diff --git a/2-nomad-config/secrets.enc.json b/2-nomad-config/secrets.enc.json index c343ee8..2ce6b12 100644 --- a/2-nomad-config/secrets.enc.json +++ b/2-nomad-config/secrets.enc.json @@ -27,7 +27,8 @@ "magic-token": "ENC[AES256_GCM,data:3mKbPFgvtX+hWYEZ0q4jBjnR8KM+E/1DqmkVzoV6ROY=,iv:9L748apqK1TcsW0Y0HvU9QHVD/eSh56c/uN/K4KNct4=,tag:ZmXiaPz7MEvaQ0yu3byiKQ==,type:str]" }, "traefik": { - "cf_tunnel_token": "ENC[AES256_GCM,data:IgrmKwdeipix1dIXNuXnTWN5rCZjClbKZQJfgr5c2IP/n8bcc/nG5Wb42WL2C4hTeVqhG5p62ZXoz0j4dNAjxvuzcW/P0XeSYaiDRXMNWKhNIcK7jOexgswio0sUC+F7f3fa6HH4C02Mx8dWoFZChYtM5EhGdcEwVwspyBlMhTSHTz+/w5T9OqH18o132ZTM6kMQY85sgH36azWoSw73N+aC4ANhgybuok06z6R5D2jMdDX47Bo5bg==,iv:yOcUDTYHh58iejbl0wxNJO1hcDypcBq6KlHKyqnMSVk=,tag:CMyHKgahkIGdXItMJ1/hOg==,type:str]" + "cf_tunnel_token": "ENC[AES256_GCM,data:IgrmKwdeipix1dIXNuXnTWN5rCZjClbKZQJfgr5c2IP/n8bcc/nG5Wb42WL2C4hTeVqhG5p62ZXoz0j4dNAjxvuzcW/P0XeSYaiDRXMNWKhNIcK7jOexgswio0sUC+F7f3fa6HH4C02Mx8dWoFZChYtM5EhGdcEwVwspyBlMhTSHTz+/w5T9OqH18o132ZTM6kMQY85sgH36azWoSw73N+aC4ANhgybuok06z6R5D2jMdDX47Bo5bg==,iv:yOcUDTYHh58iejbl0wxNJO1hcDypcBq6KlHKyqnMSVk=,tag:CMyHKgahkIGdXItMJ1/hOg==,type:str]", + "kopia_basic_auth": "ENC[AES256_GCM,data:GKJKTtFqW2f8L6VYsBIuNsssUk8vBn74A4TIFw==,iv:rjV0o+CKUtZi8nVsVv0m17OPkYW5ymje9QoWvlRHa7g=,tag:CqEf6n5xgc2RWddbZoNqBQ==,type:str]" }, "immich": { "database_pw": "ENC[AES256_GCM,data:SUyMGqu7deZyZpVt,iv:asZehOvn/JamwFyS+Xl9Xpr4JFkKlJjHVw7LywYOxTc=,tag:plRvuv7+ievfEhxurBl7YQ==,type:str]" @@ -39,8 +40,8 @@ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByUWM4ZDVVbGFrUGdMRHBX\nUFBmU3Nlc0RBSzhFK0tHNHpkQXUvUVdiZUZJCmpRN1lFdENpWW0rcThjVlVQNUl6\nWnlLU0RnQ3FZby81Ly8xTFBrek9nMncKLS0tIFQ4UTRNOC9CRmx4OFJWem1wckZz\nUDFTSzdWZldFK3FqcTNWTWRyNDhHQ2MKS811mR5xn7qiC/aVgPFYJ5c6Q3zxRfcr\nHcvxUvB01vNJKZpRg92vvKPkV6lQO3DXCT98OdfwiymlEOvYxg71Pg==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2025-10-11T03:45:25Z", - "mac": "ENC[AES256_GCM,data:GfOzYXFJVo6GTVyw2LOXOwrwBV27GN7SGNi3AZpiQUvLMZZQrC0swuH+/xmXzvOhVTdvAmW8tuR9Ue3yaK0orTIvhCb4rURitjyTu6cnVdmPYA5RGLLjt97sUcuqaafESwPGJSdjWUK/Ff6pqlPkQNU53/MScv53xGbpGYEfSho=,iv:0px5+uUXd6UkSoKaX7siPr/3gkitwzGr/BUxvZ9Y6Jo=,tag:ln31oDutGKK+rgaWrEPV2g==,type:str]", + "lastmodified": "2025-10-13T12:19:46Z", + "mac": "ENC[AES256_GCM,data:QJ1Prqf37xMZbvyMvjBVxZOiOr07CmCYrWmr+5hwDsEmG4eEC9sPF/UY+/Cy2OTzsMp+cHb6C3maAo09O171wj6nJIZucg3B9fjEW2+4AoO217G4vmauMl3FFkut2CuvVV9zt2B/fLAskRg/yeYYOhjzPkWA6lyeV31sV5ZQ6Kw=,iv:5WfkmNr5vdfTqp6+INjQN/Zmc7/iJNc/2auO9h3En08=,tag:snBgJyMzBXVAkV3zERkK8g==,type:str]", "encrypted_regex": "^(.*)$", "version": "3.10.2" } diff --git a/2-nomad-config/traefik.nomad.hcl b/2-nomad-config/traefik.nomad.hcl index e0a76ad..b9ef628 100644 --- a/2-nomad-config/traefik.nomad.hcl +++ b/2-nomad-config/traefik.nomad.hcl @@ -128,6 +128,10 @@ http: stripPrefix: prefixes: - "/magic-token/{token:[A-Z0-9]+}" + inject-kopia-basic-auth: + headers: + customRequestHeaders: + Authorization: "Basic {{ with nomadVar "nomad/jobs/traefik" }}{{ .kopia_basic_auth }}{{ end }}" routers: fallback: rule: "HostRegexp(`^.+$`)" @@ -162,6 +166,12 @@ http: service: frigate middlewares: - auth + kopia: + rule: "Host(`kopia.othrayte.one`)" + service: kopia + middlewares: + - auth + - inject-kopia-basic-auth hass: rule: "Host(`hass.othrayte.one`)" service: hass @@ -192,6 +202,10 @@ http: loadBalancer: servers: - url: "http://192.168.1.192:5000" + kopia: + loadBalancer: + servers: + - url: "http://192.168.1.192:51515" hass: loadBalancer: servers: diff --git a/2-nomad-config/traefik.tf b/2-nomad-config/traefik.tf index 876e7b7..5c2566e 100644 --- a/2-nomad-config/traefik.tf +++ b/2-nomad-config/traefik.tf @@ -21,7 +21,8 @@ resource "cloudflare_dns_record" "star-othrayte-one" { resource "nomad_variable" "traefik" { path = "nomad/jobs/traefik" items = { - cf_tunnel_token = data.sops_file.secrets.data["traefik.cf_tunnel_token"] + cf_tunnel_token = data.sops_file.secrets.data["traefik.cf_tunnel_token"] + kopia_basic_auth = data.sops_file.secrets.data["traefik.kopia_basic_auth"] } }