diff --git a/1-nixos-node/configuration.nix b/1-nixos-node/configuration.nix index f97c808..81e5b5c 100644 --- a/1-nixos-node/configuration.nix +++ b/1-nixos-node/configuration.nix @@ -52,6 +52,7 @@ }; }; }; + plugin.docker.config.allow_privileged = true; }; }; consul = { diff --git a/1-nixos-node/terraform.tfstate b/1-nixos-node/terraform.tfstate index b9876d1..f14d4ff 100644 --- a/1-nixos-node/terraform.tfstate +++ b/1-nixos-node/terraform.tfstate @@ -1,7 +1,7 @@ { "version": 4, "terraform_version": "1.11.4", - "serial": 67, + "serial": 73, "lineage": "db7dcf21-a255-0ec4-c8b8-d4a7559b3768", "outputs": {}, "resources": [ @@ -14,9 +14,9 @@ { "schema_version": 0, "attributes": { - "id": "4397105856900626906", + "id": "4311733097030196208", "triggers": { - "configuration_content": "{ config, lib, pkgs, ... }:\n{\n imports =\n [ # Include the results of the hardware scan.\n ./hardware-configuration.nix\n ];\n\n nixpkgs.config.allowUnfree = true;\n\n # Use the systemd-boot EFI boot loader.\n boot.loader.systemd-boot.enable = true;\n boot.loader.efi.canTouchEfiVariables = true;\n\n networking.hostName = \"jaglan-beta-m01\"; # Define your hostname.\n\n time.timeZone = \"Australia/Melbourne\";\n\n # List packages installed in system profile. To search, run:\n # $ nix search wget\n # environment.systemPackages = with pkgs; [\n # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.\n # wget\n # ];\n\n # Some programs need SUID wrappers, can be configured further or are\n # started in user sessions.\n # programs.mtr.enable = true;\n # programs.gnupg.agent = {\n # enable = true;\n # enableSSHSupport = true;\n # };\n\n # List services that you want to enable:\n services = {\n tailscale.enable = true;\n nomad = {\n enable = true;\n enableDocker = true;\n dropPrivileges = false;\n settings = {\n datacenter = \"jaglan-beta\";\n server = {\n enabled = true;\n bootstrap_expect = 1;\n };\n client = {\n enabled = true;\n host_volume = {\n traefik = {\n path = \"/opt/traefik\";\n read_only = false;\n };\n };\n };\n };\n };\n consul = {\n enable = true;\n webUi = true;\n interface.bind = \"tailscale0\"; # Bind to the Tailscale interface\n interface.advertise = \"tailscale0\"; # Advertise the Tailscale interface\n extraConfig = {\n bootstrap_expect = 1;\n server = true;\n client_addr = \"127.0.0.1 100.79.223.55\";\n datacenter = \"jaglan-beta\";\n };\n };\n openssh = {\n enable = true;\n settings.PermitRootLogin = \"yes\";\n };\n };\n\n systemd.tmpfiles.rules = [\n # Fix issue where nomad needs alloc_mounts to be writable\n \"d /var/lib/alloc_mounts 0755 root root -\"\n # Create a directory for Traefik to store its data (tls certs, etc.)\n \"d /opt/traefik 0755 root root -\"\n ];\n\n # Open ports in the firewall. 464X are the default ports for Nomad.\n networking.firewall.allowedTCPPorts = [ 80 443 4646 4647 4648 ];\n\n # Copy the NixOS configuration file and link it from the resulting system\n # (/run/current-system/configuration.nix). This is useful in case you\n # accidentally delete configuration.nix.\n system.copySystemConfiguration = true;\n\n # Defines the initial NixOS version for compatibility with older application data.\n # Do NOT change this value after installation without careful consideration.\n system.stateVersion = \"24.11\"; # Did you read the comment?\n}\n" + "configuration_content": "{ config, lib, pkgs, ... }:\n{\n imports =\n [ # Include the results of the hardware scan.\n ./hardware-configuration.nix\n ];\n\n nixpkgs.config.allowUnfree = true;\n\n # Use the systemd-boot EFI boot loader.\n boot.loader.systemd-boot.enable = true;\n boot.loader.efi.canTouchEfiVariables = true;\n\n networking.hostName = \"jaglan-beta-m01\"; # Define your hostname.\n\n time.timeZone = \"Australia/Melbourne\";\n\n # List packages installed in system profile. To search, run:\n # $ nix search wget\n # environment.systemPackages = with pkgs; [\n # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.\n # wget\n # ];\n\n # Some programs need SUID wrappers, can be configured further or are\n # started in user sessions.\n # programs.mtr.enable = true;\n # programs.gnupg.agent = {\n # enable = true;\n # enableSSHSupport = true;\n # };\n\n # List services that you want to enable:\n services = {\n tailscale.enable = true;\n nomad = {\n enable = true;\n enableDocker = true;\n dropPrivileges = false;\n settings = {\n datacenter = \"jaglan-beta\";\n server = {\n enabled = true;\n bootstrap_expect = 1;\n };\n client = {\n enabled = true;\n host_volume = {\n traefik = {\n path = \"/opt/traefik\";\n read_only = false;\n };\n };\n };\n plugin.docker.config.allow_privileged = true;\n };\n };\n consul = {\n enable = true;\n webUi = true;\n interface.bind = \"tailscale0\"; # Bind to the Tailscale interface\n interface.advertise = \"tailscale0\"; # Advertise the Tailscale interface\n extraConfig = {\n bootstrap_expect = 1;\n server = true;\n client_addr = \"127.0.0.1 100.79.223.55\";\n datacenter = \"jaglan-beta\";\n };\n };\n openssh = {\n enable = true;\n settings.PermitRootLogin = \"yes\";\n };\n };\n\n systemd.tmpfiles.rules = [\n # Fix issue where nomad needs alloc_mounts to be writable\n \"d /var/lib/alloc_mounts 0755 root root -\"\n # Create a directory for Traefik to store its data (tls certs, etc.)\n \"d /opt/traefik 0755 root root -\"\n ];\n\n # Open ports in the firewall. 464X are the default ports for Nomad.\n networking.firewall.allowedTCPPorts = [ 80 443 4646 4647 4648 ];\n\n # Copy the NixOS configuration file and link it from the resulting system\n # (/run/current-system/configuration.nix). This is useful in case you\n # accidentally delete configuration.nix.\n system.copySystemConfiguration = true;\n\n # Defines the initial NixOS version for compatibility with older application data.\n # Do NOT change this value after installation without careful consideration.\n system.stateVersion = \"24.11\"; # Did you read the comment?\n}\n" } }, "sensitive_attributes": [] diff --git a/1-nixos-node/terraform.tfstate.backup b/1-nixos-node/terraform.tfstate.backup index cdb5205..41a4e96 100644 --- a/1-nixos-node/terraform.tfstate.backup +++ b/1-nixos-node/terraform.tfstate.backup @@ -1,7 +1,7 @@ { "version": 4, "terraform_version": "1.11.4", - "serial": 64, + "serial": 70, "lineage": "db7dcf21-a255-0ec4-c8b8-d4a7559b3768", "outputs": {}, "resources": [ @@ -12,11 +12,12 @@ "provider": "provider[\"registry.terraform.io/hashicorp/null\"]", "instances": [ { + "status": "tainted", "schema_version": 0, "attributes": { - "id": "6660434058046251894", + "id": "6299339239344216968", "triggers": { - "configuration_content": "{ config, lib, pkgs, ... }:\n{\n imports =\n [ # Include the results of the hardware scan.\n ./hardware-configuration.nix\n ];\n\n nixpkgs.config.allowUnfree = true;\n\n # Use the systemd-boot EFI boot loader.\n boot.loader.systemd-boot.enable = true;\n boot.loader.efi.canTouchEfiVariables = true;\n\n networking.hostName = \"jaglan-beta-m01\"; # Define your hostname.\n\n time.timeZone = \"Australia/Melbourne\";\n\n # List packages installed in system profile. To search, run:\n # $ nix search wget\n # environment.systemPackages = with pkgs; [\n # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.\n # wget\n # ];\n\n # Some programs need SUID wrappers, can be configured further or are\n # started in user sessions.\n # programs.mtr.enable = true;\n # programs.gnupg.agent = {\n # enable = true;\n # enableSSHSupport = true;\n # };\n\n # List services that you want to enable:\n services = {\n tailscale.enable = true;\n nomad = {\n enable = true;\n enableDocker = true;\n dropPrivileges = false;\n settings = {\n datacenter = \"jaglan-beta\";\n server = {\n enabled = true;\n bootstrap_expect = 1;\n };\n client = {\n enabled = true;\n };\n };\n };\n consul = {\n enable = true;\n webUi = true;\n interface.bind = \"tailscale0\"; # Bind to the Tailscale interface\n interface.advertise = \"tailscale0\"; # Advertise the Tailscale interface\n extraConfig = {\n bootstrap_expect = 1;\n server = true;\n client_addr = \"127.0.0.1 100.79.223.55\";\n datacenter = \"jaglan-beta\";\n };\n };\n openssh = {\n enable = true;\n settings.PermitRootLogin = \"yes\";\n };\n };\n\n # Fix issue where nomad needs alloc_mounts to be writable\n systemd.tmpfiles.rules = [\n \"d /var/lib/alloc_mounts 0755 root root -\"\n ];\n\n # Open ports in the firewall. 464X are the default ports for Nomad.\n networking.firewall.allowedTCPPorts = [ 80 4646 4647 4648 ];\n\n # Copy the NixOS configuration file and link it from the resulting system\n # (/run/current-system/configuration.nix). This is useful in case you\n # accidentally delete configuration.nix.\n system.copySystemConfiguration = true;\n\n # Defines the initial NixOS version for compatibility with older application data.\n # Do NOT change this value after installation without careful consideration.\n system.stateVersion = \"24.11\"; # Did you read the comment?\n}\n" + "configuration_content": "{ config, lib, pkgs, ... }:\n{\n imports =\n [ # Include the results of the hardware scan.\n ./hardware-configuration.nix\n ];\n\n nixpkgs.config.allowUnfree = true;\n\n # Use the systemd-boot EFI boot loader.\n boot.loader.systemd-boot.enable = true;\n boot.loader.efi.canTouchEfiVariables = true;\n\n networking.hostName = \"jaglan-beta-m01\"; # Define your hostname.\n\n time.timeZone = \"Australia/Melbourne\";\n\n # List packages installed in system profile. To search, run:\n # $ nix search wget\n # environment.systemPackages = with pkgs; [\n # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.\n # wget\n # ];\n\n # Some programs need SUID wrappers, can be configured further or are\n # started in user sessions.\n # programs.mtr.enable = true;\n # programs.gnupg.agent = {\n # enable = true;\n # enableSSHSupport = true;\n # };\n\n # List services that you want to enable:\n services = {\n tailscale.enable = true;\n nomad = {\n enable = true;\n enableDocker = true;\n dropPrivileges = false;\n settings = {\n datacenter = \"jaglan-beta\";\n server = {\n enabled = true;\n bootstrap_expect = 1;\n };\n client = {\n enabled = true;\n host_volume = {\n traefik = {\n path = \"/opt/traefik\";\n read_only = false;\n };\n };\n plugin.docker.config.allow_privileged = true;\n };\n };\n };\n consul = {\n enable = true;\n webUi = true;\n interface.bind = \"tailscale0\"; # Bind to the Tailscale interface\n interface.advertise = \"tailscale0\"; # Advertise the Tailscale interface\n extraConfig = {\n bootstrap_expect = 1;\n server = true;\n client_addr = \"127.0.0.1 100.79.223.55\";\n datacenter = \"jaglan-beta\";\n };\n };\n openssh = {\n enable = true;\n settings.PermitRootLogin = \"yes\";\n };\n };\n\n systemd.tmpfiles.rules = [\n # Fix issue where nomad needs alloc_mounts to be writable\n \"d /var/lib/alloc_mounts 0755 root root -\"\n # Create a directory for Traefik to store its data (tls certs, etc.)\n \"d /opt/traefik 0755 root root -\"\n ];\n\n # Open ports in the firewall. 464X are the default ports for Nomad.\n networking.firewall.allowedTCPPorts = [ 80 443 4646 4647 4648 ];\n\n # Copy the NixOS configuration file and link it from the resulting system\n # (/run/current-system/configuration.nix). This is useful in case you\n # accidentally delete configuration.nix.\n system.copySystemConfiguration = true;\n\n # Defines the initial NixOS version for compatibility with older application data.\n # Do NOT change this value after installation without careful consideration.\n system.stateVersion = \"24.11\"; # Did you read the comment?\n}\n" } }, "sensitive_attributes": [] diff --git a/2-nomad-config/csi-smb.nomad.hcl b/2-nomad-config/csi-smb.nomad.hcl new file mode 100644 index 0000000..a5e9965 --- /dev/null +++ b/2-nomad-config/csi-smb.nomad.hcl @@ -0,0 +1,31 @@ +job "csi-smb" { + type = "system" + + group "smb" { + task "plugin" { + driver = "docker" + + config { + image = "mcr.microsoft.com/k8s/csi/smb-csi:v1.7.0" + args = [ + "--v=5", + "--nodeid=${attr.unique.hostname}", + "--endpoint=unix:///csi/csi.sock", + "--drivername=smb.csi.k8s.io" + ] + privileged = true + } + + csi_plugin { + id = "smb" + type = "node" + mount_dir = "/csi" + } + + resources { + cpu = 100 + memory = 50 + } + } + } +} \ No newline at end of file diff --git a/2-nomad-config/services.tf b/2-nomad-config/services.tf index 1ff018b..4b8f9eb 100644 --- a/2-nomad-config/services.tf +++ b/2-nomad-config/services.tf @@ -18,3 +18,46 @@ resource "nomad_job" "traefik" { resource "nomad_job" "webapp" { jobspec = file("webapp.nomad.hcl") } + +resource "nomad_job" "csi-smb" { + jobspec = file("csi-smb.nomad.hcl") +} + +data "nomad_plugin" "smb" { + plugin_id = "smb" + wait_for_healthy = true +} + +resource "nomad_volume" "unraid_transfer" { + depends_on = [data.nomad_plugin.smb] + plugin_id = "smb" + type = "csi" + volume_id = "unraid_transfer_id5" + name = "unraid_transfer_name" + + external_id = "unraid_transfer_ext" + + capability { + access_mode = "single-node-writer" + attachment_mode = "file-system" + } + + context = { + source = "//192.168.1.192/transfer" + } + + parameters = { + source = "//192.168.1.192/transfer" + "csi.storage.k8s.io/node-stage-secret-name" = "smbcreds" + "csi.storage.k8s.io/node-stage-secret-namespace" = "default" + } + + secrets = { + "username" = "anon" + "password" = "" + } +} + +resource "nomad_job" "volume_test" { + jobspec = file("volume-test.nomad.hcl") +} diff --git a/2-nomad-config/terraform.tfstate b/2-nomad-config/terraform.tfstate index c2c1f0e..7371b03 100644 --- a/2-nomad-config/terraform.tfstate +++ b/2-nomad-config/terraform.tfstate @@ -1,10 +1,97 @@ { "version": 4, "terraform_version": "1.11.4", - "serial": 206, + "serial": 333, "lineage": "15e0900c-88bc-9754-4600-e3977d018ba0", "outputs": {}, "resources": [ + { + "mode": "data", + "type": "nomad_plugin", + "name": "smb", + "provider": "provider[\"registry.terraform.io/hashicorp/nomad\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "controller_required": false, + "controllers_expected": 0, + "controllers_healthy": 0, + "id": "smb", + "nodes": [ + { + "healthy": true, + "healthy_description": "healthy", + "name": "0db77253-0579-e8b0-42cd-d619af9d8e73" + } + ], + "nodes_expected": 1, + "nodes_healthy": 1, + "plugin_id": "smb", + "plugin_provider": "smb.csi.k8s.io", + "plugin_provider_version": "v1.7.0", + "wait_for_healthy": true, + "wait_for_registration": false + }, + "sensitive_attributes": [] + } + ] + }, + { + "mode": "managed", + "type": "nomad_job", + "name": "csi-smb", + "provider": "provider[\"registry.terraform.io/hashicorp/nomad\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "allocation_ids": [], + "datacenters": [ + "*" + ], + "deployment_id": null, + "deployment_status": null, + "deregister_on_destroy": true, + "deregister_on_id_change": true, + "detach": true, + "hcl2": [], + "id": "csi-smb", + "jobspec": "job \"csi-smb\" {\n type = \"system\"\n\n group \"smb\" {\n task \"plugin\" {\n driver = \"docker\"\n\n config {\n image = \"mcr.microsoft.com/k8s/csi/smb-csi:v1.7.0\"\n args = [\n \"--v=5\",\n \"--nodeid=${attr.unique.hostname}\",\n \"--endpoint=unix:///csi/csi.sock\",\n \"--drivername=smb.csi.k8s.io\"\n ]\n privileged = true\n }\n\n csi_plugin {\n id = \"smb\"\n type = \"node\"\n mount_dir = \"/csi\"\n }\n\n resources {\n cpu = 100\n memory = 50\n }\n }\n }\n}", + "json": null, + "modify_index": "11526", + "name": "csi-smb", + "namespace": "default", + "policy_override": null, + "purge_on_destroy": null, + "read_allocation_ids": false, + "region": "global", + "rerun_if_dead": false, + "status": "running", + "task_groups": [ + { + "count": 1, + "meta": {}, + "name": "smb", + "task": [ + { + "driver": "docker", + "meta": {}, + "name": "plugin", + "volume_mounts": [] + } + ], + "volumes": [] + } + ], + "timeouts": null, + "type": "system" + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjozMDAwMDAwMDAwMDAsInVwZGF0ZSI6MzAwMDAwMDAwMDAwfX0=" + } + ] + }, { "mode": "managed", "type": "nomad_job", @@ -15,7 +102,9 @@ "schema_version": 0, "attributes": { "allocation_ids": [], - "datacenters": [], + "datacenters": [ + "*" + ], "deployment_id": null, "deployment_status": null, "deregister_on_destroy": true, @@ -133,9 +222,9 @@ "detach": true, "hcl2": [], "id": "traefik", - "jobspec": "job \"traefik\" {\n group \"traefik\" {\n network {\n port \"http\" {\n static = 80\n }\n\n port \"https\" {\n static = 443\n }\n\n port \"api\" {\n static = 8081\n }\n }\n\n service {\n name = \"traefik\"\n\n tags = [\n \"traefik.enable=true\",\n \"traefik.http.routers.traefik.rule=Host(`traefik.othrayte.one`)\",\n \"traefik.http.routers.traefik.service=traefik\",\n \"traefik.http.services.traefik.loadbalancer.server.port=8081\",\n ]\n\n check {\n name = \"alive\"\n type = \"tcp\"\n port = \"http\"\n interval = \"10s\"\n timeout = \"2s\"\n }\n }\n\n volume \"traefik\" {\n type = \"host\"\n read_only = false\n source = \"traefik\"\n }\n\n task \"traefik\" {\n driver = \"docker\"\n\n config {\n image = \"traefik:v3.3\"\n network_mode = \"host\"\n\n volumes = [\n \"local/traefik.yml:/etc/traefik/traefik.yml\",\n \"local/configs/:/etc/traefik/configs/\"\n ]\n }\n\n volume_mount {\n volume = \"traefik\"\n destination = \"/opt/traefik\"\n read_only = false\n }\n\n template {\n data = \u003c\u003cEOF\nentryPoints:\n web:\n address: \":80\"\n http:\n redirections:\n entryPoint:\n to: websecure\n scheme: https\n websecure:\n address: \":443\"\n http:\n middlewares:\n - auth@file\n tls:\n certResolver: letsencrypt\n traefik:\n address: \":8081\"\n\napi:\n dashboard: true\n insecure: true\n\nproviders:\n file:\n directory: \"/etc/traefik/configs/\"\n\n consulCatalog:\n prefix: \"traefik\"\n exposedByDefault: false\n defaultRule: {{\"Host(`{{ .Name }}.othrayte.one`)\"}}\n endpoint:\n address: \"127.0.0.1:8500\"\n scheme: \"http\"\n\ncertificatesResolvers:\n letsencrypt:\n acme:\n email: \"othrayte@gmail.com\"\n storage: \"/opt/traefik/acme.json\"\n httpChallenge:\n entryPoint: web\nEOF\n\n destination = \"local/traefik.yml\"\n }\n\n template {\n data = \u003c\u003cEOF\nhttp:\n middlewares:\n auth:\n basicAuth:\n users:\n - \"othrayte:$apr1$7PqVUfNm$Go/SNo6y331KYDnQdOLIt/\"\n \n routers:\n nomadui:\n rule: \"Host(`nomad.othrayte.one`)\"\n service: nomadui\n consului:\n rule: \"Host(`consul.othrayte.one`)\"\n service: consului\n\n services:\n nomadui:\n loadBalancer:\n servers:\n - url: \"http://127.0.0.1:4646\"\n consului:\n loadBalancer:\n servers:\n - url: \"http://127.0.0.1:8500\"\nEOF\n\n destination = \"local/configs/nomad.yml\"\n }\n\n resources {\n cpu = 100\n memory = 128\n }\n }\n }\n}\n", + "jobspec": "job \"traefik\" {\n group \"traefik\" {\n network {\n port \"http\" {\n static = 80\n }\n\n port \"https\" {\n static = 443\n }\n\n port \"api\" {\n static = 8081\n }\n }\n\n service {\n name = \"traefik\"\n\n tags = [\n \"traefik.enable=true\",\n \"traefik.http.routers.traefik.rule=Host(`traefik.othrayte.one`)\",\n \"traefik.http.routers.traefik.service=traefik\",\n \"traefik.http.services.traefik.loadbalancer.server.port=8081\",\n ]\n\n check {\n name = \"alive\"\n type = \"tcp\"\n port = \"http\"\n interval = \"10s\"\n timeout = \"2s\"\n }\n }\n\n volume \"traefik\" {\n type = \"host\"\n read_only = false\n source = \"traefik\"\n }\n\n task \"traefik\" {\n driver = \"docker\"\n\n config {\n image = \"traefik:v3.3\"\n network_mode = \"host\"\n\n volumes = [\n \"local/traefik.yml:/etc/traefik/traefik.yml\",\n \"local/configs/:/etc/traefik/configs/\"\n ]\n }\n\n volume_mount {\n volume = \"traefik\"\n destination = \"/opt/traefik\"\n read_only = false\n }\n\n template {\n data = \u003c\u003cEOF\nentryPoints:\n web:\n address: \":80\"\n http:\n redirections:\n entryPoint:\n to: websecure\n scheme: https\n websecure:\n address: \":443\"\n http:\n middlewares:\n - auth@file\n tls:\n certResolver: letsencrypt\n traefik:\n address: \":8081\"\n\napi:\n dashboard: true\n insecure: true\n\nproviders:\n file:\n directory: \"/etc/traefik/configs/\"\n\n consulCatalog:\n prefix: \"traefik\"\n exposedByDefault: false\n defaultRule: {{\"Host(`{{ .Name }}.othrayte.one`)\"}}\n endpoint:\n address: \"127.0.0.1:8500\"\n scheme: \"http\"\n\ncertificatesResolvers:\n letsencrypt:\n acme:\n email: \"othrayte@gmail.com\"\n storage: \"/opt/traefik/acme.json\"\n httpChallenge:\n entryPoint: web\nEOF\n\n destination = \"local/traefik.yml\"\n }\n\n template {\n data = \u003c\u003cEOF\nhttp:\n middlewares:\n auth:\n basicAuth:\n users:\n - \"othrayte:$apr1$7PqVUfNm$Go/SNo6y331KYDnQdOLIt/\"\n \n routers:\n nomad-ui:\n rule: \"Host(`nomad.othrayte.one`)\"\n service: nomad-ui\n consul-ui:\n rule: \"Host(`consul.othrayte.one`)\"\n service: consul-ui\n unraid:\n rule: \"Host(`unraid.othrayte.one`)\"\n service: unraid\n\n services:\n nomad-ui:\n loadBalancer:\n servers:\n - url: \"http://127.0.0.1:4646\"\n consul-ui:\n loadBalancer:\n servers:\n - url: \"http://127.0.0.1:8500\"\n unraid:\n loadBalancer:\n servers:\n - url: \"http://192.168.1.192:80\"\nEOF\n\n destination = \"local/configs/nomad.yml\"\n }\n\n resources {\n cpu = 100\n memory = 128\n }\n }\n }\n}\n", "json": null, - "modify_index": "9314", + "modify_index": "10880", "name": "traefik", "namespace": "default", "policy_override": null, @@ -181,6 +270,74 @@ } ] }, + { + "mode": "managed", + "type": "nomad_job", + "name": "volume_test", + "provider": "provider[\"registry.terraform.io/hashicorp/nomad\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "allocation_ids": [], + "datacenters": [ + "*" + ], + "deployment_id": null, + "deployment_status": null, + "deregister_on_destroy": true, + "deregister_on_id_change": true, + "detach": true, + "hcl2": [], + "id": "volume-test", + "jobspec": "job \"volume-test\" {\n group \"web\" {\n network {\n port \"www\" {\n to = 80\n }\n }\n\n volume \"unraid_transfer_use\" {\n type = \"csi\"\n source = \"unraid_transfer_id5\"\n access_mode = \"single-node-writer\"\n attachment_mode = \"file-system\"\n read_only = true\n\n mount_options {\n fs_type = \"ext4\"\n mount_flags = [\"noatime\"]\n }\n }\n\n service {\n name = \"volume-test\"\n port = \"www\"\n \n tags = [\n \"traefik.enable=true\",\n ]\n\n check {\n name = \"alive\"\n type = \"tcp\"\n port = \"www\"\n interval = \"10s\"\n timeout = \"2s\"\n }\n }\n\n task \"webserver\" {\n driver = \"docker\"\n\n config {\n image = \"nginx:latest\"\n\n ports = [\"www\"]\n # volumes = [\n # \"local:/usr/share/nginx/html:ro\"\n # ]\n }\n\n volume_mount {\n volume = \"unraid_transfer_use\"\n\t destination = \"/usr/share/nginx/html/transfer\"\n read_only = true\n }\n\n # template {\n # data = \"\u003ch1\u003eVolume Test 1\u003c/h1\u003e\"\n # destination = \"local/index.html\"\n # }\n\n resources {\n cpu = 500\n memory = 256\n }\n }\n\n # volume \"local\" {\n # type = \"csi\"\n # source = \"unraid_transfer\"\n # read_only = true\n # access_mode = \"single-node-writer\"\n # attachment_mode = \"file-system\"\n # }\n }\n}", + "json": null, + "modify_index": "12228", + "name": "volume-test", + "namespace": "default", + "policy_override": null, + "purge_on_destroy": null, + "read_allocation_ids": false, + "region": "global", + "rerun_if_dead": false, + "status": "running", + "task_groups": [ + { + "count": 1, + "meta": {}, + "name": "web", + "task": [ + { + "driver": "docker", + "meta": {}, + "name": "webserver", + "volume_mounts": [ + { + "destination": "/usr/share/nginx/html/transfer", + "read_only": true, + "volume": "unraid_transfer_use" + } + ] + } + ], + "volumes": [ + { + "name": "unraid_transfer_use", + "read_only": true, + "source": "unraid_transfer_id5", + "type": "csi" + } + ] + } + ], + "timeouts": null, + "type": "service" + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjozMDAwMDAwMDAwMDAsInVwZGF0ZSI6MzAwMDAwMDAwMDAwfX0=" + } + ] + }, { "mode": "managed", "type": "nomad_job", @@ -235,6 +392,70 @@ "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjozMDAwMDAwMDAwMDAsInVwZGF0ZSI6MzAwMDAwMDAwMDAwfX0=" } ] + }, + { + "mode": "managed", + "type": "nomad_volume", + "name": "unraid_transfer", + "provider": "provider[\"registry.terraform.io/hashicorp/nomad\"]", + "instances": [ + { + "schema_version": 1, + "attributes": { + "access_mode": null, + "attachment_mode": null, + "capability": [ + { + "access_mode": "single-node-writer", + "attachment_mode": "file-system" + } + ], + "context": { + "source": "//192.168.1.192/transfer" + }, + "controller_required": false, + "controllers_expected": 0, + "controllers_healthy": 0, + "deregister_on_destroy": true, + "external_id": "unraid_transfer_ext", + "id": "unraid_transfer_id5", + "mount_options": [], + "name": "unraid_transfer_name", + "namespace": "default", + "nodes_expected": 1, + "nodes_healthy": 1, + "parameters": { + "csi.storage.k8s.io/node-stage-secret-name": "smbcreds", + "csi.storage.k8s.io/node-stage-secret-namespace": "default", + "source": "//192.168.1.192/transfer" + }, + "plugin_id": "smb", + "plugin_provider": "smb.csi.k8s.io", + "plugin_provider_version": "v1.7.0", + "schedulable": true, + "secrets": { + "password": "", + "username": "anon" + }, + "topologies": [], + "topology_request": [], + "type": "csi", + "volume_id": "unraid_transfer_id5" + }, + "sensitive_attributes": [ + [ + { + "type": "get_attr", + "value": "secrets" + } + ] + ], + "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==", + "dependencies": [ + "data.nomad_plugin.smb" + ] + } + ] } ], "check_results": null diff --git a/2-nomad-config/terraform.tfstate.backup b/2-nomad-config/terraform.tfstate.backup index 219b0a7..0609ec5 100644 --- a/2-nomad-config/terraform.tfstate.backup +++ b/2-nomad-config/terraform.tfstate.backup @@ -1,10 +1,65 @@ { "version": 4, "terraform_version": "1.11.4", - "serial": 204, + "serial": 332, "lineage": "15e0900c-88bc-9754-4600-e3977d018ba0", "outputs": {}, "resources": [ + { + "mode": "managed", + "type": "nomad_job", + "name": "csi-smb", + "provider": "provider[\"registry.terraform.io/hashicorp/nomad\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "allocation_ids": [], + "datacenters": [ + "*" + ], + "deployment_id": null, + "deployment_status": null, + "deregister_on_destroy": true, + "deregister_on_id_change": true, + "detach": true, + "hcl2": [], + "id": "csi-smb", + "jobspec": "job \"csi-smb\" {\n type = \"system\"\n\n group \"smb\" {\n task \"plugin\" {\n driver = \"docker\"\n\n config {\n image = \"mcr.microsoft.com/k8s/csi/smb-csi:v1.7.0\"\n args = [\n \"--v=5\",\n \"--nodeid=${attr.unique.hostname}\",\n \"--endpoint=unix:///csi/csi.sock\",\n \"--drivername=smb.csi.k8s.io\"\n ]\n privileged = true\n }\n\n csi_plugin {\n id = \"smb\"\n type = \"node\"\n mount_dir = \"/csi\"\n }\n\n resources {\n cpu = 100\n memory = 50\n }\n }\n }\n}", + "json": null, + "modify_index": "11526", + "name": "csi-smb", + "namespace": "default", + "policy_override": null, + "purge_on_destroy": null, + "read_allocation_ids": false, + "region": "global", + "rerun_if_dead": false, + "status": "running", + "task_groups": [ + { + "count": 1, + "meta": {}, + "name": "smb", + "task": [ + { + "driver": "docker", + "meta": {}, + "name": "plugin", + "volume_mounts": [] + } + ], + "volumes": [] + } + ], + "timeouts": null, + "type": "system" + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjozMDAwMDAwMDAwMDAsInVwZGF0ZSI6MzAwMDAwMDAwMDAwfX0=" + } + ] + }, { "mode": "managed", "type": "nomad_job", @@ -15,7 +70,9 @@ "schema_version": 0, "attributes": { "allocation_ids": [], - "datacenters": [], + "datacenters": [ + "*" + ], "deployment_id": null, "deployment_status": null, "deregister_on_destroy": true, @@ -23,9 +80,9 @@ "detach": true, "hcl2": [], "id": "glance", - "jobspec": "job \"glance\" {\n group \"glance\" {\n count = 1\n\n network {\n port \"http\" {\n to = 8080\n }\n }\n\n task \"glance\" {\n driver = \"docker\"\n\n config {\n image = \"glanceapp/glance:latest\"\n ports = [\"http\"]\n volumes = [\n \"local/glance.yml:/app/config/glance.yml\",\n ]\n }\n\n service {\n name = \"home\"\n port = \"http\"\n \n tags = [\n \"traefik.enable=true\",\n ]\n\n check {\n name = \"alive\"\n type = \"tcp\"\n port = \"http\"\n interval = \"10s\"\n timeout = \"2s\"\n }\n }\n\n resources {\n cpu = 50\n memory = 128\n }\n\n\n template {\n data = \u003c\u003cEOF\npages:\n - name: Home\n # Optionally, if you only have a single page you can hide the desktop navigation for a cleaner look\n # hide-desktop-navigation: true\n columns:\n - size: small\n widgets:\n - type: calendar\n first-day-of-week: monday\n\n - type: rss\n limit: 10\n collapse-after: 3\n cache: 12h\n feeds:\n - url: https://selfh.st/rss/\n title: selfh.st\n limit: 4\n - url: https://ciechanow.ski/atom.xml\n - url: https://www.joshwcomeau.com/rss.xml\n title: Josh Comeau\n - url: https://samwho.dev/rss.xml\n - url: https://ishadeed.com/feed.xml\n title: Ahmad Shadeed\n\n - type: twitch-channels\n channels:\n - theprimeagen\n - j_blow\n - piratesoftware\n - cohhcarnage\n - christitustech\n - EJ_SA\n\n - size: full\n widgets:\n - type: group\n widgets:\n - type: hacker-news\n - type: lobsters\n\n - type: videos\n channels:\n - UCXuqSBlHAE6Xw-yeJA0Tunw # Linus Tech Tips\n - UCR-DXc1voovS8nhAvccRZhg # Jeff Geerling\n - UCsBjURrPoezykLs9EqgamOA # Fireship\n - UCBJycsmduvYEL83R_U4JriQ # Marques Brownlee\n - UCHnyfMqiRRG1u-2MsSQLbXA # Veritasium\n\n - type: bookmarks\n groups:\n - links:\n - title: Gmail\n url: https://mail.google.com/mail/u/0/\n - title: Amazon\n url: https://www.amazon.com/\n - title: Github\n url: https://github.com/\n - title: Wikipedia\n url: https://en.wikipedia.org/\n - title: Entertainment\n color: 10 70 50\n links:\n - title: Netflix\n url: https://www.netflix.com/\n - title: Disney+\n url: https://www.disneyplus.com/\n - title: YouTube\n url: https://www.youtube.com/\n - title: Prime Video\n url: https://www.primevideo.com/\n - title: Social\n color: 200 50 50\n links:\n - title: Reddit\n url: https://www.reddit.com/\n - title: Twitter\n url: https://twitter.com/\n - title: Instagram\n url: https://www.instagram.com/\n\n - size: small\n widgets:\n - type: weather\n location: Melbourne, Australia\n units: metric\n hour-format: 12h\n # Optionally hide the location from being displayed in the widget\n # hide-location: true\n\n - type: releases\n cache: 1d\n # Without authentication the Github API allows for up to 60 requests per hour. You can create a\n # read-only token from your Github account settings and use it here to increase the limit.\n # token: ...\n repositories:\n - glanceapp/glance\n - go-gitea/gitea\n - immich-app/immich\n - syncthing/syncthing\n\n # Add more pages here:\n # - name: Your page name\n # columns:\n # - size: small\n # widgets:\n # # Add widgets here\n\n # - size: full\n # widgets:\n # # Add widgets here\n\n # - size: small\n # widgets:\n # # Add widgets here\nEOF\n\n destination = \"local/glance.yml\"\n }\n\n }\n }\n}", + "jobspec": "job \"glance\" {\n group \"glance\" {\n count = 1\n\n network {\n port \"http\" {\n to = 8080\n }\n }\n\n task \"glance\" {\n driver = \"docker\"\n\n config {\n image = \"glanceapp/glance:latest\"\n ports = [\"http\"]\n volumes = [\n \"local/glance.yml:/app/config/glance.yml\",\n ]\n }\n\n service {\n name = \"home\"\n port = \"http\"\n \n tags = [\n \"traefik.enable=true\",\n ]\n\n check {\n name = \"alive\"\n type = \"tcp\"\n port = \"http\"\n interval = \"10s\"\n timeout = \"2s\"\n }\n }\n\n resources {\n cpu = 50\n memory = 128\n }\n\n\n template {\n data = \u003c\u003cEOF\npages:\n - name: Home\n # Optionally, if you only have a single page you can hide the desktop navigation for a cleaner look\n # hide-desktop-navigation: true\n columns:\n - size: small\n widgets:\n - type: calendar\n first-day-of-week: monday\n\n - type: rss\n limit: 10\n collapse-after: 3\n cache: 12h\n feeds:\n - url: https://selfh.st/rss/\n title: selfh.st\n limit: 4\n - url: https://ciechanow.ski/atom.xml\n - url: https://www.joshwcomeau.com/rss.xml\n title: Josh Comeau\n - url: https://samwho.dev/rss.xml\n - url: https://ishadeed.com/feed.xml\n title: Ahmad Shadeed\n\n - type: twitch-channels\n channels:\n - theprimeagen\n - j_blow\n - piratesoftware\n - cohhcarnage\n - christitustech\n - EJ_SA\n\n - size: full\n widgets:\n - type: group\n widgets:\n - type: hacker-news\n - type: lobsters\n\n - type: videos\n channels:\n - UCXuqSBlHAE6Xw-yeJA0Tunw # Linus Tech Tips\n - UCR-DXc1voovS8nhAvccRZhg # Jeff Geerling\n - UCsBjURrPoezykLs9EqgamOA # Fireship\n - UCBJycsmduvYEL83R_U4JriQ # Marques Brownlee\n - UCHnyfMqiRRG1u-2MsSQLbXA # Veritasium\n\n - type: bookmarks\n groups:\n - links:\n - title: Gmail\n url: https://mail.google.com/mail/u/0/\n - title: Amazon\n url: https://www.amazon.com/\n - title: Github\n url: https://github.com/\n - title: Wikipedia\n url: https://en.wikipedia.org/\n - title: Infra\n color: 10 70 50\n links:\n - title: Nomad\n url: https://nomad.othrayte.one/\n - title: Consul\n url: https://consul.othrayte.one/\n - title: Traefik\n url: https://traefik.othrayte.one/\n - title: Social\n color: 200 50 50\n links:\n - title: Reddit\n url: https://www.reddit.com/\n - title: Twitter\n url: https://twitter.com/\n - title: Instagram\n url: https://www.instagram.com/\n\n - size: small\n widgets:\n - type: weather\n location: Melbourne, Australia\n units: metric\n hour-format: 12h\n # Optionally hide the location from being displayed in the widget\n # hide-location: true\n\n - type: releases\n cache: 1d\n # Without authentication the Github API allows for up to 60 requests per hour. You can create a\n # read-only token from your Github account settings and use it here to increase the limit.\n # token: ...\n repositories:\n - glanceapp/glance\n - go-gitea/gitea\n - immich-app/immich\n - syncthing/syncthing\n\n # Add more pages here:\n # - name: Your page name\n # columns:\n # - size: small\n # widgets:\n # # Add widgets here\n\n # - size: full\n # widgets:\n # # Add widgets here\n\n # - size: small\n # widgets:\n # # Add widgets here\nEOF\n\n destination = \"local/glance.yml\"\n }\n\n }\n }\n}", "json": null, - "modify_index": "9612", + "modify_index": "9627", "name": "glance", "namespace": "default", "policy_override": null, @@ -133,9 +190,9 @@ "detach": true, "hcl2": [], "id": "traefik", - "jobspec": "job \"traefik\" {\n group \"traefik\" {\n network {\n port \"http\" {\n static = 80\n }\n\n port \"https\" {\n static = 443\n }\n\n port \"api\" {\n static = 8081\n }\n }\n\n service {\n name = \"traefik\"\n\n tags = [\n \"traefik.enable=true\",\n \"traefik.http.routers.traefik.rule=Host(`traefik.othrayte.one`)\",\n \"traefik.http.routers.traefik.service=traefik\",\n \"traefik.http.services.traefik.loadbalancer.server.port=8081\",\n ]\n\n check {\n name = \"alive\"\n type = \"tcp\"\n port = \"http\"\n interval = \"10s\"\n timeout = \"2s\"\n }\n }\n\n volume \"traefik\" {\n type = \"host\"\n read_only = false\n source = \"traefik\"\n }\n\n task \"traefik\" {\n driver = \"docker\"\n\n config {\n image = \"traefik:v3.3\"\n network_mode = \"host\"\n\n volumes = [\n \"local/traefik.yml:/etc/traefik/traefik.yml\",\n \"local/configs/:/etc/traefik/configs/\"\n ]\n }\n\n volume_mount {\n volume = \"traefik\"\n destination = \"/opt/traefik\"\n read_only = false\n }\n\n template {\n data = \u003c\u003cEOF\nentryPoints:\n web:\n address: \":80\"\n http:\n redirections:\n entryPoint:\n to: websecure\n scheme: https\n websecure:\n address: \":443\"\n http:\n middlewares:\n - auth@file\n tls:\n certResolver: letsencrypt\n traefik:\n address: \":8081\"\n\napi:\n dashboard: true\n insecure: true\n\nproviders:\n file:\n directory: \"/etc/traefik/configs/\"\n\n consulCatalog:\n prefix: \"traefik\"\n exposedByDefault: false\n defaultRule: {{\"Host(`{{ .Name }}.othrayte.one`)\"}}\n endpoint:\n address: \"127.0.0.1:8500\"\n scheme: \"http\"\n\ncertificatesResolvers:\n letsencrypt:\n acme:\n email: \"othrayte@gmail.com\"\n storage: \"/opt/traefik/acme.json\"\n httpChallenge:\n entryPoint: web\nEOF\n\n destination = \"local/traefik.yml\"\n }\n\n template {\n data = \u003c\u003cEOF\nhttp:\n middlewares:\n auth:\n basicAuth:\n users:\n - \"othrayte:$apr1$7PqVUfNm$Go/SNo6y331KYDnQdOLIt/\"\n \n routers:\n nomadui:\n rule: \"Host(`nomad.othrayte.one`)\"\n service: nomadui\n consului:\n rule: \"Host(`consul.othrayte.one`)\"\n service: consului\n\n services:\n nomadui:\n loadBalancer:\n servers:\n - url: \"http://127.0.0.1:4646\"\n consului:\n loadBalancer:\n servers:\n - url: \"http://127.0.0.1:8500\"\nEOF\n\n destination = \"local/configs/nomad.yml\"\n }\n\n resources {\n cpu = 100\n memory = 128\n }\n }\n }\n}\n", + "jobspec": "job \"traefik\" {\n group \"traefik\" {\n network {\n port \"http\" {\n static = 80\n }\n\n port \"https\" {\n static = 443\n }\n\n port \"api\" {\n static = 8081\n }\n }\n\n service {\n name = \"traefik\"\n\n tags = [\n \"traefik.enable=true\",\n \"traefik.http.routers.traefik.rule=Host(`traefik.othrayte.one`)\",\n \"traefik.http.routers.traefik.service=traefik\",\n \"traefik.http.services.traefik.loadbalancer.server.port=8081\",\n ]\n\n check {\n name = \"alive\"\n type = \"tcp\"\n port = \"http\"\n interval = \"10s\"\n timeout = \"2s\"\n }\n }\n\n volume \"traefik\" {\n type = \"host\"\n read_only = false\n source = \"traefik\"\n }\n\n task \"traefik\" {\n driver = \"docker\"\n\n config {\n image = \"traefik:v3.3\"\n network_mode = \"host\"\n\n volumes = [\n \"local/traefik.yml:/etc/traefik/traefik.yml\",\n \"local/configs/:/etc/traefik/configs/\"\n ]\n }\n\n volume_mount {\n volume = \"traefik\"\n destination = \"/opt/traefik\"\n read_only = false\n }\n\n template {\n data = \u003c\u003cEOF\nentryPoints:\n web:\n address: \":80\"\n http:\n redirections:\n entryPoint:\n to: websecure\n scheme: https\n websecure:\n address: \":443\"\n http:\n middlewares:\n - auth@file\n tls:\n certResolver: letsencrypt\n traefik:\n address: \":8081\"\n\napi:\n dashboard: true\n insecure: true\n\nproviders:\n file:\n directory: \"/etc/traefik/configs/\"\n\n consulCatalog:\n prefix: \"traefik\"\n exposedByDefault: false\n defaultRule: {{\"Host(`{{ .Name }}.othrayte.one`)\"}}\n endpoint:\n address: \"127.0.0.1:8500\"\n scheme: \"http\"\n\ncertificatesResolvers:\n letsencrypt:\n acme:\n email: \"othrayte@gmail.com\"\n storage: \"/opt/traefik/acme.json\"\n httpChallenge:\n entryPoint: web\nEOF\n\n destination = \"local/traefik.yml\"\n }\n\n template {\n data = \u003c\u003cEOF\nhttp:\n middlewares:\n auth:\n basicAuth:\n users:\n - \"othrayte:$apr1$7PqVUfNm$Go/SNo6y331KYDnQdOLIt/\"\n \n routers:\n nomad-ui:\n rule: \"Host(`nomad.othrayte.one`)\"\n service: nomad-ui\n consul-ui:\n rule: \"Host(`consul.othrayte.one`)\"\n service: consul-ui\n unraid:\n rule: \"Host(`unraid.othrayte.one`)\"\n service: unraid\n\n services:\n nomad-ui:\n loadBalancer:\n servers:\n - url: \"http://127.0.0.1:4646\"\n consul-ui:\n loadBalancer:\n servers:\n - url: \"http://127.0.0.1:8500\"\n unraid:\n loadBalancer:\n servers:\n - url: \"http://192.168.1.192:80\"\nEOF\n\n destination = \"local/configs/nomad.yml\"\n }\n\n resources {\n cpu = 100\n memory = 128\n }\n }\n }\n}\n", "json": null, - "modify_index": "9314", + "modify_index": "10880", "name": "traefik", "namespace": "default", "policy_override": null, @@ -181,6 +238,74 @@ } ] }, + { + "mode": "managed", + "type": "nomad_job", + "name": "volume_test", + "provider": "provider[\"registry.terraform.io/hashicorp/nomad\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "allocation_ids": [], + "datacenters": [ + "*" + ], + "deployment_id": null, + "deployment_status": null, + "deregister_on_destroy": true, + "deregister_on_id_change": true, + "detach": true, + "hcl2": [], + "id": "volume-test", + "jobspec": "job \"volume-test\" {\n group \"web\" {\n network {\n port \"www\" {\n to = 80\n }\n }\n\n volume \"unraid_transfer_use\" {\n type = \"csi\"\n source = \"unraid_transfer_id5\"\n access_mode = \"single-node-writer\"\n attachment_mode = \"file-system\"\n read_only = true\n\n mount_options {\n fs_type = \"ext4\"\n mount_flags = [\"noatime\"]\n }\n }\n\n service {\n name = \"volume-test\"\n port = \"www\"\n \n tags = [\n \"traefik.enable=true\",\n ]\n\n check {\n name = \"alive\"\n type = \"tcp\"\n port = \"www\"\n interval = \"10s\"\n timeout = \"2s\"\n }\n }\n\n task \"webserver\" {\n driver = \"docker\"\n\n config {\n image = \"nginx:latest\"\n\n ports = [\"www\"]\n # volumes = [\n # \"local:/usr/share/nginx/html:ro\"\n # ]\n }\n\n volume_mount {\n volume = \"unraid_transfer_use\"\n\t destination = \"/usr/share/nginx/html/transfer\"\n read_only = true\n }\n\n # template {\n # data = \"\u003ch1\u003eVolume Test 1\u003c/h1\u003e\"\n # destination = \"local/index.html\"\n # }\n\n resources {\n cpu = 500\n memory = 256\n }\n }\n\n # volume \"local\" {\n # type = \"csi\"\n # source = \"unraid_transfer\"\n # read_only = true\n # access_mode = \"single-node-writer\"\n # attachment_mode = \"file-system\"\n # }\n }\n}", + "json": null, + "modify_index": "12190", + "name": "volume-test", + "namespace": "default", + "policy_override": null, + "purge_on_destroy": null, + "read_allocation_ids": false, + "region": "global", + "rerun_if_dead": false, + "status": "pending", + "task_groups": [ + { + "count": 1, + "meta": {}, + "name": "web", + "task": [ + { + "driver": "docker", + "meta": {}, + "name": "webserver", + "volume_mounts": [ + { + "destination": "/usr/share/nginx/html/transfer", + "read_only": true, + "volume": "unraid_transfer_use" + } + ] + } + ], + "volumes": [ + { + "name": "unraid_transfer_use", + "read_only": true, + "source": "unraid_transfer_id5", + "type": "csi" + } + ] + } + ], + "timeouts": null, + "type": "service" + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjozMDAwMDAwMDAwMDAsInVwZGF0ZSI6MzAwMDAwMDAwMDAwfX0=" + } + ] + }, { "mode": "managed", "type": "nomad_job", @@ -235,6 +360,67 @@ "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjozMDAwMDAwMDAwMDAsInVwZGF0ZSI6MzAwMDAwMDAwMDAwfX0=" } ] + }, + { + "mode": "managed", + "type": "nomad_volume", + "name": "unraid_transfer", + "provider": "provider[\"registry.terraform.io/hashicorp/nomad\"]", + "instances": [ + { + "schema_version": 1, + "attributes": { + "access_mode": null, + "attachment_mode": null, + "capability": [ + { + "access_mode": "single-node-writer", + "attachment_mode": "file-system" + } + ], + "context": { + "source": "//192.168.1.192/transfer" + }, + "controller_required": false, + "controllers_expected": 0, + "controllers_healthy": 0, + "deregister_on_destroy": true, + "external_id": "unraid_transfer_ext", + "id": "unraid_transfer_id5", + "mount_options": [], + "name": "unraid_transfer_name", + "namespace": "default", + "nodes_expected": 1, + "nodes_healthy": 1, + "parameters": { + "csi.storage.k8s.io/node-stage-secret-name": "smbcreds", + "csi.storage.k8s.io/node-stage-secret-namespace": "default", + "source": "//192.168.1.192/transfer" + }, + "plugin_id": "smb", + "plugin_provider": "smb.csi.k8s.io", + "plugin_provider_version": "v1.7.0", + "schedulable": true, + "secrets": { + "password": "", + "username": "anon" + }, + "topologies": [], + "topology_request": [], + "type": "csi", + "volume_id": "unraid_transfer_id5" + }, + "sensitive_attributes": [ + [ + { + "type": "get_attr", + "value": "secrets" + } + ] + ], + "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==" + } + ] } ], "check_results": null diff --git a/2-nomad-config/traefik.nomad.hcl b/2-nomad-config/traefik.nomad.hcl index dd9baad..045fb04 100644 --- a/2-nomad-config/traefik.nomad.hcl +++ b/2-nomad-config/traefik.nomad.hcl @@ -116,22 +116,29 @@ http: - "othrayte:$apr1$7PqVUfNm$Go/SNo6y331KYDnQdOLIt/" routers: - nomadui: + nomad-ui: rule: "Host(`nomad.othrayte.one`)" - service: nomadui - consului: + service: nomad-ui + consul-ui: rule: "Host(`consul.othrayte.one`)" - service: consului + service: consul-ui + unraid: + rule: "Host(`unraid.othrayte.one`)" + service: unraid services: - nomadui: + nomad-ui: loadBalancer: servers: - url: "http://127.0.0.1:4646" - consului: + consul-ui: loadBalancer: servers: - url: "http://127.0.0.1:8500" + unraid: + loadBalancer: + servers: + - url: "http://192.168.1.192:80" EOF destination = "local/configs/nomad.yml" diff --git a/2-nomad-config/volume-test.nomad.hcl b/2-nomad-config/volume-test.nomad.hcl new file mode 100644 index 0000000..1793dc7 --- /dev/null +++ b/2-nomad-config/volume-test.nomad.hcl @@ -0,0 +1,76 @@ +job "volume-test" { + group "web" { + network { + port "www" { + to = 80 + } + } + + volume "unraid_transfer_use" { + type = "csi" + source = "unraid_transfer_id5" + access_mode = "single-node-writer" + attachment_mode = "file-system" + read_only = true + + mount_options { + fs_type = "ext4" + mount_flags = ["noatime"] + } + } + + service { + name = "volume-test" + port = "www" + + tags = [ + "traefik.enable=true", + ] + + check { + name = "alive" + type = "tcp" + port = "www" + interval = "10s" + timeout = "2s" + } + } + + task "webserver" { + driver = "docker" + + config { + image = "nginx:latest" + + ports = ["www"] + # volumes = [ + # "local:/usr/share/nginx/html:ro" + # ] + } + + volume_mount { + volume = "unraid_transfer_use" + destination = "/usr/share/nginx/html/transfer" + read_only = true + } + + # template { + # data = "

Volume Test 1

" + # destination = "local/index.html" + # } + + resources { + cpu = 500 + memory = 256 + } + } + + # volume "local" { + # type = "csi" + # source = "unraid_transfer" + # read_only = true + # access_mode = "single-node-writer" + # attachment_mode = "file-system" + # } + } +} \ No newline at end of file