Commit Graph

175 Commits

Author SHA1 Message Date
cfc0a45440 Update security todos and reference node IP for consul queries 2022-09-06 14:46:49 -07:00
a57b1ddee5 Move redis data to ephemeral disk 2022-09-06 11:31:15 -07:00
0e5181fcf0 Move prometheus tsdb data to emphemeral disk 2022-09-06 11:15:14 -07:00
fa5f9e28e6 Move acme certs to /local so they will persit between allocs 2022-09-06 09:45:04 -07:00
722b63260c Add splay to blocky template render
Avoid all instances going down at once when the template canges
2022-09-05 12:57:13 -07:00
67df912755 Fix syslog proxy
Apparently traefik only supports http proxy over connect.

https://github.com/traefik/traefik/issues/7803
2022-09-04 20:21:02 -07:00
d62c96fe34 Use nomad as sole metrics exporter
Drops cadvisor and node_exporter since Nomad seems to export what I need.
2022-09-04 14:32:24 -07:00
d5cbe7174e Remove default volume read_only
It was always setting to true
2022-09-04 14:27:28 -07:00
c2c3d1abc7 Update nfs volumes to try and fix permissions 2022-09-04 14:27:27 -07:00
8ce4e3ff14 Try to use default netowrk source for proxing syslogng 2022-09-04 14:27:27 -07:00
a36f411c1b Add Traefik proxy for Syslogng 2022-09-04 14:27:07 -07:00
444782a0a6 Use default arch maps where possible 2022-08-30 16:15:12 -07:00
92a60cbe3b Update services template to support env and host volumes
Also adds sonarr as an example
2022-08-30 15:16:08 -07:00
9c07141dd1 Use nomad token to look up policies 2022-08-30 15:15:29 -07:00
1c57d9f7f6 Have nomad talk to vault over loopback 2022-08-30 15:15:10 -07:00
0ef488b06a Add new nfs volumes 2022-08-30 15:14:55 -07:00
6fe1d472d0 Multiarch install tweaks for arm64 2022-08-30 15:14:39 -07:00
c073f78ed2 Fix unsealing of single vault instance
Checking status of only one node meant that if that node was sealed
we would not try to unseal other nodes
2022-08-30 15:14:00 -07:00
5214d8275a Enable consul autopilot 2022-08-30 15:12:52 -07:00
89598ffb7c Update nomad, consul, vault versions 2022-08-30 15:12:35 -07:00
89e14dbf56 Use newer cadvisor 2022-08-30 15:11:52 -07:00
2a54b5454d Use updated ansible-nomad role
Has better support for multi-arch installs and fixes cni
2022-08-30 15:10:16 -07:00
520986d30c Add pi4 host 2022-08-30 15:09:48 -07:00
9aad3d1594 Rename nomad anon policy file 2022-08-23 10:31:29 -07:00
39107538e9 WIP: Allow specifying https endpoints and fetching nomad token 2022-08-23 09:57:57 -07:00
1c38aa212e Add mysql database storage to Grafana 2022-07-29 13:02:22 -07:00
0d61ebc877 Add Nomad dashboard to grafana 2022-07-29 13:01:59 -07:00
846ea18a16 Don't deploy Nextcloud 2022-07-29 13:01:40 -07:00
6d31c4e6d6 Stop duplicate nomad scraping
Already getting it from Client service
2022-07-29 13:01:22 -07:00
9d57175584 Increase promtail memory 2022-07-28 16:37:19 -07:00
3c0c74797d Make traefik a service rather than a system job
Sets it up to support auto_revert and auto_promote
2022-07-28 15:11:59 -07:00
4b6c388ed9 Traefik wildcard certs 2022-07-28 15:11:24 -07:00
6ccc5a6bcf Remove variable for consul_address for traefik
Now getting from Noamd environment
2022-07-28 15:10:39 -07:00
48d5704b72 Make lldap backup daily 2022-07-28 15:05:00 -07:00
62f59b3929 conditional dns lookups for router assigned domains 2022-07-27 22:04:46 -07:00
c074df4bc7 Working backup and restore 2022-07-27 22:04:22 -07:00
d175166045 Make traefik disk ephemeral and sticky 2022-07-27 17:30:35 -07:00
c8493b1fc5 Bump Traefik mem limit
We don't like this crashing
2022-07-27 17:26:13 -07:00
a3f59145bd Skip dump of lldap db 2022-07-27 17:25:41 -07:00
9a315eb2f7 Add lldap backup and templatize backup job
Now oneoff and system jobs are all using the same template
2022-07-27 17:02:29 -07:00
6e074c55aa Increase prometheus memory limit 2022-07-27 16:11:56 -07:00
ecaee6f8be Add lldap 2022-07-27 15:57:28 -07:00
4213b322c1 Remove set hostname because that's now done in bootstrap 2022-07-27 15:57:12 -07:00
1dd131ba9a Extend ttl for nomad tokens 2022-07-27 15:56:40 -07:00
bc040b4668 Add ddclient 2022-07-27 14:45:08 -07:00
9664802fb6 Clean up services template whitespace 2022-07-27 14:41:42 -07:00
547cd96e4c Add vault stanza to levant services 2022-07-27 14:41:13 -07:00
e39fbc41a7 Add further todos for Nomad Vault 2022-07-27 13:40:21 -07:00
25ec582eaf Update Nomad and Vault ACLs
Now nomad is read only and tokens can be retrieved from Vault
2022-07-27 13:13:11 -07:00
92a30e6709 Reduce memory for blocky sidecar 2022-07-27 11:22:02 -07:00