From 021d22048da3362c01a9469a9c03af5c39f8b368 Mon Sep 17 00:00:00 2001 From: Adrian Cowan Date: Sun, 18 May 2025 21:12:14 +1000 Subject: [PATCH] Cleanup terraform files by moving core infra into it's own file --- 2-nomad-config/1-infra.tf | 83 +++++++++++++++++++ 2-nomad-config/{services.tf => 2-services.tf} | 77 +---------------- 2 files changed, 84 insertions(+), 76 deletions(-) create mode 100644 2-nomad-config/1-infra.tf rename 2-nomad-config/{services.tf => 2-services.tf} (50%) diff --git a/2-nomad-config/1-infra.tf b/2-nomad-config/1-infra.tf new file mode 100644 index 0000000..66dd031 --- /dev/null +++ b/2-nomad-config/1-infra.tf @@ -0,0 +1,83 @@ +provider "nomad" { + # For some reason nomad is binding to the tailscale IP but not the (local) IP that we get for the same hostname + address = "http://jaglan-beta-m01:4646" +} + +terraform { + backend "local" { + path = "./.tfstate/terraform.tfstate" + } +} + +terraform { + required_providers { + sops = { + source = "carlpett/sops" + version = "~> 0.5" + } + } +} + +data "sops_file" "secrets" { + source_file = "secrets.enc.json" +} + +// Networking + +resource "nomad_job" "traefik" { + jobspec = file("traefik.nomad.hcl") +} + +// Authentication + +resource "nomad_job" "authelia" { + jobspec = file("authelia.nomad.hcl") +} + +// Data + +resource "nomad_job" "csi-smb" { + jobspec = file("csi-smb.nomad.hcl") +} + +data "nomad_plugin" "smb" { + plugin_id = "smb" + wait_for_healthy = true +} + +resource "nomad_job" "postgres" { + jobspec = file("postgres.nomad.hcl") +} + +resource "nomad_job" "pgadmin" { + jobspec = file("pgadmin.nomad.hcl") +} + +resource "nomad_job" "pgbackup" { + jobspec = file("pgbackup.nomad.hcl") +} + +resource "nomad_csi_volume_registration" "unraid_database_dump" { + #Note: Before chaning the definition of this volume you need to stop the jobs that are using it + depends_on = [data.nomad_plugin.smb] + plugin_id = "smb" + + volume_id = "unraid_database_dump" + name = "unraid_database_dump" + + external_id = "unraid_database_dump" + + capability { + access_mode = "single-node-writer" + attachment_mode = "file-system" + } + + context = { + source = "//192.168.1.192/database-dump" + } + + secrets = { + "username" = "nomad" + "password" = data.sops_file.secrets.data["unraid.nomad"] + } +} \ No newline at end of file diff --git a/2-nomad-config/services.tf b/2-nomad-config/2-services.tf similarity index 50% rename from 2-nomad-config/services.tf rename to 2-nomad-config/2-services.tf index db6bfe5..eafdf81 100644 --- a/2-nomad-config/services.tf +++ b/2-nomad-config/2-services.tf @@ -1,23 +1,3 @@ -provider "nomad" { - # For some reason nomad is binding to the tailscale IP but not the (local) IP that we get for the same hostname - address = "http://jaglan-beta-m01:4646" -} - -terraform { - required_providers { - sops = { - source = "carlpett/sops" - version = "~> 0.5" - } - } -} - -terraform { - backend "local" { - path = "./.tfstate/terraform.tfstate" - } -} - resource "nomad_job" "glance" { jobspec = file("glance.nomad.hcl") } @@ -26,35 +6,11 @@ resource "nomad_job" "hello_world" { jobspec = file("hello-world.nomad.hcl") } -resource "nomad_job" "traefik" { - jobspec = file("traefik.nomad.hcl") -} - -resource "nomad_job" "authelia" { - jobspec = file("authelia.nomad.hcl") -} resource "nomad_job" "webapp" { jobspec = file("webapp.nomad.hcl") } -resource "nomad_job" "csi-smb" { - jobspec = file("csi-smb.nomad.hcl") -} - -resource "nomad_job" "postgres" { - jobspec = file("postgres.nomad.hcl") -} - -resource "nomad_job" "pgadmin" { - jobspec = file("pgadmin.nomad.hcl") -} - -data "nomad_plugin" "smb" { - plugin_id = "smb" - wait_for_healthy = true -} - resource "nomad_csi_volume_registration" "unraid_transfer" { #Note: Before chaning the definition of this volume you need to stop the jobs that are using it depends_on = [data.nomad_plugin.smb] @@ -84,35 +40,6 @@ resource "nomad_job" "transfer" { jobspec = file("transfer.nomad.hcl") } -data "sops_file" "secrets" { - source_file = "secrets.enc.json" -} - -resource "nomad_csi_volume_registration" "unraid_database_dump" { - #Note: Before chaning the definition of this volume you need to stop the jobs that are using it - depends_on = [data.nomad_plugin.smb] - plugin_id = "smb" - - volume_id = "unraid_database_dump" - name = "unraid_database_dump" - - external_id = "unraid_database_dump" - - capability { - access_mode = "single-node-writer" - attachment_mode = "file-system" - } - - context = { - source = "//192.168.1.192/database-dump" - } - - secrets = { - "username" = "nomad" - "password" = data.sops_file.secrets.data["unraid.nomad"] - } -} - resource "nomad_csi_volume_registration" "unraid_appdata_transferfilebrowser" { #Note: Before chaning the definition of this volume you need to stop the jobs that are using it depends_on = [data.nomad_plugin.smb] @@ -139,6 +66,4 @@ resource "nomad_csi_volume_registration" "unraid_appdata_transferfilebrowser" { } } -resource "nomad_job" "pgbackup" { - jobspec = file("pgbackup.nomad.hcl") -} +