eb3599e373
Move ansible roles
2022-02-27 14:54:38 -08:00
040b45eab0
Update ansible to deploy nomad and consul to Pi host
...
This is broken because the Pi doesn't have the right version of ip-tables
2022-02-27 14:54:25 -08:00
daa5a14f4e
Add nextcloud
2022-02-17 14:03:50 -08:00
9f49777f1b
Update host networks and proxy mapping
2022-02-17 14:03:42 -08:00
87dfd449c4
Add some basic Nomad and k8s tests
2022-02-16 09:56:18 -08:00