From 805636f44cf607c5becfdfe23b06f6294926f58e Mon Sep 17 00:00:00 2001 From: Adrian Cowan Date: Tue, 6 May 2025 00:23:19 +1000 Subject: [PATCH] Properly persistent configs --- 2-nomad-config/.terraform.lock.hcl | 15 + 2-nomad-config/age-install.sh | 13 + 2-nomad-config/readme.md | 10 + 2-nomad-config/secrets.enc.json | 17 + 2-nomad-config/services.tf | 50 +- 2-nomad-config/sops-install.sh | 10 + 2-nomad-config/terraform.tfstate | 519 --------------------- 2-nomad-config/terraform.tfstate.backup | 584 ------------------------ 2-nomad-config/transfer.nomad.hcl | 18 + 9 files changed, 128 insertions(+), 1108 deletions(-) create mode 100644 2-nomad-config/age-install.sh create mode 100644 2-nomad-config/readme.md create mode 100644 2-nomad-config/secrets.enc.json create mode 100644 2-nomad-config/sops-install.sh delete mode 100644 2-nomad-config/terraform.tfstate delete mode 100644 2-nomad-config/terraform.tfstate.backup diff --git a/2-nomad-config/.terraform.lock.hcl b/2-nomad-config/.terraform.lock.hcl index b5efb8c..1ce8322 100644 --- a/2-nomad-config/.terraform.lock.hcl +++ b/2-nomad-config/.terraform.lock.hcl @@ -1,6 +1,21 @@ # This file is maintained automatically by "terraform init". # Manual edits may be lost in future updates. +provider "registry.terraform.io/carlpett/sops" { + version = "0.7.2" + constraints = "~> 0.5" + hashes = [ + "h1:eetjYKFBQb6nbgxjehD/gzzAmH2ru94ha2tEzXNiNy8=", + "zh:43f218054ea3a72c9756bf989aeebb9d0f23b66fd08e9fb4ae75d4f921295e82", + "zh:57fd326388042a6b7ecd60f740f81e5ef931546c4f068f054e7df34acf65d190", + "zh:87b970db8c137f4c2fcbff7a5705419a0aea9268ae0ac94f1ec5b978e42ab0d2", + "zh:9e3b67b89ac919f01731eb0466baa08ce0721e6cf962fe6752e7cc526ac0cba0", + "zh:c028f67ef330be0d15ce4d7ac7649a2e07a98ed3003fca52e0c72338b5f481f8", + "zh:c29362e36a44480d0d9cb7d90d1efba63fe7e0e94706b2a07884bc067c46cbc7", + "zh:d5bcfa836244718a1d564aa96eb7d733b4d361b6ecb961f7c5bcd0cadb1dfd05", + ] +} + provider "registry.terraform.io/hashicorp/nomad" { version = "2.5.0" hashes = [ diff --git a/2-nomad-config/age-install.sh b/2-nomad-config/age-install.sh new file mode 100644 index 0000000..baca28b --- /dev/null +++ b/2-nomad-config/age-install.sh @@ -0,0 +1,13 @@ +export AGE_VERSION=v1.2.1 + +# Download the archive +wget https://github.com/FiloSottile/age/releases/download/$AGE_VERSION/age-$AGE_VERSION-linux-amd64.tar.gz + +# Extract the contents of the archive +tar -xvf age-$AGE_VERSION-linux-amd64.tar.gz + +# Move the binaries to a directory in our PATH +sudo mv age/age* /usr/local/bin/ + +# Make the binaries executable +sudo chmod +x /usr/local/bin/age* diff --git a/2-nomad-config/readme.md b/2-nomad-config/readme.md new file mode 100644 index 0000000..ac07907 --- /dev/null +++ b/2-nomad-config/readme.md @@ -0,0 +1,10 @@ +# Terraform State + +Mount the state on the fileshare to 2-nomad-config/.tfstate/ +`sudo mount -t cifs //192.168.1.192/appdata/terraform /home/othrayte/Code/infra/2-nomad-config/.tfstate/ -o rw,username=othrayte,password=,uid=$(id -u),gid=$(id -g)` + +# Secrets + +The secrets file is encrypted using sops and will be automatically decrypted in the terraform provider. + +Put the age keys in /home//.config/sops/age/keys.txt diff --git a/2-nomad-config/secrets.enc.json b/2-nomad-config/secrets.enc.json new file mode 100644 index 0000000..c6e34ae --- /dev/null +++ b/2-nomad-config/secrets.enc.json @@ -0,0 +1,17 @@ +{ + "unraid": { + "nomad": "ENC[AES256_GCM,data:FCGEs+XCSuunLxVPyzE=,iv:j8Ey+l8iJiPY7CbE5IoT0ZgNklnv+4odSZkorJQ/nr8=,tag:7PoizENid+vgWC/eb5MOaQ==,type:str]" + }, + "sops": { + "age": [ + { + "recipient": "age1zuj9ssd0kkfeefjmyz82t9h3dfjq8degqm2l5eszhu5zhazpgsys54rq2n", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByUWM4ZDVVbGFrUGdMRHBX\nUFBmU3Nlc0RBSzhFK0tHNHpkQXUvUVdiZUZJCmpRN1lFdENpWW0rcThjVlVQNUl6\nWnlLU0RnQ3FZby81Ly8xTFBrek9nMncKLS0tIFQ4UTRNOC9CRmx4OFJWem1wckZz\nUDFTSzdWZldFK3FqcTNWTWRyNDhHQ2MKS811mR5xn7qiC/aVgPFYJ5c6Q3zxRfcr\nHcvxUvB01vNJKZpRg92vvKPkV6lQO3DXCT98OdfwiymlEOvYxg71Pg==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-05-05T13:24:20Z", + "mac": "ENC[AES256_GCM,data:MN1Ulrs7UvfR2/7F43cZbsme00SSOXBP11TEwELQ9y0NZ87EjNozn6WtUGRDShb2cD6p/jpQfPQqO4A7gJCtKsAAFMggIWEATxYCfMcJoD8evpxZcmNAv3b6GkNRT1u1WNecYAXJUqtR9+wKBRCYRcY3rIxpuCmvcMNEABaaxWs=,iv:2H0UxqAo4En0i+9NVGxqJZSB2vCyb8wuWRQ5h2637U0=,tag:iLTYCMCqZK8CiZczU69W+Q==,type:str]", + "encrypted_regex": "^(.*)$", + "version": "3.10.2" + } +} diff --git a/2-nomad-config/services.tf b/2-nomad-config/services.tf index dc40c51..8a3f4fd 100644 --- a/2-nomad-config/services.tf +++ b/2-nomad-config/services.tf @@ -3,6 +3,21 @@ provider "nomad" { address = "http://jaglan-beta-m01:4646" } +terraform { + required_providers { + sops = { + source = "carlpett/sops" + version = "~> 0.5" + } + } +} + +terraform { + backend "local" { + path = "./.tfstate/terraform.tfstate" + } +} + resource "nomad_job" "glance" { jobspec = file("glance.nomad.hcl") } @@ -51,11 +66,6 @@ resource "nomad_csi_volume_registration" "unraid_transfer" { source = "//192.168.1.192/transfer" } - parameters = { - "csi.storage.k8s.io/node-stage-secret-name" = "smbcreds" - "csi.storage.k8s.io/node-stage-secret-namespace" = "default" - } - secrets = { "username" = "anon" "password" = "" @@ -65,3 +75,33 @@ resource "nomad_csi_volume_registration" "unraid_transfer" { resource "nomad_job" "transfer" { jobspec = file("transfer.nomad.hcl") } + +data "sops_file" "secrets" { + source_file = "secrets.enc.json" +} + +resource "nomad_csi_volume_registration" "unraid_appdata_transferfilebrowser" { + #Note: Before chaning the definition of this volume you need to stop the jobs that are using it + depends_on = [data.nomad_plugin.smb] + plugin_id = "smb" + + volume_id = "unraid_appdata_transferfilebrowser" + name = "unraid_appdata_transferfilebrowser" + + external_id = "unraid_appdata_transferfilebrowser" + + capability { + access_mode = "single-node-writer" + attachment_mode = "file-system" + } + + context = { + source = "//192.168.1.192/appdata" + subDir = "transferfilebrowser" # Note: Needs to be manually created on the share + } + + secrets = { + "username" = "nomad" + "password" = data.sops_file.secrets.data["unraid.nomad"] + } +} diff --git a/2-nomad-config/sops-install.sh b/2-nomad-config/sops-install.sh new file mode 100644 index 0000000..4128e7b --- /dev/null +++ b/2-nomad-config/sops-install.sh @@ -0,0 +1,10 @@ +export SOPS_VERSION=v3.10.2 + +# Download the binary +curl -LO https://github.com/getsops/sops/releases/download/$SOPS_VERSION/sops-$SOPS_VERSION.linux.amd64 + +# Move the binary in to your PATH +sudo mv sops-$SOPS_VERSION.linux.amd64 /usr/local/bin/sops + +# Make the binary executable +sudo chmod +x /usr/local/bin/sops diff --git a/2-nomad-config/terraform.tfstate b/2-nomad-config/terraform.tfstate deleted file mode 100644 index a5a2f38..0000000 --- a/2-nomad-config/terraform.tfstate +++ /dev/null @@ -1,519 +0,0 @@ -{ - "version": 4, - "terraform_version": "1.11.4", - "serial": 595, - "lineage": "15e0900c-88bc-9754-4600-e3977d018ba0", - "outputs": {}, - "resources": [ - { - "mode": "data", - "type": "nomad_plugin", - "name": "smb", - "provider": "provider[\"registry.terraform.io/hashicorp/nomad\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "controller_required": false, - "controllers_expected": 0, - "controllers_healthy": 0, - "id": "smb", - "nodes": [ - { - "healthy": true, - "healthy_description": "healthy", - "name": "0db77253-0579-e8b0-42cd-d619af9d8e73" - } - ], - "nodes_expected": 1, - "nodes_healthy": 1, - "plugin_id": "smb", - "plugin_provider": "smb.csi.k8s.io", - "plugin_provider_version": "v1.7.0", - "wait_for_healthy": true, - "wait_for_registration": false - }, - "sensitive_attributes": [] - } - ] - }, - { - "mode": "managed", - "type": "nomad_csi_volume_registration", - "name": "unraid_transfer", - "provider": "provider[\"registry.terraform.io/hashicorp/nomad\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "capability": [ - { - "access_mode": "single-node-writer", - "attachment_mode": "file-system" - } - ], - "capacity": 0, - "capacity_max": null, - "capacity_max_bytes": 0, - "capacity_min": null, - "capacity_min_bytes": 0, - "context": { - "source": "//192.168.1.192/transfer" - }, - "controller_required": false, - "controllers_expected": 0, - "controllers_healthy": 0, - "deregister_on_destroy": true, - "external_id": "unraid_transfer", - "id": "unraid_transfer", - "mount_options": [], - "name": "unraid_transfer", - "namespace": "default", - "nodes_expected": 1, - "nodes_healthy": 1, - "parameters": { - "csi.storage.k8s.io/node-stage-secret-name": "smbcreds", - "csi.storage.k8s.io/node-stage-secret-namespace": "default" - }, - "plugin_id": "smb", - "plugin_provider": "smb.csi.k8s.io", - "plugin_provider_version": "v1.7.0", - "schedulable": true, - "secrets": { - "password": "", - "username": "anon" - }, - "timeouts": null, - "topologies": [], - "topology_request": [], - "volume_id": "unraid_transfer" - }, - "sensitive_attributes": [ - [ - { - "type": "get_attr", - "value": "secrets" - } - ] - ], - "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwfX0=", - "dependencies": [ - "data.nomad_plugin.smb" - ] - } - ] - }, - { - "mode": "managed", - "type": "nomad_job", - "name": "authelia", - "provider": "provider[\"registry.terraform.io/hashicorp/nomad\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "allocation_ids": [], - "datacenters": [ - "*" - ], - "deployment_id": null, - "deployment_status": null, - "deregister_on_destroy": true, - "deregister_on_id_change": true, - "detach": true, - "hcl2": [], - "id": "authelia", - "jobspec": "job \"authelia\" {\n group \"authelia\" {\n network {\n port \"http\" {\n static = 9091\n }\n }\n\n service {\n name = \"auth\"\n port = \"http\"\n\n tags = [\n \"traefik.enable=true\",\n ]\n\n check {\n type = \"http\"\n path = \"/health\"\n interval = \"10s\"\n timeout = \"2s\"\n }\n }\n\n task \"authelia\" {\n driver = \"docker\"\n\n config {\n image = \"authelia/authelia:latest\"\n\n ports = [\"http\"]\n\n volumes = [\n \"local/config:/config\",\n \"local/data:/data\"\n ]\n }\n\n resources {\n cpu = 100\n memory = 128\n }\n\n template {\n data = \u003c\u003cEOF\nserver:\n address: tcp://0.0.0.0:{{ env \"NOMAD_PORT_http\" }}/\ntheme: \"auto\"\nidentity_validation:\n reset_password:\n jwt_secret: \"{{ with nomadVar \"nomad/jobs/authelia\" }}{{ .jwt_secret }}{{ end }}\"\n\nauthentication_backend:\n file:\n path: /config/users_database.yml\n\naccess_control:\n default_policy: deny\n rules:\n - domain: \"*.othrayte.one\"\n policy: one_factor\n # Disable auth for authelia\n #- domain: \"auth.othrayte.one\"\n # policy: bypass\n\nsession:\n name: authelia_session\n secret: \"{{ with nomadVar \"nomad/jobs/authelia\" }}{{ .session_secret }}{{ end }}\"\n expiration: 3600\n cookies:\n - domain: othrayte.one\n authelia_url: \"https://auth.othrayte.one\"\n\nstorage:\n local:\n path: /config/db.sqlite3\n encryption_key: \"{{ with nomadVar \"nomad/jobs/authelia\" }}{{ .encryption_key }}{{ end }}\"\n\nnotifier:\n filesystem:\n filename: /config/notification.txt\nEOF\n\n destination = \"local/config/configuration.yml\"\n }\n\n template {\n data = \u003c\u003cEOF\n# Users database for Authelia\nusers:\n othrayte:\n password: \"$2y$10$FeemMJevZXq6y1pc6FNOXeIlthGWiGHRmMfpV33BNcpChA5ozLUmK\"\n displayname: \"Adrian\"\n email: \"othrayte@gmail.com\"\nEOF\n\n destination = \"local/config/users_database.yml\"\n }\n }\n }\n}\n", - "json": null, - "modify_index": "17976", - "name": "authelia", - "namespace": "default", - "policy_override": null, - "purge_on_destroy": null, - "read_allocation_ids": false, - "region": "global", - "rerun_if_dead": false, - "status": "running", - "task_groups": [ - { - "count": 1, - "meta": {}, - "name": "authelia", - "task": [ - { - "driver": "docker", - "meta": {}, - "name": "authelia", - "volume_mounts": [] - } - ], - "volumes": [] - } - ], - "timeouts": null, - "type": "service" - }, - "sensitive_attributes": [], - "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjozMDAwMDAwMDAwMDAsInVwZGF0ZSI6MzAwMDAwMDAwMDAwfX0=" - } - ] - }, - { - "mode": "managed", - "type": "nomad_job", - "name": "csi-smb", - "provider": "provider[\"registry.terraform.io/hashicorp/nomad\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "allocation_ids": [], - "datacenters": [ - "*" - ], - "deployment_id": null, - "deployment_status": null, - "deregister_on_destroy": true, - "deregister_on_id_change": true, - "detach": true, - "hcl2": [], - "id": "csi-smb", - "jobspec": "job \"csi-smb\" {\n type = \"system\"\n\n group \"smb\" {\n task \"plugin\" {\n driver = \"docker\"\n\n config {\n image = \"mcr.microsoft.com/k8s/csi/smb-csi:v1.7.0\"\n args = [\n \"--v=5\",\n \"--nodeid=${attr.unique.hostname}\",\n \"--endpoint=unix:///csi/csi.sock\",\n \"--drivername=smb.csi.k8s.io\"\n ]\n privileged = true\n }\n\n csi_plugin {\n id = \"smb\"\n type = \"node\"\n mount_dir = \"/csi\"\n }\n\n resources {\n cpu = 100\n memory = 50\n }\n }\n }\n}", - "json": null, - "modify_index": "11526", - "name": "csi-smb", - "namespace": "default", - "policy_override": null, - "purge_on_destroy": null, - "read_allocation_ids": false, - "region": "global", - "rerun_if_dead": false, - "status": "running", - "task_groups": [ - { - "count": 1, - "meta": {}, - "name": "smb", - "task": [ - { - "driver": "docker", - "meta": {}, - "name": "plugin", - "volume_mounts": [] - } - ], - "volumes": [] - } - ], - "timeouts": null, - "type": "system" - }, - "sensitive_attributes": [], - "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjozMDAwMDAwMDAwMDAsInVwZGF0ZSI6MzAwMDAwMDAwMDAwfX0=" - } - ] - }, - { - "mode": "managed", - "type": "nomad_job", - "name": "glance", - "provider": "provider[\"registry.terraform.io/hashicorp/nomad\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "allocation_ids": [], - "datacenters": [ - "*" - ], - "deployment_id": null, - "deployment_status": null, - "deregister_on_destroy": true, - "deregister_on_id_change": true, - "detach": true, - "hcl2": [], - "id": "glance", - "jobspec": "job \"glance\" {\n group \"glance\" {\n count = 1\n\n network {\n port \"http\" {\n to = 8080\n }\n }\n\n task \"glance\" {\n driver = \"docker\"\n\n config {\n image = \"glanceapp/glance:latest\"\n ports = [\"http\"]\n volumes = [\n \"local/glance.yml:/app/config/glance.yml\",\n ]\n }\n\n service {\n name = \"home\"\n port = \"http\"\n \n tags = [\n \"traefik.enable=true\",\n \"traefik.http.routers.home.middlewares=auth@file\",\n ]\n\n check {\n name = \"alive\"\n type = \"tcp\"\n port = \"http\"\n interval = \"10s\"\n timeout = \"2s\"\n }\n }\n\n resources {\n cpu = 50\n memory = 128\n }\n\n\n template {\n data = \u003c\u003cEOF\npages:\n - name: Home\n # Optionally, if you only have a single page you can hide the desktop navigation for a cleaner look\n # hide-desktop-navigation: true\n columns:\n - size: small\n widgets:\n - type: calendar\n first-day-of-week: monday\n\n - type: rss\n limit: 10\n collapse-after: 3\n cache: 12h\n feeds:\n - url: https://selfh.st/rss/\n title: selfh.st\n limit: 4\n - url: https://ciechanow.ski/atom.xml\n - url: https://www.joshwcomeau.com/rss.xml\n title: Josh Comeau\n - url: https://samwho.dev/rss.xml\n - url: https://ishadeed.com/feed.xml\n title: Ahmad Shadeed\n\n - type: twitch-channels\n channels:\n - theprimeagen\n - j_blow\n - piratesoftware\n - cohhcarnage\n - christitustech\n - EJ_SA\n\n - size: full\n widgets:\n - type: group\n widgets:\n - type: hacker-news\n - type: lobsters\n\n - type: videos\n channels:\n - UCXuqSBlHAE6Xw-yeJA0Tunw # Linus Tech Tips\n - UCR-DXc1voovS8nhAvccRZhg # Jeff Geerling\n - UCsBjURrPoezykLs9EqgamOA # Fireship\n - UCBJycsmduvYEL83R_U4JriQ # Marques Brownlee\n - UCHnyfMqiRRG1u-2MsSQLbXA # Veritasium\n\n - type: bookmarks\n groups:\n - links:\n - title: Gmail\n url: https://mail.google.com/mail/u/0/\n - title: Amazon\n url: https://www.amazon.com/\n - title: Github\n url: https://github.com/\n - title: Wikipedia\n url: https://en.wikipedia.org/\n - title: Infra\n color: 10 70 50\n links:\n - title: Nomad\n url: https://nomad.othrayte.one/\n - title: Consul\n url: https://consul.othrayte.one/\n - title: Traefik\n url: https://traefik.othrayte.one/\n - title: Social\n color: 200 50 50\n links:\n - title: Reddit\n url: https://www.reddit.com/\n - title: Twitter\n url: https://twitter.com/\n - title: Instagram\n url: https://www.instagram.com/\n\n - size: small\n widgets:\n - type: weather\n location: Melbourne, Australia\n units: metric\n hour-format: 12h\n # Optionally hide the location from being displayed in the widget\n # hide-location: true\n\n - type: releases\n cache: 1d\n # Without authentication the Github API allows for up to 60 requests per hour. You can create a\n # read-only token from your Github account settings and use it here to increase the limit.\n # token: ...\n repositories:\n - glanceapp/glance\n - go-gitea/gitea\n - immich-app/immich\n - syncthing/syncthing\n\n # Add more pages here:\n # - name: Your page name\n # columns:\n # - size: small\n # widgets:\n # # Add widgets here\n\n # - size: full\n # widgets:\n # # Add widgets here\n\n # - size: small\n # widgets:\n # # Add widgets here\nEOF\n\n destination = \"local/glance.yml\"\n }\n\n }\n }\n}", - "json": null, - "modify_index": "17710", - "name": "glance", - "namespace": "default", - "policy_override": null, - "purge_on_destroy": null, - "read_allocation_ids": false, - "region": "global", - "rerun_if_dead": false, - "status": "running", - "task_groups": [ - { - "count": 1, - "meta": {}, - "name": "glance", - "task": [ - { - "driver": "docker", - "meta": {}, - "name": "glance", - "volume_mounts": [] - } - ], - "volumes": [] - } - ], - "timeouts": null, - "type": "service" - }, - "sensitive_attributes": [], - "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjozMDAwMDAwMDAwMDAsInVwZGF0ZSI6MzAwMDAwMDAwMDAwfX0=" - } - ] - }, - { - "mode": "managed", - "type": "nomad_job", - "name": "hello_world", - "provider": "provider[\"registry.terraform.io/hashicorp/nomad\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "allocation_ids": [], - "datacenters": [ - "*" - ], - "deployment_id": null, - "deployment_status": null, - "deregister_on_destroy": true, - "deregister_on_id_change": true, - "detach": true, - "hcl2": [], - "id": "hello-world", - "jobspec": "job \"hello-world\" {\n group \"servers\" {\n network {\n port \"www\" {\n to = -1\n }\n }\n\n service {\n name = \"hello-world\"\n port = \"www\"\n \n tags = [\n \"traefik.enable=true\",\n \"traefik.http.routers.hello-world.middlewares=auth@file\",\n ]\n\n check {\n name = \"alive\"\n type = \"tcp\"\n port = \"www\"\n interval = \"10s\"\n timeout = \"2s\"\n }\n }\n \n\n # Tasks are individual units of work that are run by Nomad.\n task \"web\" {\n # This particular task starts a simple web server within a Docker container\n driver = \"docker\"\n\n config {\n image = \"busybox:1\"\n command = \"httpd\"\n args = [\"-v\", \"-f\", \"-p\", \"${NOMAD_PORT_www}\", \"-h\", \"/local\"]\n ports = [\"www\"]\n }\n\n template {\n data = \u003c\u003c-EOF\n \u003ch1\u003eHello, Nomad!\u003c/h1\u003e\n \u003cul\u003e\n \u003cli\u003eTask: {{env \"NOMAD_TASK_NAME\"}}\u003c/li\u003e\n \u003cli\u003eGroup: {{env \"NOMAD_GROUP_NAME\"}}\u003c/li\u003e\n \u003cli\u003eJob: {{env \"NOMAD_JOB_NAME\"}}\u003c/li\u003e\n \u003cli\u003eMetadata value for foo: {{env \"NOMAD_META_foo\"}}\u003c/li\u003e\n \u003cli\u003eCurrently running on port: {{env \"NOMAD_PORT_www\"}}\u003c/li\u003e\n \u003c/ul\u003e\n EOF\n destination = \"local/index.html\"\n }\n\n # Specify the maximum resources required to run the task\n resources {\n cpu = 50\n memory = 64\n }\n }\n }\n}", - "json": null, - "modify_index": "17709", - "name": "hello-world", - "namespace": "default", - "policy_override": null, - "purge_on_destroy": null, - "read_allocation_ids": false, - "region": "global", - "rerun_if_dead": false, - "status": "running", - "task_groups": [ - { - "count": 1, - "meta": {}, - "name": "servers", - "task": [ - { - "driver": "docker", - "meta": {}, - "name": "web", - "volume_mounts": [] - } - ], - "volumes": [] - } - ], - "timeouts": null, - "type": "service" - }, - "sensitive_attributes": [], - "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjozMDAwMDAwMDAwMDAsInVwZGF0ZSI6MzAwMDAwMDAwMDAwfX0=" - } - ] - }, - { - "mode": "managed", - "type": "nomad_job", - "name": "traefik", - "provider": "provider[\"registry.terraform.io/hashicorp/nomad\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "allocation_ids": [], - "datacenters": [ - "*" - ], - "deployment_id": null, - "deployment_status": null, - "deregister_on_destroy": true, - "deregister_on_id_change": true, - "detach": true, - "hcl2": [], - "id": "traefik", - "jobspec": "job \"traefik\" {\n group \"traefik\" {\n network {\n port \"http\" {\n static = 80\n }\n\n port \"https\" {\n static = 443\n }\n\n port \"api\" {\n static = 8081\n }\n }\n\n service {\n name = \"traefik\"\n\n tags = [\n \"traefik.enable=true\",\n \"traefik.http.routers.traefik.rule=Host(`traefik.othrayte.one`)\",\n \"traefik.http.routers.traefik.service=traefik\",\n \"traefik.http.routers.traefik.middlewares=auth@file\",\n \"traefik.http.services.traefik.loadbalancer.server.port=8081\",\n ]\n\n check {\n name = \"alive\"\n type = \"tcp\"\n port = \"http\"\n interval = \"10s\"\n timeout = \"2s\"\n }\n }\n\n volume \"traefik\" {\n type = \"host\"\n read_only = false\n source = \"traefik\"\n }\n\n task \"traefik\" {\n driver = \"docker\"\n\n config {\n image = \"traefik:v3.3\"\n network_mode = \"host\"\n\n volumes = [\n \"local/traefik.yml:/etc/traefik/traefik.yml\",\n \"local/configs/:/etc/traefik/configs/\"\n ]\n }\n\n volume_mount {\n volume = \"traefik\"\n destination = \"/opt/traefik\"\n read_only = false\n }\n\n template {\n data = \u003c\u003cEOF\nentryPoints:\n web:\n address: \":80\"\n http:\n redirections:\n entryPoint:\n to: websecure\n scheme: https\n websecure:\n address: \":443\"\n http:\n tls:\n certResolver: letsencrypt\n traefik:\n address: \":8081\"\n\napi:\n dashboard: true\n insecure: true\n\nproviders:\n file:\n directory: \"/etc/traefik/configs/\"\n\n consulCatalog:\n prefix: \"traefik\"\n exposedByDefault: false\n defaultRule: {{\"Host(`{{ .Name }}.othrayte.one`)\"}}\n endpoint:\n address: \"127.0.0.1:8500\"\n scheme: \"http\"\n\ncertificatesResolvers:\n letsencrypt:\n acme:\n email: \"othrayte@gmail.com\"\n storage: \"/opt/traefik/acme.json\"\n httpChallenge:\n entryPoint: web\nEOF\n\n destination = \"local/traefik.yml\"\n }\n\n template {\n data = \u003c\u003cEOF\nhttp:\n middlewares:\n auth:\n forwardAuth:\n address: \"http://192.168.1.235:9091/api/authz/forward-auth\"\n trustForwardHeader: true\n routers:\n fallback:\n rule: \"HostRegexp(`^.+$`)\"\n entryPoints:\n - websecure\n middlewares:\n - auth\n service: noop@internal # This router just applies middleware\n priority: 1\n nomad-ui:\n rule: \"Host(`nomad.othrayte.one`)\"\n service: nomad-ui\n middlewares:\n - auth\n consul-ui:\n rule: \"Host(`consul.othrayte.one`)\"\n service: consul-ui\n middlewares:\n - auth\n unraid:\n rule: \"Host(`unraid.othrayte.one`)\"\n service: unraid\n middlewares:\n - auth\n\n services:\n nomad-ui:\n loadBalancer:\n servers:\n - url: \"http://127.0.0.1:4646\"\n consul-ui:\n loadBalancer:\n servers:\n - url: \"http://127.0.0.1:8500\"\n unraid:\n loadBalancer:\n servers:\n - url: \"http://192.168.1.192:80\"\nEOF\n\n destination = \"local/configs/nomad.yml\"\n }\n\n resources {\n cpu = 100\n memory = 128\n }\n }\n }\n}\n", - "json": null, - "modify_index": "18000", - "name": "traefik", - "namespace": "default", - "policy_override": null, - "purge_on_destroy": null, - "read_allocation_ids": false, - "region": "global", - "rerun_if_dead": false, - "status": "running", - "task_groups": [ - { - "count": 1, - "meta": {}, - "name": "traefik", - "task": [ - { - "driver": "docker", - "meta": {}, - "name": "traefik", - "volume_mounts": [ - { - "destination": "/opt/traefik", - "read_only": false, - "volume": "traefik" - } - ] - } - ], - "volumes": [ - { - "name": "traefik", - "read_only": false, - "source": "traefik", - "type": "host" - } - ] - } - ], - "timeouts": null, - "type": "service" - }, - "sensitive_attributes": [], - "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjozMDAwMDAwMDAwMDAsInVwZGF0ZSI6MzAwMDAwMDAwMDAwfX0=" - } - ] - }, - { - "mode": "managed", - "type": "nomad_job", - "name": "transfer", - "provider": "provider[\"registry.terraform.io/hashicorp/nomad\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "allocation_ids": [], - "datacenters": [ - "*" - ], - "deployment_id": null, - "deployment_status": null, - "deregister_on_destroy": true, - "deregister_on_id_change": true, - "detach": true, - "hcl2": [], - "id": "transfer", - "jobspec": "job \"transfer\" {\n group \"transfer\" {\n network {\n port \"http\" {\n to = 80\n }\n }\n\n service {\n name = \"transfer\"\n port = \"http\"\n \n tags = [\n \"traefik.enable=true\",\n \"traefik.http.routers.volume-test.middlewares=auth@file\",\n ]\n\n check {\n type = \"http\"\n path = \"/\"\n interval = \"10s\"\n timeout = \"2s\"\n }\n }\n\n volume \"unraid_transfer\" {\n type = \"csi\"\n read_only = false\n source = \"unraid_transfer\"\n access_mode = \"single-node-writer\"\n attachment_mode = \"file-system\"\n\n mount_options {\n mount_flags = [\"uid=911\",\"gid=1000\"] # linuxserver.io container services run as uid 911\n }\n }\n\n task \"filebrowser\" {\n driver = \"docker\"\n\n config {\n # Use the s6 tag for the linuxserver.io based image\n image = \"filebrowser/filebrowser:s6\"\n\n ports = [\"http\"]\n\n volumes = [\n \"local/config/settings.json:/config/settings.json\",\n ]\n }\n\n volume_mount {\n volume = \"unraid_transfer\"\n\t destination = \"/srv\"\n read_only = false\n }\n\n resources {\n cpu = 500\n memory = 256\n }\n\n template {\n data = \u003c\u003cEOF\n{\n \"port\": 80,\n \"baseURL\": \"\",\n \"address\": \"\",\n \"log\": \"stdout\",\n \"database\": \"/database/filebrowser.db\",\n \"root\": \"/srv\",\n \"auth\": {\n \"method\": \"noauth\"\n }\n}\nEOF\n\n destination = \"local/config/settings.json\"\n }\n }\n }\n}", - "json": null, - "modify_index": "21245", - "name": "transfer", - "namespace": "default", - "policy_override": null, - "purge_on_destroy": null, - "read_allocation_ids": false, - "region": "global", - "rerun_if_dead": false, - "status": "running", - "task_groups": [ - { - "count": 1, - "meta": {}, - "name": "transfer", - "task": [ - { - "driver": "docker", - "meta": {}, - "name": "filebrowser", - "volume_mounts": [ - { - "destination": "/srv", - "read_only": false, - "volume": "unraid_transfer" - } - ] - } - ], - "volumes": [ - { - "name": "unraid_transfer", - "read_only": false, - "source": "unraid_transfer", - "type": "csi" - } - ] - } - ], - "timeouts": null, - "type": "service" - }, - "sensitive_attributes": [], - "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjozMDAwMDAwMDAwMDAsInVwZGF0ZSI6MzAwMDAwMDAwMDAwfX0=" - } - ] - }, - { - "mode": "managed", - "type": "nomad_job", - "name": "webapp", - "provider": "provider[\"registry.terraform.io/hashicorp/nomad\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "allocation_ids": [], - "datacenters": [ - "*" - ], - "deployment_id": null, - "deployment_status": null, - "deregister_on_destroy": true, - "deregister_on_id_change": true, - "detach": true, - "hcl2": [], - "id": "demo-webapp", - "jobspec": "job \"demo-webapp\" {\n group \"demo\" {\n count = 3\n\n network {\n port \"http\"{\n to = -1\n }\n }\n\n service {\n name = \"demo-webapp\"\n port = \"http\"\n\n tags = [\n \"traefik.enable=true\",\n \"traefik.http.routers.demo-webapp.middlewares=auth@file\",\n ]\n\n check {\n type = \"http\"\n path = \"/\"\n interval = \"2s\"\n timeout = \"2s\"\n }\n }\n\n task \"server\" {\n env {\n PORT = \"${NOMAD_PORT_http}\"\n NODE_IP = \"${NOMAD_IP_http}\"\n }\n\n driver = \"docker\"\n\n config {\n image = \"hashicorp/demo-webapp-lb-guide\"\n ports = [\"http\"]\n }\n }\n }\n}", - "json": null, - "modify_index": "17707", - "name": "demo-webapp", - "namespace": "default", - "policy_override": null, - "purge_on_destroy": null, - "read_allocation_ids": false, - "region": "global", - "rerun_if_dead": false, - "status": "running", - "task_groups": [ - { - "count": 3, - "meta": {}, - "name": "demo", - "task": [ - { - "driver": "docker", - "meta": {}, - "name": "server", - "volume_mounts": [] - } - ], - "volumes": [] - } - ], - "timeouts": null, - "type": "service" - }, - "sensitive_attributes": [], - "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjozMDAwMDAwMDAwMDAsInVwZGF0ZSI6MzAwMDAwMDAwMDAwfX0=" - } - ] - } - ], - "check_results": null -} diff --git a/2-nomad-config/terraform.tfstate.backup b/2-nomad-config/terraform.tfstate.backup deleted file mode 100644 index c389beb..0000000 --- a/2-nomad-config/terraform.tfstate.backup +++ /dev/null @@ -1,584 +0,0 @@ -{ - "version": 4, - "terraform_version": "1.11.4", - "serial": 593, - "lineage": "15e0900c-88bc-9754-4600-e3977d018ba0", - "outputs": {}, - "resources": [ - { - "mode": "data", - "type": "nomad_plugin", - "name": "smb", - "provider": "provider[\"registry.terraform.io/hashicorp/nomad\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "controller_required": false, - "controllers_expected": 0, - "controllers_healthy": 0, - "id": "smb", - "nodes": [ - { - "healthy": true, - "healthy_description": "healthy", - "name": "0db77253-0579-e8b0-42cd-d619af9d8e73" - } - ], - "nodes_expected": 1, - "nodes_healthy": 1, - "plugin_id": "smb", - "plugin_provider": "smb.csi.k8s.io", - "plugin_provider_version": "v1.7.0", - "wait_for_healthy": true, - "wait_for_registration": false - }, - "sensitive_attributes": [] - } - ] - }, - { - "mode": "managed", - "type": "nomad_csi_volume_registration", - "name": "unraid_transfer", - "provider": "provider[\"registry.terraform.io/hashicorp/nomad\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "capability": [ - { - "access_mode": "single-node-writer", - "attachment_mode": "file-system" - } - ], - "capacity": 0, - "capacity_max": null, - "capacity_max_bytes": 0, - "capacity_min": null, - "capacity_min_bytes": 0, - "context": { - "source": "//192.168.1.192/transfer" - }, - "controller_required": false, - "controllers_expected": 0, - "controllers_healthy": 0, - "deregister_on_destroy": true, - "external_id": "unraid_transfer", - "id": "unraid_transfer", - "mount_options": [], - "name": "unraid_transfer", - "namespace": "default", - "nodes_expected": 1, - "nodes_healthy": 1, - "parameters": { - "csi.storage.k8s.io/node-stage-secret-name": "smbcreds", - "csi.storage.k8s.io/node-stage-secret-namespace": "default" - }, - "plugin_id": "smb", - "plugin_provider": "smb.csi.k8s.io", - "plugin_provider_version": "v1.7.0", - "schedulable": true, - "secrets": { - "password": "", - "username": "anon" - }, - "timeouts": null, - "topologies": [], - "topology_request": [], - "volume_id": "unraid_transfer" - }, - "sensitive_attributes": [ - [ - { - "type": "get_attr", - "value": "secrets" - } - ] - ], - "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwfX0=", - "dependencies": [ - "data.nomad_plugin.smb" - ] - } - ] - }, - { - "mode": "managed", - "type": "nomad_csi_volume_registration", - "name": "unraid_transfer_subdir", - "provider": "provider[\"registry.terraform.io/hashicorp/nomad\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "capability": [ - { - "access_mode": "single-node-writer", - "attachment_mode": "file-system" - } - ], - "capacity": 0, - "capacity_max": null, - "capacity_max_bytes": 0, - "capacity_min": null, - "capacity_min_bytes": 0, - "context": { - "source": "//192.168.1.192/transfer", - "subDir": "subdir" - }, - "controller_required": false, - "controllers_expected": 0, - "controllers_healthy": 0, - "deregister_on_destroy": true, - "external_id": "unraid_transfer_subdir", - "id": "unraid_transfer_subdir", - "mount_options": [], - "name": "unraid_transfer_subdir", - "namespace": "default", - "nodes_expected": 1, - "nodes_healthy": 1, - "parameters": { - "csi.storage.k8s.io/node-stage-secret-name": "smbcreds", - "csi.storage.k8s.io/node-stage-secret-namespace": "default" - }, - "plugin_id": "smb", - "plugin_provider": "smb.csi.k8s.io", - "plugin_provider_version": "v1.7.0", - "schedulable": true, - "secrets": { - "password": "$lUPyJw1Yc\u0026B997i", - "username": "othrayte" - }, - "timeouts": null, - "topologies": [], - "topology_request": [], - "volume_id": "unraid_transfer_subdir" - }, - "sensitive_attributes": [ - [ - { - "type": "get_attr", - "value": "secrets" - } - ] - ], - "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwfX0=", - "dependencies": [ - "data.nomad_plugin.smb" - ] - } - ] - }, - { - "mode": "managed", - "type": "nomad_job", - "name": "authelia", - "provider": "provider[\"registry.terraform.io/hashicorp/nomad\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "allocation_ids": [], - "datacenters": [ - "*" - ], - "deployment_id": null, - "deployment_status": null, - "deregister_on_destroy": true, - "deregister_on_id_change": true, - "detach": true, - "hcl2": [], - "id": "authelia", - "jobspec": "job \"authelia\" {\n group \"authelia\" {\n network {\n port \"http\" {\n static = 9091\n }\n }\n\n service {\n name = \"auth\"\n port = \"http\"\n\n tags = [\n \"traefik.enable=true\",\n ]\n\n check {\n type = \"http\"\n path = \"/health\"\n interval = \"10s\"\n timeout = \"2s\"\n }\n }\n\n task \"authelia\" {\n driver = \"docker\"\n\n config {\n image = \"authelia/authelia:latest\"\n\n ports = [\"http\"]\n\n volumes = [\n \"local/config:/config\",\n \"local/data:/data\"\n ]\n }\n\n resources {\n cpu = 100\n memory = 128\n }\n\n template {\n data = \u003c\u003cEOF\nserver:\n address: tcp://0.0.0.0:{{ env \"NOMAD_PORT_http\" }}/\ntheme: \"auto\"\nidentity_validation:\n reset_password:\n jwt_secret: \"{{ with nomadVar \"nomad/jobs/authelia\" }}{{ .jwt_secret }}{{ end }}\"\n\nauthentication_backend:\n file:\n path: /config/users_database.yml\n\naccess_control:\n default_policy: deny\n rules:\n - domain: \"*.othrayte.one\"\n policy: one_factor\n # Disable auth for authelia\n #- domain: \"auth.othrayte.one\"\n # policy: bypass\n\nsession:\n name: authelia_session\n secret: \"{{ with nomadVar \"nomad/jobs/authelia\" }}{{ .session_secret }}{{ end }}\"\n expiration: 3600\n cookies:\n - domain: othrayte.one\n authelia_url: \"https://auth.othrayte.one\"\n\nstorage:\n local:\n path: /config/db.sqlite3\n encryption_key: \"{{ with nomadVar \"nomad/jobs/authelia\" }}{{ .encryption_key }}{{ end }}\"\n\nnotifier:\n filesystem:\n filename: /config/notification.txt\nEOF\n\n destination = \"local/config/configuration.yml\"\n }\n\n template {\n data = \u003c\u003cEOF\n# Users database for Authelia\nusers:\n othrayte:\n password: \"$2y$10$FeemMJevZXq6y1pc6FNOXeIlthGWiGHRmMfpV33BNcpChA5ozLUmK\"\n displayname: \"Adrian\"\n email: \"othrayte@gmail.com\"\nEOF\n\n destination = \"local/config/users_database.yml\"\n }\n }\n }\n}\n", - "json": null, - "modify_index": "17976", - "name": "authelia", - "namespace": "default", - "policy_override": null, - "purge_on_destroy": null, - "read_allocation_ids": false, - "region": "global", - "rerun_if_dead": false, - "status": "running", - "task_groups": [ - { - "count": 1, - "meta": {}, - "name": "authelia", - "task": [ - { - "driver": "docker", - "meta": {}, - "name": "authelia", - "volume_mounts": [] - } - ], - "volumes": [] - } - ], - "timeouts": null, - "type": "service" - }, - "sensitive_attributes": [], - "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjozMDAwMDAwMDAwMDAsInVwZGF0ZSI6MzAwMDAwMDAwMDAwfX0=" - } - ] - }, - { - "mode": "managed", - "type": "nomad_job", - "name": "csi-smb", - "provider": "provider[\"registry.terraform.io/hashicorp/nomad\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "allocation_ids": [], - "datacenters": [ - "*" - ], - "deployment_id": null, - "deployment_status": null, - "deregister_on_destroy": true, - "deregister_on_id_change": true, - "detach": true, - "hcl2": [], - "id": "csi-smb", - "jobspec": "job \"csi-smb\" {\n type = \"system\"\n\n group \"smb\" {\n task \"plugin\" {\n driver = \"docker\"\n\n config {\n image = \"mcr.microsoft.com/k8s/csi/smb-csi:v1.7.0\"\n args = [\n \"--v=5\",\n \"--nodeid=${attr.unique.hostname}\",\n \"--endpoint=unix:///csi/csi.sock\",\n \"--drivername=smb.csi.k8s.io\"\n ]\n privileged = true\n }\n\n csi_plugin {\n id = \"smb\"\n type = \"node\"\n mount_dir = \"/csi\"\n }\n\n resources {\n cpu = 100\n memory = 50\n }\n }\n }\n}", - "json": null, - "modify_index": "11526", - "name": "csi-smb", - "namespace": "default", - "policy_override": null, - "purge_on_destroy": null, - "read_allocation_ids": false, - "region": "global", - "rerun_if_dead": false, - "status": "running", - "task_groups": [ - { - "count": 1, - "meta": {}, - "name": "smb", - "task": [ - { - "driver": "docker", - "meta": {}, - "name": "plugin", - "volume_mounts": [] - } - ], - "volumes": [] - } - ], - "timeouts": null, - "type": "system" - }, - "sensitive_attributes": [], - "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjozMDAwMDAwMDAwMDAsInVwZGF0ZSI6MzAwMDAwMDAwMDAwfX0=" - } - ] - }, - { - "mode": "managed", - "type": "nomad_job", - "name": "glance", - "provider": "provider[\"registry.terraform.io/hashicorp/nomad\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "allocation_ids": [], - "datacenters": [ - "*" - ], - "deployment_id": null, - "deployment_status": null, - "deregister_on_destroy": true, - "deregister_on_id_change": true, - "detach": true, - "hcl2": [], - "id": "glance", - "jobspec": "job \"glance\" {\n group \"glance\" {\n count = 1\n\n network {\n port \"http\" {\n to = 8080\n }\n }\n\n task \"glance\" {\n driver = \"docker\"\n\n config {\n image = \"glanceapp/glance:latest\"\n ports = [\"http\"]\n volumes = [\n \"local/glance.yml:/app/config/glance.yml\",\n ]\n }\n\n service {\n name = \"home\"\n port = \"http\"\n \n tags = [\n \"traefik.enable=true\",\n \"traefik.http.routers.home.middlewares=auth@file\",\n ]\n\n check {\n name = \"alive\"\n type = \"tcp\"\n port = \"http\"\n interval = \"10s\"\n timeout = \"2s\"\n }\n }\n\n resources {\n cpu = 50\n memory = 128\n }\n\n\n template {\n data = \u003c\u003cEOF\npages:\n - name: Home\n # Optionally, if you only have a single page you can hide the desktop navigation for a cleaner look\n # hide-desktop-navigation: true\n columns:\n - size: small\n widgets:\n - type: calendar\n first-day-of-week: monday\n\n - type: rss\n limit: 10\n collapse-after: 3\n cache: 12h\n feeds:\n - url: https://selfh.st/rss/\n title: selfh.st\n limit: 4\n - url: https://ciechanow.ski/atom.xml\n - url: https://www.joshwcomeau.com/rss.xml\n title: Josh Comeau\n - url: https://samwho.dev/rss.xml\n - url: https://ishadeed.com/feed.xml\n title: Ahmad Shadeed\n\n - type: twitch-channels\n channels:\n - theprimeagen\n - j_blow\n - piratesoftware\n - cohhcarnage\n - christitustech\n - EJ_SA\n\n - size: full\n widgets:\n - type: group\n widgets:\n - type: hacker-news\n - type: lobsters\n\n - type: videos\n channels:\n - UCXuqSBlHAE6Xw-yeJA0Tunw # Linus Tech Tips\n - UCR-DXc1voovS8nhAvccRZhg # Jeff Geerling\n - UCsBjURrPoezykLs9EqgamOA # Fireship\n - UCBJycsmduvYEL83R_U4JriQ # Marques Brownlee\n - UCHnyfMqiRRG1u-2MsSQLbXA # Veritasium\n\n - type: bookmarks\n groups:\n - links:\n - title: Gmail\n url: https://mail.google.com/mail/u/0/\n - title: Amazon\n url: https://www.amazon.com/\n - title: Github\n url: https://github.com/\n - title: Wikipedia\n url: https://en.wikipedia.org/\n - title: Infra\n color: 10 70 50\n links:\n - title: Nomad\n url: https://nomad.othrayte.one/\n - title: Consul\n url: https://consul.othrayte.one/\n - title: Traefik\n url: https://traefik.othrayte.one/\n - title: Social\n color: 200 50 50\n links:\n - title: Reddit\n url: https://www.reddit.com/\n - title: Twitter\n url: https://twitter.com/\n - title: Instagram\n url: https://www.instagram.com/\n\n - size: small\n widgets:\n - type: weather\n location: Melbourne, Australia\n units: metric\n hour-format: 12h\n # Optionally hide the location from being displayed in the widget\n # hide-location: true\n\n - type: releases\n cache: 1d\n # Without authentication the Github API allows for up to 60 requests per hour. You can create a\n # read-only token from your Github account settings and use it here to increase the limit.\n # token: ...\n repositories:\n - glanceapp/glance\n - go-gitea/gitea\n - immich-app/immich\n - syncthing/syncthing\n\n # Add more pages here:\n # - name: Your page name\n # columns:\n # - size: small\n # widgets:\n # # Add widgets here\n\n # - size: full\n # widgets:\n # # Add widgets here\n\n # - size: small\n # widgets:\n # # Add widgets here\nEOF\n\n destination = \"local/glance.yml\"\n }\n\n }\n }\n}", - "json": null, - "modify_index": "17710", - "name": "glance", - "namespace": "default", - "policy_override": null, - "purge_on_destroy": null, - "read_allocation_ids": false, - "region": "global", - "rerun_if_dead": false, - "status": "running", - "task_groups": [ - { - "count": 1, - "meta": {}, - "name": "glance", - "task": [ - { - "driver": "docker", - "meta": {}, - "name": "glance", - "volume_mounts": [] - } - ], - "volumes": [] - } - ], - "timeouts": null, - "type": "service" - }, - "sensitive_attributes": [], - "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjozMDAwMDAwMDAwMDAsInVwZGF0ZSI6MzAwMDAwMDAwMDAwfX0=" - } - ] - }, - { - "mode": "managed", - "type": "nomad_job", - "name": "hello_world", - "provider": "provider[\"registry.terraform.io/hashicorp/nomad\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "allocation_ids": [], - "datacenters": [ - "*" - ], - "deployment_id": null, - "deployment_status": null, - "deregister_on_destroy": true, - "deregister_on_id_change": true, - "detach": true, - "hcl2": [], - "id": "hello-world", - "jobspec": "job \"hello-world\" {\n group \"servers\" {\n network {\n port \"www\" {\n to = -1\n }\n }\n\n service {\n name = \"hello-world\"\n port = \"www\"\n \n tags = [\n \"traefik.enable=true\",\n \"traefik.http.routers.hello-world.middlewares=auth@file\",\n ]\n\n check {\n name = \"alive\"\n type = \"tcp\"\n port = \"www\"\n interval = \"10s\"\n timeout = \"2s\"\n }\n }\n \n\n # Tasks are individual units of work that are run by Nomad.\n task \"web\" {\n # This particular task starts a simple web server within a Docker container\n driver = \"docker\"\n\n config {\n image = \"busybox:1\"\n command = \"httpd\"\n args = [\"-v\", \"-f\", \"-p\", \"${NOMAD_PORT_www}\", \"-h\", \"/local\"]\n ports = [\"www\"]\n }\n\n template {\n data = \u003c\u003c-EOF\n \u003ch1\u003eHello, Nomad!\u003c/h1\u003e\n \u003cul\u003e\n \u003cli\u003eTask: {{env \"NOMAD_TASK_NAME\"}}\u003c/li\u003e\n \u003cli\u003eGroup: {{env \"NOMAD_GROUP_NAME\"}}\u003c/li\u003e\n \u003cli\u003eJob: {{env \"NOMAD_JOB_NAME\"}}\u003c/li\u003e\n \u003cli\u003eMetadata value for foo: {{env \"NOMAD_META_foo\"}}\u003c/li\u003e\n \u003cli\u003eCurrently running on port: {{env \"NOMAD_PORT_www\"}}\u003c/li\u003e\n \u003c/ul\u003e\n EOF\n destination = \"local/index.html\"\n }\n\n # Specify the maximum resources required to run the task\n resources {\n cpu = 50\n memory = 64\n }\n }\n }\n}", - "json": null, - "modify_index": "17709", - "name": "hello-world", - "namespace": "default", - "policy_override": null, - "purge_on_destroy": null, - "read_allocation_ids": false, - "region": "global", - "rerun_if_dead": false, - "status": "running", - "task_groups": [ - { - "count": 1, - "meta": {}, - "name": "servers", - "task": [ - { - "driver": "docker", - "meta": {}, - "name": "web", - "volume_mounts": [] - } - ], - "volumes": [] - } - ], - "timeouts": null, - "type": "service" - }, - "sensitive_attributes": [], - "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjozMDAwMDAwMDAwMDAsInVwZGF0ZSI6MzAwMDAwMDAwMDAwfX0=" - } - ] - }, - { - "mode": "managed", - "type": "nomad_job", - "name": "traefik", - "provider": "provider[\"registry.terraform.io/hashicorp/nomad\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "allocation_ids": [], - "datacenters": [ - "*" - ], - "deployment_id": null, - "deployment_status": null, - "deregister_on_destroy": true, - "deregister_on_id_change": true, - "detach": true, - "hcl2": [], - "id": "traefik", - "jobspec": "job \"traefik\" {\n group \"traefik\" {\n network {\n port \"http\" {\n static = 80\n }\n\n port \"https\" {\n static = 443\n }\n\n port \"api\" {\n static = 8081\n }\n }\n\n service {\n name = \"traefik\"\n\n tags = [\n \"traefik.enable=true\",\n \"traefik.http.routers.traefik.rule=Host(`traefik.othrayte.one`)\",\n \"traefik.http.routers.traefik.service=traefik\",\n \"traefik.http.routers.traefik.middlewares=auth@file\",\n \"traefik.http.services.traefik.loadbalancer.server.port=8081\",\n ]\n\n check {\n name = \"alive\"\n type = \"tcp\"\n port = \"http\"\n interval = \"10s\"\n timeout = \"2s\"\n }\n }\n\n volume \"traefik\" {\n type = \"host\"\n read_only = false\n source = \"traefik\"\n }\n\n task \"traefik\" {\n driver = \"docker\"\n\n config {\n image = \"traefik:v3.3\"\n network_mode = \"host\"\n\n volumes = [\n \"local/traefik.yml:/etc/traefik/traefik.yml\",\n \"local/configs/:/etc/traefik/configs/\"\n ]\n }\n\n volume_mount {\n volume = \"traefik\"\n destination = \"/opt/traefik\"\n read_only = false\n }\n\n template {\n data = \u003c\u003cEOF\nentryPoints:\n web:\n address: \":80\"\n http:\n redirections:\n entryPoint:\n to: websecure\n scheme: https\n websecure:\n address: \":443\"\n http:\n tls:\n certResolver: letsencrypt\n traefik:\n address: \":8081\"\n\napi:\n dashboard: true\n insecure: true\n\nproviders:\n file:\n directory: \"/etc/traefik/configs/\"\n\n consulCatalog:\n prefix: \"traefik\"\n exposedByDefault: false\n defaultRule: {{\"Host(`{{ .Name }}.othrayte.one`)\"}}\n endpoint:\n address: \"127.0.0.1:8500\"\n scheme: \"http\"\n\ncertificatesResolvers:\n letsencrypt:\n acme:\n email: \"othrayte@gmail.com\"\n storage: \"/opt/traefik/acme.json\"\n httpChallenge:\n entryPoint: web\nEOF\n\n destination = \"local/traefik.yml\"\n }\n\n template {\n data = \u003c\u003cEOF\nhttp:\n middlewares:\n auth:\n forwardAuth:\n address: \"http://192.168.1.235:9091/api/authz/forward-auth\"\n trustForwardHeader: true\n routers:\n fallback:\n rule: \"HostRegexp(`^.+$`)\"\n entryPoints:\n - websecure\n middlewares:\n - auth\n service: noop@internal # This router just applies middleware\n priority: 1\n nomad-ui:\n rule: \"Host(`nomad.othrayte.one`)\"\n service: nomad-ui\n middlewares:\n - auth\n consul-ui:\n rule: \"Host(`consul.othrayte.one`)\"\n service: consul-ui\n middlewares:\n - auth\n unraid:\n rule: \"Host(`unraid.othrayte.one`)\"\n service: unraid\n middlewares:\n - auth\n\n services:\n nomad-ui:\n loadBalancer:\n servers:\n - url: \"http://127.0.0.1:4646\"\n consul-ui:\n loadBalancer:\n servers:\n - url: \"http://127.0.0.1:8500\"\n unraid:\n loadBalancer:\n servers:\n - url: \"http://192.168.1.192:80\"\nEOF\n\n destination = \"local/configs/nomad.yml\"\n }\n\n resources {\n cpu = 100\n memory = 128\n }\n }\n }\n}\n", - "json": null, - "modify_index": "18000", - "name": "traefik", - "namespace": "default", - "policy_override": null, - "purge_on_destroy": null, - "read_allocation_ids": false, - "region": "global", - "rerun_if_dead": false, - "status": "running", - "task_groups": [ - { - "count": 1, - "meta": {}, - "name": "traefik", - "task": [ - { - "driver": "docker", - "meta": {}, - "name": "traefik", - "volume_mounts": [ - { - "destination": "/opt/traefik", - "read_only": false, - "volume": "traefik" - } - ] - } - ], - "volumes": [ - { - "name": "traefik", - "read_only": false, - "source": "traefik", - "type": "host" - } - ] - } - ], - "timeouts": null, - "type": "service" - }, - "sensitive_attributes": [], - "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjozMDAwMDAwMDAwMDAsInVwZGF0ZSI6MzAwMDAwMDAwMDAwfX0=" - } - ] - }, - { - "mode": "managed", - "type": "nomad_job", - "name": "transfer", - "provider": "provider[\"registry.terraform.io/hashicorp/nomad\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "allocation_ids": [], - "datacenters": [], - "deployment_id": null, - "deployment_status": null, - "deregister_on_destroy": true, - "deregister_on_id_change": true, - "detach": true, - "hcl2": [], - "id": "transfer", - "jobspec": "job \"transfer\" {\n group \"transfer\" {\n network {\n port \"http\" {\n to = 80\n }\n }\n\n service {\n name = \"transfer\"\n port = \"http\"\n \n tags = [\n \"traefik.enable=true\",\n \"traefik.http.routers.volume-test.middlewares=auth@file\",\n ]\n\n check {\n type = \"http\"\n path = \"/\"\n interval = \"10s\"\n timeout = \"2s\"\n }\n }\n\n volume \"unraid_transfer\" {\n type = \"csi\"\n read_only = false\n source = \"unraid_transfer\"\n access_mode = \"single-node-writer\"\n attachment_mode = \"file-system\"\n\n mount_options {\n mount_flags = [\"uid=911\",\"gid=1000\"] # linuxserver.io container services run as uid 911\n }\n }\n\n task \"filebrowser\" {\n driver = \"docker\"\n\n config {\n # Use the s6 tag for the linuxserver.io based image\n image = \"filebrowser/filebrowser:s6\"\n\n ports = [\"http\"]\n\n volumes = [\n \"local/config/settings.json:/config/settings.json\",\n ]\n }\n\n volume_mount {\n volume = \"unraid_transfer\"\n\t destination = \"/srv\"\n read_only = false\n }\n\n resources {\n cpu = 500\n memory = 256\n }\n\n template {\n data = \u003c\u003cEOF\n{\n \"port\": 80,\n \"baseURL\": \"\",\n \"address\": \"\",\n \"log\": \"stdout\",\n \"database\": \"/database/filebrowser.db\",\n \"root\": \"/srv\",\n \"auth\": {\n \"method\": \"noauth\"\n }\n}\nEOF\n\n destination = \"local/config/settings.json\"\n }\n }\n }\n}", - "json": null, - "modify_index": "21193", - "name": "transfer", - "namespace": "default", - "policy_override": null, - "purge_on_destroy": null, - "read_allocation_ids": false, - "region": "global", - "rerun_if_dead": false, - "status": "running", - "task_groups": [ - { - "count": 1, - "meta": {}, - "name": "transfer", - "task": [ - { - "driver": "docker", - "meta": {}, - "name": "filebrowser", - "volume_mounts": [ - { - "destination": "/srv", - "read_only": false, - "volume": "unraid_transfer" - } - ] - } - ], - "volumes": [ - { - "name": "unraid_transfer", - "read_only": false, - "source": "unraid_transfer", - "type": "csi" - } - ] - } - ], - "timeouts": null, - "type": "service" - }, - "sensitive_attributes": [], - "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjozMDAwMDAwMDAwMDAsInVwZGF0ZSI6MzAwMDAwMDAwMDAwfX0=" - } - ] - }, - { - "mode": "managed", - "type": "nomad_job", - "name": "webapp", - "provider": "provider[\"registry.terraform.io/hashicorp/nomad\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "allocation_ids": [], - "datacenters": [ - "*" - ], - "deployment_id": null, - "deployment_status": null, - "deregister_on_destroy": true, - "deregister_on_id_change": true, - "detach": true, - "hcl2": [], - "id": "demo-webapp", - "jobspec": "job \"demo-webapp\" {\n group \"demo\" {\n count = 3\n\n network {\n port \"http\"{\n to = -1\n }\n }\n\n service {\n name = \"demo-webapp\"\n port = \"http\"\n\n tags = [\n \"traefik.enable=true\",\n \"traefik.http.routers.demo-webapp.middlewares=auth@file\",\n ]\n\n check {\n type = \"http\"\n path = \"/\"\n interval = \"2s\"\n timeout = \"2s\"\n }\n }\n\n task \"server\" {\n env {\n PORT = \"${NOMAD_PORT_http}\"\n NODE_IP = \"${NOMAD_IP_http}\"\n }\n\n driver = \"docker\"\n\n config {\n image = \"hashicorp/demo-webapp-lb-guide\"\n ports = [\"http\"]\n }\n }\n }\n}", - "json": null, - "modify_index": "17707", - "name": "demo-webapp", - "namespace": "default", - "policy_override": null, - "purge_on_destroy": null, - "read_allocation_ids": false, - "region": "global", - "rerun_if_dead": false, - "status": "running", - "task_groups": [ - { - "count": 3, - "meta": {}, - "name": "demo", - "task": [ - { - "driver": "docker", - "meta": {}, - "name": "server", - "volume_mounts": [] - } - ], - "volumes": [] - } - ], - "timeouts": null, - "type": "service" - }, - "sensitive_attributes": [], - "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjozMDAwMDAwMDAwMDAsInVwZGF0ZSI6MzAwMDAwMDAwMDAwfX0=" - } - ] - } - ], - "check_results": null -} diff --git a/2-nomad-config/transfer.nomad.hcl b/2-nomad-config/transfer.nomad.hcl index 25bd994..868052a 100644 --- a/2-nomad-config/transfer.nomad.hcl +++ b/2-nomad-config/transfer.nomad.hcl @@ -34,6 +34,18 @@ job "transfer" { mount_flags = ["uid=911","gid=1000"] # linuxserver.io container services run as uid 911 } } + + volume "appdata" { + type = "csi" + read_only = false + source = "unraid_appdata_transferfilebrowser" + access_mode = "single-node-writer" + attachment_mode = "file-system" + + mount_options { + mount_flags = ["uid=911","gid=1000"] # linuxserver.io container services run as uid 911 + } + } task "filebrowser" { driver = "docker" @@ -49,6 +61,12 @@ job "transfer" { ] } + volume_mount { + volume = "appdata" + destination = "/database" + read_only = false + } + volume_mount { volume = "unraid_transfer" destination = "/srv"