Commit Graph

130 Commits

Author SHA1 Message Date
65ce1b55f0 Fix secrets access from nomad tasks
Probably can be cleaned up and updated to follow least access
2022-06-28 12:11:07 -07:00
c0215bf153 Improve vault bootstrap and nomad connection 2022-06-28 12:10:18 -07:00
bf1ac31cdf Bootstrap vault secrets 2022-06-28 12:09:57 -07:00
41343a6d2c Small improvement to consul kv role 2022-06-28 12:08:23 -07:00
ce09177479 Add missing role requirements file
This uses updated fork of ansible-consul
2022-06-23 20:13:17 -07:00
13e9eac407 Deploy traefik one at a time with autorevert 2022-06-23 20:12:30 -07:00
d40d585358 Install consul dns forwarding 2022-06-23 20:12:09 -07:00
0bfdddf3ee Install consul from repo 2022-06-23 20:11:48 -07:00
617d4ae676 Make blocky config a bit more stable by removing templating based on whami 2022-06-23 20:11:28 -07:00
3d6b405ab6 Fix blocky upstream tcp for quad9 2022-06-23 20:11:09 -07:00
2f4d90abdc Auto revert broken blocky
Also enable traefik
2022-06-23 20:10:36 -07:00
ffdfdeadfb Add Consul lookup for ads dns allowlist 2022-06-23 13:36:06 -07:00
fc2db88276 Add some more upstream dns options
Should pick one later
2022-06-23 13:34:08 -07:00
eb066f5d98 Increase priority of Traefik 2022-06-23 09:51:42 -07:00
e5b61d5307 Update Nomad 2022-06-23 09:51:21 -07:00
6b14507ca6 Generate blocky host mapping from Consul kv 2022-06-23 09:51:09 -07:00
5d2301c791 Update blocky one instance at a time
Avoids dns going down with all instances updating at once
2022-06-23 09:50:23 -07:00
d7fa57864f Deploy backup jobs to all hosts and dynamically determine jobs per node 2022-06-23 09:49:57 -07:00
9ab300c225 Remove csi deployment 2022-06-23 09:49:03 -07:00
520d7c56b9 Move databases to a single module 2022-06-23 09:48:01 -07:00
a02f1a2317 Make traefik a system service
For this to work, will need to put TLS certs in Vault
2022-06-17 15:20:43 -07:00
ce18650e1f Add base hostname to consul in Playbook 2022-06-17 15:19:43 -07:00
16b9440e12 WIP: Add democratic-csi storage plugin 2022-06-17 15:19:19 -07:00
252c9b4111 Make nextcloud backup a non-sidecar task
Avoids restarting whole group when if it fails
2022-06-17 15:16:45 -07:00
8cd2abc6b8 Remove some unecessary traefik configs from tasks 2022-06-17 15:15:37 -07:00
049364df23 Make order of host configs match playbook order 2022-06-17 15:14:55 -07:00
c41babe346 Use new host name in terraform consul address 2022-05-24 20:11:57 -07:00
6cd7bae240 Use new token variable name after bootstrap 2022-05-24 20:11:41 -07:00
de4c96b104 Add autopilot 2022-05-24 20:11:18 -07:00
f50cb98d30 Add docker install 2022-05-24 20:11:07 -07:00
1995434140 Auto initialize vault 2022-05-24 20:10:47 -07:00
d6407d25a0 Wait until mysql is deployed before continuing
Otherwise dependent jobs will fail and take up time restarting
2022-05-24 20:10:26 -07:00
8eb7a58dfd Remove unused playbook 2022-05-24 20:09:45 -07:00
e677259a1d Switch to a 3 node cluster for better resiliance 2022-05-24 20:09:22 -07:00
1352eeb3e8 Fix venv detection for ansible cluster target
This fixes the installation of the consul python library
2022-05-24 20:07:52 -07:00
5f9a04fa5d Make redis optional for blocky to help with resliliance to a single host failing 2022-05-19 16:54:16 -07:00
38597a7eda Dynamically add dns routes to traefik instances to blocky 2022-05-19 16:53:56 -07:00
719c1b62d1 Add dedicated backup module and jobs
Possible alternative to backups deployed with each job
2022-05-18 14:23:46 -07:00
fb9e9017ff Fix prom scraping 2022-05-18 14:22:52 -07:00
8d3d0d0224 Add smarttv block list to default on blocky 2022-05-18 14:22:35 -07:00
f0eacea11f Default nomad cluster to ansible 2022-05-18 14:22:21 -07:00
1b8c2d6bcf nomad: Run block on all hosts 2022-05-18 11:29:00 -07:00
0a003c39b1 WIP: Vault db 2022-05-12 19:27:52 -07:00
b13c5a1388 Bind mysql to loopback 2022-05-09 21:45:08 -07:00
3b8f9734ac Add prom ports to nextcloud backup 2022-05-09 21:44:26 -07:00
2ed2079b45 Use consul http port in traefik 2022-04-15 12:25:15 -07:00
ba1b5166b9 Build traefik static config better when services aren't found 2022-04-15 12:13:00 -07:00
630a85a2f2 no log for some more sensitive info 2022-04-15 12:12:28 -07:00
420e67b68b WIP nomad vault db integration 2022-04-15 12:12:15 -07:00
af743820ec Add nextcloud backup job 2022-04-15 12:11:41 -07:00
f1316367de Lint, format, lock 2022-04-13 14:02:42 -07:00
9e97cd5d49 remove useless blank line 2022-04-05 09:44:40 -07:00
96ca3270fa Create a lot more host volumes
Some are NFS volumes and present on all devices
2022-04-04 22:20:19 -07:00
428306cdb2 Fix nomad vault policies 2022-04-04 22:19:32 -07:00
f1c7e57682 Add Nomad ACL bootstrap 2022-03-23 16:08:18 -07:00
970a9f740e Update bootstrap for acls 2022-03-21 20:13:13 -07:00
3ce91f2d0b Add additional block lists to blocky 2022-03-21 20:12:47 -07:00
05c0afa6fa Add ignore 2022-03-16 09:50:55 -07:00
c67ca9822c Maybe dynamic nomad? 2022-03-15 12:23:47 -07:00
edec1d992a Remove web and metrics entrypoints from services 2022-03-15 12:23:47 -07:00
968b7ddb72 Add vault setup: Not secured 2022-03-15 12:23:47 -07:00
b8fc4016cb Fix mysql intents 2022-03-14 16:56:44 -07:00
30bb579811 Change default bind address to loopback 2022-03-14 15:59:50 -07:00
f5da89c55e Add intents 2022-03-14 15:59:50 -07:00
28c919e5b0 Simplify proxy routing 2022-03-14 15:59:50 -07:00
6a7bfb3fc6 Add redis and prometheus support to blocky 2022-03-14 15:59:50 -07:00
98510a422d Make hostname and consul discovery a bit more dynamic 2022-03-13 10:14:50 -07:00
8efadf3d43 Be a bit more dynamic with host names 2022-03-13 10:13:19 -07:00
b2c03f1e60 Update hosts improve bootstrap and move a few things around 2022-03-12 10:08:05 -08:00
de2729c239 Make nextcloud bootstrap a prestart task 2022-03-11 19:30:25 -08:00
cacabec505 Lots of Nomad updates to support metrics 2022-03-03 09:47:07 -08:00
6110e78edf Add blocky dns 2022-02-28 12:07:34 -08:00
449a5061bc Pass base hostname through modules 2022-02-28 12:07:25 -08:00
4df773f5d7 Move jobs to modules 2022-02-27 15:22:09 -08:00
8bc0c53d83 Move roles back 2022-02-27 15:21:15 -08:00
eb3599e373 Move ansible roles 2022-02-27 14:54:38 -08:00
040b45eab0 Update ansible to deploy nomad and consul to Pi host
This is broken because the Pi doesn't have the right version of ip-tables
2022-02-27 14:54:25 -08:00
daa5a14f4e Add nextcloud 2022-02-17 14:03:50 -08:00
9f49777f1b Update host networks and proxy mapping 2022-02-17 14:03:42 -08:00
87dfd449c4 Add some basic Nomad and k8s tests 2022-02-16 09:56:18 -08:00