othrayte/infra
1
0
Fork 0
Code Issues 1 Pull Requests 2 Actions Packages Projects Releases Wiki Activity

Setup mounting smb shares as volumes using csi

Browse Source
This commit is contained in:
Adrian Cowan
2025-05-01 03:52:34 +10:00
parent 874f17aa74
commit 9c06f0bd80
9 changed files with 588 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
1-nixos-node/configuration.nix
View File

@@ -52,6 +52,7 @@
}; };
}; };
}; };
plugin.docker.config.allow_privileged = true;
}; };
}; };
consul = { consul = {

6
1-nixos-node/terraform.tfstate
View File

@@ -1,7 +1,7 @@
{ {
"version": 4, "version": 4,
"terraform_version": "1.11.4", "terraform_version": "1.11.4",
"serial": 67, "serial": 73,
"lineage": "db7dcf21-a255-0ec4-c8b8-d4a7559b3768", "lineage": "db7dcf21-a255-0ec4-c8b8-d4a7559b3768",
"outputs": {}, "outputs": {},
"resources": [ "resources": [
@@ -14,9 +14,9 @@
{ {
"schema_version": 0, "schema_version": 0,
"attributes": { "attributes": {
"id": "4397105856900626906", "id": "4311733097030196208",
"triggers": { "triggers": {
"configuration_content": "{ config, lib, pkgs, ... }:\n{\n imports =\n [ # Include the results of the hardware scan.\n ./hardware-configuration.nix\n ];\n\n nixpkgs.config.allowUnfree = true;\n\n # Use the systemd-boot EFI boot loader.\n boot.loader.systemd-boot.enable = true;\n boot.loader.efi.canTouchEfiVariables = true;\n\n networking.hostName = \"jaglan-beta-m01\"; # Define your hostname.\n\n time.timeZone = \"Australia/Melbourne\";\n\n # List packages installed in system profile. To search, run:\n # $ nix search wget\n # environment.systemPackages = with pkgs; [\n # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.\n # wget\n # ];\n\n # Some programs need SUID wrappers, can be configured further or are\n # started in user sessions.\n # programs.mtr.enable = true;\n # programs.gnupg.agent = {\n # enable = true;\n # enableSSHSupport = true;\n # };\n\n # List services that you want to enable:\n services = {\n tailscale.enable = true;\n nomad = {\n enable = true;\n enableDocker = true;\n dropPrivileges = false;\n settings = {\n datacenter = \"jaglan-beta\";\n server = {\n enabled = true;\n bootstrap_expect = 1;\n };\n client = {\n enabled = true;\n host_volume = {\n traefik = {\n path = \"/opt/traefik\";\n read_only = false;\n };\n };\n };\n };\n };\n consul = {\n enable = true;\n webUi = true;\n interface.bind = \"tailscale0\"; # Bind to the Tailscale interface\n interface.advertise = \"tailscale0\"; # Advertise the Tailscale interface\n extraConfig = {\n bootstrap_expect = 1;\n server = true;\n client_addr = \"127.0.0.1 100.79.223.55\";\n datacenter = \"jaglan-beta\";\n };\n };\n openssh = {\n enable = true;\n settings.PermitRootLogin = \"yes\";\n };\n };\n\n systemd.tmpfiles.rules = [\n # Fix issue where nomad needs alloc_mounts to be writable\n \"d /var/lib/alloc_mounts 0755 root root -\"\n # Create a directory for Traefik to store its data (tls certs, etc.)\n \"d /opt/traefik 0755 root root -\"\n ];\n\n # Open ports in the firewall. 464X are the default ports for Nomad.\n networking.firewall.allowedTCPPorts = [ 80 443 4646 4647 4648 ];\n\n # Copy the NixOS configuration file and link it from the resulting system\n # (/run/current-system/configuration.nix). This is useful in case you\n # accidentally delete configuration.nix.\n system.copySystemConfiguration = true;\n\n # Defines the initial NixOS version for compatibility with older application data.\n # Do NOT change this value after installation without careful consideration.\n system.stateVersion = \"24.11\"; # Did you read the comment?\n}\n" "configuration_content": "{ config, lib, pkgs, ... }:\n{\n imports =\n [ # Include the results of the hardware scan.\n ./hardware-configuration.nix\n ];\n\n nixpkgs.config.allowUnfree = true;\n\n # Use the systemd-boot EFI boot loader.\n boot.loader.systemd-boot.enable = true;\n boot.loader.efi.canTouchEfiVariables = true;\n\n networking.hostName = \"jaglan-beta-m01\"; # Define your hostname.\n\n time.timeZone = \"Australia/Melbourne\";\n\n # List packages installed in system profile. To search, run:\n # $ nix search wget\n # environment.systemPackages = with pkgs; [\n # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.\n # wget\n # ];\n\n # Some programs need SUID wrappers, can be configured further or are\n # started in user sessions.\n # programs.mtr.enable = true;\n # programs.gnupg.agent = {\n # enable = true;\n # enableSSHSupport = true;\n # };\n\n # List services that you want to enable:\n services = {\n tailscale.enable = true;\n nomad = {\n enable = true;\n enableDocker = true;\n dropPrivileges = false;\n settings = {\n datacenter = \"jaglan-beta\";\n server = {\n enabled = true;\n bootstrap_expect = 1;\n };\n client = {\n enabled = true;\n host_volume = {\n traefik = {\n path = \"/opt/traefik\";\n read_only = false;\n };\n };\n };\n plugin.docker.config.allow_privileged = true;\n };\n };\n consul = {\n enable = true;\n webUi = true;\n interface.bind = \"tailscale0\"; # Bind to the Tailscale interface\n interface.advertise = \"tailscale0\"; # Advertise the Tailscale interface\n extraConfig = {\n bootstrap_expect = 1;\n server = true;\n client_addr = \"127.0.0.1 100.79.223.55\";\n datacenter = \"jaglan-beta\";\n };\n };\n openssh = {\n enable = true;\n settings.PermitRootLogin = \"yes\";\n };\n };\n\n systemd.tmpfiles.rules = [\n # Fix issue where nomad needs alloc_mounts to be writable\n \"d /var/lib/alloc_mounts 0755 root root -\"\n # Create a directory for Traefik to store its data (tls certs, etc.)\n \"d /opt/traefik 0755 root root -\"\n ];\n\n # Open ports in the firewall. 464X are the default ports for Nomad.\n networking.firewall.allowedTCPPorts = [ 80 443 4646 4647 4648 ];\n\n # Copy the NixOS configuration file and link it from the resulting system\n # (/run/current-system/configuration.nix). This is useful in case you\n # accidentally delete configuration.nix.\n system.copySystemConfiguration = true;\n\n # Defines the initial NixOS version for compatibility with older application data.\n # Do NOT change this value after installation without careful consideration.\n system.stateVersion = \"24.11\"; # Did you read the comment?\n}\n"
} }
}, },
"sensitive_attributes": [] "sensitive_attributes": []

7
1-nixos-node/terraform.tfstate.backup
View File

@@ -1,7 +1,7 @@
{ {
"version": 4, "version": 4,
"terraform_version": "1.11.4", "terraform_version": "1.11.4",
"serial": 64, "serial": 70,
"lineage": "db7dcf21-a255-0ec4-c8b8-d4a7559b3768", "lineage": "db7dcf21-a255-0ec4-c8b8-d4a7559b3768",
"outputs": {}, "outputs": {},
"resources": [ "resources": [
@@ -12,11 +12,12 @@
"provider": "provider[\"registry.terraform.io/hashicorp/null\"]", "provider": "provider[\"registry.terraform.io/hashicorp/null\"]",
"instances": [ "instances": [
{ {
"status": "tainted",
"schema_version": 0, "schema_version": 0,
"attributes": { "attributes": {
"id": "6660434058046251894", "id": "6299339239344216968",
"triggers": { "triggers": {
"configuration_content": "{ config, lib, pkgs, ... }:\n{\n imports =\n [ # Include the results of the hardware scan.\n ./hardware-configuration.nix\n ];\n\n nixpkgs.config.allowUnfree = true;\n\n # Use the systemd-boot EFI boot loader.\n boot.loader.systemd-boot.enable = true;\n boot.loader.efi.canTouchEfiVariables = true;\n\n networking.hostName = \"jaglan-beta-m01\"; # Define your hostname.\n\n time.timeZone = \"Australia/Melbourne\";\n\n # List packages installed in system profile. To search, run:\n # $ nix search wget\n # environment.systemPackages = with pkgs; [\n # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.\n # wget\n # ];\n\n # Some programs need SUID wrappers, can be configured further or are\n # started in user sessions.\n # programs.mtr.enable = true;\n # programs.gnupg.agent = {\n # enable = true;\n # enableSSHSupport = true;\n # };\n\n # List services that you want to enable:\n services = {\n tailscale.enable = true;\n nomad = {\n enable = true;\n enableDocker = true;\n dropPrivileges = false;\n settings = {\n datacenter = \"jaglan-beta\";\n server = {\n enabled = true;\n bootstrap_expect = 1;\n };\n client = {\n enabled = true;\n };\n };\n };\n consul = {\n enable = true;\n webUi = true;\n interface.bind = \"tailscale0\"; # Bind to the Tailscale interface\n interface.advertise = \"tailscale0\"; # Advertise the Tailscale interface\n extraConfig = {\n bootstrap_expect = 1;\n server = true;\n client_addr = \"127.0.0.1 100.79.223.55\";\n datacenter = \"jaglan-beta\";\n };\n };\n openssh = {\n enable = true;\n settings.PermitRootLogin = \"yes\";\n };\n };\n\n # Fix issue where nomad needs alloc_mounts to be writable\n systemd.tmpfiles.rules = [\n \"d /var/lib/alloc_mounts 0755 root root -\"\n ];\n\n # Open ports in the firewall. 464X are the default ports for Nomad.\n networking.firewall.allowedTCPPorts = [ 80 4646 4647 4648 ];\n\n # Copy the NixOS configuration file and link it from the resulting system\n # (/run/current-system/configuration.nix). This is useful in case you\n # accidentally delete configuration.nix.\n system.copySystemConfiguration = true;\n\n # Defines the initial NixOS version for compatibility with older application data.\n # Do NOT change this value after installation without careful consideration.\n system.stateVersion = \"24.11\"; # Did you read the comment?\n}\n" "configuration_content": "{ config, lib, pkgs, ... }:\n{\n imports =\n [ # Include the results of the hardware scan.\n ./hardware-configuration.nix\n ];\n\n nixpkgs.config.allowUnfree = true;\n\n # Use the systemd-boot EFI boot loader.\n boot.loader.systemd-boot.enable = true;\n boot.loader.efi.canTouchEfiVariables = true;\n\n networking.hostName = \"jaglan-beta-m01\"; # Define your hostname.\n\n time.timeZone = \"Australia/Melbourne\";\n\n # List packages installed in system profile. To search, run:\n # $ nix search wget\n # environment.systemPackages = with pkgs; [\n # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.\n # wget\n # ];\n\n # Some programs need SUID wrappers, can be configured further or are\n # started in user sessions.\n # programs.mtr.enable = true;\n # programs.gnupg.agent = {\n # enable = true;\n # enableSSHSupport = true;\n # };\n\n # List services that you want to enable:\n services = {\n tailscale.enable = true;\n nomad = {\n enable = true;\n enableDocker = true;\n dropPrivileges = false;\n settings = {\n datacenter = \"jaglan-beta\";\n server = {\n enabled = true;\n bootstrap_expect = 1;\n };\n client = {\n enabled = true;\n host_volume = {\n traefik = {\n path = \"/opt/traefik\";\n read_only = false;\n };\n };\n plugin.docker.config.allow_privileged = true;\n };\n };\n };\n consul = {\n enable = true;\n webUi = true;\n interface.bind = \"tailscale0\"; # Bind to the Tailscale interface\n interface.advertise = \"tailscale0\"; # Advertise the Tailscale interface\n extraConfig = {\n bootstrap_expect = 1;\n server = true;\n client_addr = \"127.0.0.1 100.79.223.55\";\n datacenter = \"jaglan-beta\";\n };\n };\n openssh = {\n enable = true;\n settings.PermitRootLogin = \"yes\";\n };\n };\n\n systemd.tmpfiles.rules = [\n # Fix issue where nomad needs alloc_mounts to be writable\n \"d /var/lib/alloc_mounts 0755 root root -\"\n # Create a directory for Traefik to store its data (tls certs, etc.)\n \"d /opt/traefik 0755 root root -\"\n ];\n\n # Open ports in the firewall. 464X are the default ports for Nomad.\n networking.firewall.allowedTCPPorts = [ 80 443 4646 4647 4648 ];\n\n # Copy the NixOS configuration file and link it from the resulting system\n # (/run/current-system/configuration.nix). This is useful in case you\n # accidentally delete configuration.nix.\n system.copySystemConfiguration = true;\n\n # Defines the initial NixOS version for compatibility with older application data.\n # Do NOT change this value after installation without careful consideration.\n system.stateVersion = \"24.11\"; # Did you read the comment?\n}\n"
} }
}, },
"sensitive_attributes": [] "sensitive_attributes": []

31
2-nomad-config/csi-smb.nomad.hcl Normal file
View File

@@ -0,0 +1,31 @@
job "csi-smb" {
type = "system"
group "smb" {
task "plugin" {
driver = "docker"
config {
image = "mcr.microsoft.com/k8s/csi/smb-csi:v1.7.0"
args = [
"--v=5",
"--nodeid=${attr.unique.hostname}",
"--endpoint=unix:///csi/csi.sock",
"--drivername=smb.csi.k8s.io"
]
privileged = true
}
csi_plugin {
id = "smb"
type = "node"
mount_dir = "/csi"
}
resources {
cpu = 100
memory = 50
}
}
}
}

43
2-nomad-config/services.tf
View File

@@ -18,3 +18,46 @@ resource "nomad_job" "traefik" {
resource "nomad_job" "webapp" { resource "nomad_job" "webapp" {
jobspec = file("webapp.nomad.hcl") jobspec = file("webapp.nomad.hcl")
} }
resource "nomad_job" "csi-smb" {
jobspec = file("csi-smb.nomad.hcl")
}
data "nomad_plugin" "smb" {
plugin_id = "smb"
wait_for_healthy = true
}
resource "nomad_volume" "unraid_transfer" {
depends_on = [data.nomad_plugin.smb]
plugin_id = "smb"
type = "csi"
volume_id = "unraid_transfer_id5"
name = "unraid_transfer_name"
external_id = "unraid_transfer_ext"
capability {
access_mode = "single-node-writer"
attachment_mode = "file-system"
}
context = {
source = "//192.168.1.192/transfer"
}
parameters = {
source = "//192.168.1.192/transfer"
"csi.storage.k8s.io/node-stage-secret-name" = "smbcreds"
"csi.storage.k8s.io/node-stage-secret-namespace" = "default"
}
secrets = {
"username" = "anon"
"password" = ""
}
}
resource "nomad_job" "volume_test" {
jobspec = file("volume-test.nomad.hcl")
}

229
2-nomad-config/terraform.tfstate
View File

@@ -1,10 +1,97 @@
{ {
"version": 4, "version": 4,
"terraform_version": "1.11.4", "terraform_version": "1.11.4",
"serial": 206, "serial": 333,
"lineage": "15e0900c-88bc-9754-4600-e3977d018ba0", "lineage": "15e0900c-88bc-9754-4600-e3977d018ba0",
"outputs": {}, "outputs": {},
"resources": [ "resources": [
{
"mode": "data",
"type": "nomad_plugin",
"name": "smb",
"provider": "provider[\"registry.terraform.io/hashicorp/nomad\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"controller_required": false,
"controllers_expected": 0,
"controllers_healthy": 0,
"id": "smb",
"nodes": [
{
"healthy": true,
"healthy_description": "healthy",
"name": "0db77253-0579-e8b0-42cd-d619af9d8e73"
}
],
"nodes_expected": 1,
"nodes_healthy": 1,
"plugin_id": "smb",
"plugin_provider": "smb.csi.k8s.io",
"plugin_provider_version": "v1.7.0",
"wait_for_healthy": true,
"wait_for_registration": false
},
"sensitive_attributes": []
}
]
},
{
"mode": "managed",
"type": "nomad_job",
"name": "csi-smb",
"provider": "provider[\"registry.terraform.io/hashicorp/nomad\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"allocation_ids": [],
"datacenters": [
"*"
],
"deployment_id": null,
"deployment_status": null,
"deregister_on_destroy": true,
"deregister_on_id_change": true,
"detach": true,
"hcl2": [],
"id": "csi-smb",
"jobspec": "job \"csi-smb\" {\n type = \"system\"\n\n group \"smb\" {\n task \"plugin\" {\n driver = \"docker\"\n\n config {\n image = \"mcr.microsoft.com/k8s/csi/smb-csi:v1.7.0\"\n args = [\n \"--v=5\",\n \"--nodeid=${attr.unique.hostname}\",\n \"--endpoint=unix:///csi/csi.sock\",\n \"--drivername=smb.csi.k8s.io\"\n ]\n privileged = true\n }\n\n csi_plugin {\n id = \"smb\"\n type = \"node\"\n mount_dir = \"/csi\"\n }\n\n resources {\n cpu = 100\n memory = 50\n }\n }\n }\n}",
"json": null,
"modify_index": "11526",
"name": "csi-smb",
"namespace": "default",
"policy_override": null,
"purge_on_destroy": null,
"read_allocation_ids": false,
"region": "global",
"rerun_if_dead": false,
"status": "running",
"task_groups": [
{
"count": 1,
"meta": {},
"name": "smb",
"task": [
{
"driver": "docker",
"meta": {},
"name": "plugin",
"volume_mounts": []
}
],
"volumes": []
}
],
"timeouts": null,
"type": "system"
},
"sensitive_attributes": [],
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjozMDAwMDAwMDAwMDAsInVwZGF0ZSI6MzAwMDAwMDAwMDAwfX0="
}
]
},
{ {
"mode": "managed", "mode": "managed",
"type": "nomad_job", "type": "nomad_job",
@@ -15,7 +102,9 @@
"schema_version": 0, "schema_version": 0,
"attributes": { "attributes": {
"allocation_ids": [], "allocation_ids": [],
"datacenters": [], "datacenters": [
"*"
],
"deployment_id": null, "deployment_id": null,
"deployment_status": null, "deployment_status": null,
"deregister_on_destroy": true, "deregister_on_destroy": true,
@@ -133,9 +222,9 @@
"detach": true, "detach": true,
"hcl2": [], "hcl2": [],
"id": "traefik", "id": "traefik",
"jobspec": "job \"traefik\" {\n group \"traefik\" {\n network {\n port \"http\" {\n static = 80\n }\n\n port \"https\" {\n static = 443\n }\n\n port \"api\" {\n static = 8081\n }\n }\n\n service {\n name = \"traefik\"\n\n tags = [\n \"traefik.enable=true\",\n \"traefik.http.routers.traefik.rule=Host(`traefik.othrayte.one`)\",\n \"traefik.http.routers.traefik.service=traefik\",\n \"traefik.http.services.traefik.loadbalancer.server.port=8081\",\n ]\n\n check {\n name = \"alive\"\n type = \"tcp\"\n port = \"http\"\n interval = \"10s\"\n timeout = \"2s\"\n }\n }\n\n volume \"traefik\" {\n type = \"host\"\n read_only = false\n source = \"traefik\"\n }\n\n task \"traefik\" {\n driver = \"docker\"\n\n config {\n image = \"traefik:v3.3\"\n network_mode = \"host\"\n\n volumes = [\n \"local/traefik.yml:/etc/traefik/traefik.yml\",\n \"local/configs/:/etc/traefik/configs/\"\n ]\n }\n\n volume_mount {\n volume = \"traefik\"\n destination = \"/opt/traefik\"\n read_only = false\n }\n\n template {\n data = \u003c\u003cEOF\nentryPoints:\n web:\n address: \":80\"\n http:\n redirections:\n entryPoint:\n to: websecure\n scheme: https\n websecure:\n address: \":443\"\n http:\n middlewares:\n - auth@file\n tls:\n certResolver: letsencrypt\n traefik:\n address: \":8081\"\n\napi:\n dashboard: true\n insecure: true\n\nproviders:\n file:\n directory: \"/etc/traefik/configs/\"\n\n consulCatalog:\n prefix: \"traefik\"\n exposedByDefault: false\n defaultRule: {{\"Host(`{{ .Name }}.othrayte.one`)\"}}\n endpoint:\n address: \"127.0.0.1:8500\"\n scheme: \"http\"\n\ncertificatesResolvers:\n letsencrypt:\n acme:\n email: \"othrayte@gmail.com\"\n storage: \"/opt/traefik/acme.json\"\n httpChallenge:\n entryPoint: web\nEOF\n\n destination = \"local/traefik.yml\"\n }\n\n template {\n data = \u003c\u003cEOF\nhttp:\n middlewares:\n auth:\n basicAuth:\n users:\n - \"othrayte:$apr1$7PqVUfNm$Go/SNo6y331KYDnQdOLIt/\"\n \n routers:\n nomadui:\n rule: \"Host(`nomad.othrayte.one`)\"\n service: nomadui\n consului:\n rule: \"Host(`consul.othrayte.one`)\"\n service: consului\n\n services:\n nomadui:\n loadBalancer:\n servers:\n - url: \"http://127.0.0.1:4646\"\n consului:\n loadBalancer:\n servers:\n - url: \"http://127.0.0.1:8500\"\nEOF\n\n destination = \"local/configs/nomad.yml\"\n }\n\n resources {\n cpu = 100\n memory = 128\n }\n }\n }\n}\n", "jobspec": "job \"traefik\" {\n group \"traefik\" {\n network {\n port \"http\" {\n static = 80\n }\n\n port \"https\" {\n static = 443\n }\n\n port \"api\" {\n static = 8081\n }\n }\n\n service {\n name = \"traefik\"\n\n tags = [\n \"traefik.enable=true\",\n \"traefik.http.routers.traefik.rule=Host(`traefik.othrayte.one`)\",\n \"traefik.http.routers.traefik.service=traefik\",\n \"traefik.http.services.traefik.loadbalancer.server.port=8081\",\n ]\n\n check {\n name = \"alive\"\n type = \"tcp\"\n port = \"http\"\n interval = \"10s\"\n timeout = \"2s\"\n }\n }\n\n volume \"traefik\" {\n type = \"host\"\n read_only = false\n source = \"traefik\"\n }\n\n task \"traefik\" {\n driver = \"docker\"\n\n config {\n image = \"traefik:v3.3\"\n network_mode = \"host\"\n\n volumes = [\n \"local/traefik.yml:/etc/traefik/traefik.yml\",\n \"local/configs/:/etc/traefik/configs/\"\n ]\n }\n\n volume_mount {\n volume = \"traefik\"\n destination = \"/opt/traefik\"\n read_only = false\n }\n\n template {\n data = \u003c\u003cEOF\nentryPoints:\n web:\n address: \":80\"\n http:\n redirections:\n entryPoint:\n to: websecure\n scheme: https\n websecure:\n address: \":443\"\n http:\n middlewares:\n - auth@file\n tls:\n certResolver: letsencrypt\n traefik:\n address: \":8081\"\n\napi:\n dashboard: true\n insecure: true\n\nproviders:\n file:\n directory: \"/etc/traefik/configs/\"\n\n consulCatalog:\n prefix: \"traefik\"\n exposedByDefault: false\n defaultRule: {{\"Host(`{{ .Name }}.othrayte.one`)\"}}\n endpoint:\n address: \"127.0.0.1:8500\"\n scheme: \"http\"\n\ncertificatesResolvers:\n letsencrypt:\n acme:\n email: \"othrayte@gmail.com\"\n storage: \"/opt/traefik/acme.json\"\n httpChallenge:\n entryPoint: web\nEOF\n\n destination = \"local/traefik.yml\"\n }\n\n template {\n data = \u003c\u003cEOF\nhttp:\n middlewares:\n auth:\n basicAuth:\n users:\n - \"othrayte:$apr1$7PqVUfNm$Go/SNo6y331KYDnQdOLIt/\"\n \n routers:\n nomad-ui:\n rule: \"Host(`nomad.othrayte.one`)\"\n service: nomad-ui\n consul-ui:\n rule: \"Host(`consul.othrayte.one`)\"\n service: consul-ui\n unraid:\n rule: \"Host(`unraid.othrayte.one`)\"\n service: unraid\n\n services:\n nomad-ui:\n loadBalancer:\n servers:\n - url: \"http://127.0.0.1:4646\"\n consul-ui:\n loadBalancer:\n servers:\n - url: \"http://127.0.0.1:8500\"\n unraid:\n loadBalancer:\n servers:\n - url: \"http://192.168.1.192:80\"\nEOF\n\n destination = \"local/configs/nomad.yml\"\n }\n\n resources {\n cpu = 100\n memory = 128\n }\n }\n }\n}\n",
"json": null, "json": null,
"modify_index": "9314", "modify_index": "10880",
"name": "traefik", "name": "traefik",
"namespace": "default", "namespace": "default",
"policy_override": null, "policy_override": null,
@@ -181,6 +270,74 @@
} }
] ]
}, },
{
"mode": "managed",
"type": "nomad_job",
"name": "volume_test",
"provider": "provider[\"registry.terraform.io/hashicorp/nomad\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"allocation_ids": [],
"datacenters": [
"*"
],
"deployment_id": null,
"deployment_status": null,
"deregister_on_destroy": true,
"deregister_on_id_change": true,
"detach": true,
"hcl2": [],
"id": "volume-test",
"jobspec": "job \"volume-test\" {\n group \"web\" {\n network {\n port \"www\" {\n to = 80\n }\n }\n\n volume \"unraid_transfer_use\" {\n type = \"csi\"\n source = \"unraid_transfer_id5\"\n access_mode = \"single-node-writer\"\n attachment_mode = \"file-system\"\n read_only = true\n\n mount_options {\n fs_type = \"ext4\"\n mount_flags = [\"noatime\"]\n }\n }\n\n service {\n name = \"volume-test\"\n port = \"www\"\n \n tags = [\n \"traefik.enable=true\",\n ]\n\n check {\n name = \"alive\"\n type = \"tcp\"\n port = \"www\"\n interval = \"10s\"\n timeout = \"2s\"\n }\n }\n\n task \"webserver\" {\n driver = \"docker\"\n\n config {\n image = \"nginx:latest\"\n\n ports = [\"www\"]\n # volumes = [\n # \"local:/usr/share/nginx/html:ro\"\n # ]\n }\n\n volume_mount {\n volume = \"unraid_transfer_use\"\n\t destination = \"/usr/share/nginx/html/transfer\"\n read_only = true\n }\n\n # template {\n # data = \"\u003ch1\u003eVolume Test 1\u003c/h1\u003e\"\n # destination = \"local/index.html\"\n # }\n\n resources {\n cpu = 500\n memory = 256\n }\n }\n\n # volume \"local\" {\n # type = \"csi\"\n # source = \"unraid_transfer\"\n # read_only = true\n # access_mode = \"single-node-writer\"\n # attachment_mode = \"file-system\"\n # }\n }\n}",
"json": null,
"modify_index": "12228",
"name": "volume-test",
"namespace": "default",
"policy_override": null,
"purge_on_destroy": null,
"read_allocation_ids": false,
"region": "global",
"rerun_if_dead": false,
"status": "running",
"task_groups": [
{
"count": 1,
"meta": {},
"name": "web",
"task": [
{
"driver": "docker",
"meta": {},
"name": "webserver",
"volume_mounts": [
{
"destination": "/usr/share/nginx/html/transfer",
"read_only": true,
"volume": "unraid_transfer_use"
}
]
}
],
"volumes": [
{
"name": "unraid_transfer_use",
"read_only": true,
"source": "unraid_transfer_id5",
"type": "csi"
}
]
}
],
"timeouts": null,
"type": "service"
},
"sensitive_attributes": [],
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjozMDAwMDAwMDAwMDAsInVwZGF0ZSI6MzAwMDAwMDAwMDAwfX0="
}
]
},
{ {
"mode": "managed", "mode": "managed",
"type": "nomad_job", "type": "nomad_job",
@@ -235,6 +392,70 @@
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjozMDAwMDAwMDAwMDAsInVwZGF0ZSI6MzAwMDAwMDAwMDAwfX0=" "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjozMDAwMDAwMDAwMDAsInVwZGF0ZSI6MzAwMDAwMDAwMDAwfX0="
} }
] ]
},
{
"mode": "managed",
"type": "nomad_volume",
"name": "unraid_transfer",
"provider": "provider[\"registry.terraform.io/hashicorp/nomad\"]",
"instances": [
{
"schema_version": 1,
"attributes": {
"access_mode": null,
"attachment_mode": null,
"capability": [
{
"access_mode": "single-node-writer",
"attachment_mode": "file-system"
}
],
"context": {
"source": "//192.168.1.192/transfer"
},
"controller_required": false,
"controllers_expected": 0,
"controllers_healthy": 0,
"deregister_on_destroy": true,
"external_id": "unraid_transfer_ext",
"id": "unraid_transfer_id5",
"mount_options": [],
"name": "unraid_transfer_name",
"namespace": "default",
"nodes_expected": 1,
"nodes_healthy": 1,
"parameters": {
"csi.storage.k8s.io/node-stage-secret-name": "smbcreds",
"csi.storage.k8s.io/node-stage-secret-namespace": "default",
"source": "//192.168.1.192/transfer"
},
"plugin_id": "smb",
"plugin_provider": "smb.csi.k8s.io",
"plugin_provider_version": "v1.7.0",
"schedulable": true,
"secrets": {
"password": "",
"username": "anon"
},
"topologies": [],
"topology_request": [],
"type": "csi",
"volume_id": "unraid_transfer_id5"
},
"sensitive_attributes": [
[
{
"type": "get_attr",
"value": "secrets"
}
]
],
"private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==",
"dependencies": [
"data.nomad_plugin.smb"
]
}
]
} }
], ],
"check_results": null "check_results": null

198
2-nomad-config/terraform.tfstate.backup
View File

@@ -1,10 +1,65 @@
{ {
"version": 4, "version": 4,
"terraform_version": "1.11.4", "terraform_version": "1.11.4",
"serial": 204, "serial": 332,
"lineage": "15e0900c-88bc-9754-4600-e3977d018ba0", "lineage": "15e0900c-88bc-9754-4600-e3977d018ba0",
"outputs": {}, "outputs": {},
"resources": [ "resources": [
{
"mode": "managed",
"type": "nomad_job",
"name": "csi-smb",
"provider": "provider[\"registry.terraform.io/hashicorp/nomad\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"allocation_ids": [],
"datacenters": [
"*"
],
"deployment_id": null,
"deployment_status": null,
"deregister_on_destroy": true,
"deregister_on_id_change": true,
"detach": true,
"hcl2": [],
"id": "csi-smb",
"jobspec": "job \"csi-smb\" {\n type = \"system\"\n\n group \"smb\" {\n task \"plugin\" {\n driver = \"docker\"\n\n config {\n image = \"mcr.microsoft.com/k8s/csi/smb-csi:v1.7.0\"\n args = [\n \"--v=5\",\n \"--nodeid=${attr.unique.hostname}\",\n \"--endpoint=unix:///csi/csi.sock\",\n \"--drivername=smb.csi.k8s.io\"\n ]\n privileged = true\n }\n\n csi_plugin {\n id = \"smb\"\n type = \"node\"\n mount_dir = \"/csi\"\n }\n\n resources {\n cpu = 100\n memory = 50\n }\n }\n }\n}",
"json": null,
"modify_index": "11526",
"name": "csi-smb",
"namespace": "default",
"policy_override": null,
"purge_on_destroy": null,
"read_allocation_ids": false,
"region": "global",
"rerun_if_dead": false,
"status": "running",
"task_groups": [
{
"count": 1,
"meta": {},
"name": "smb",
"task": [
{
"driver": "docker",
"meta": {},
"name": "plugin",
"volume_mounts": []
}
],
"volumes": []
}
],
"timeouts": null,
"type": "system"
},
"sensitive_attributes": [],
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjozMDAwMDAwMDAwMDAsInVwZGF0ZSI6MzAwMDAwMDAwMDAwfX0="
}
]
},
{ {
"mode": "managed", "mode": "managed",
"type": "nomad_job", "type": "nomad_job",
@@ -15,7 +70,9 @@
"schema_version": 0, "schema_version": 0,
"attributes": { "attributes": {
"allocation_ids": [], "allocation_ids": [],
"datacenters": [], "datacenters": [
"*"
],
"deployment_id": null, "deployment_id": null,
"deployment_status": null, "deployment_status": null,
"deregister_on_destroy": true, "deregister_on_destroy": true,
@@ -23,9 +80,9 @@
"detach": true, "detach": true,
"hcl2": [], "hcl2": [],
"id": "glance", "id": "glance",
"jobspec": "job \"glance\" {\n group \"glance\" {\n count = 1\n\n network {\n port \"http\" {\n to = 8080\n }\n }\n\n task \"glance\" {\n driver = \"docker\"\n\n config {\n image = \"glanceapp/glance:latest\"\n ports = [\"http\"]\n volumes = [\n \"local/glance.yml:/app/config/glance.yml\",\n ]\n }\n\n service {\n name = \"home\"\n port = \"http\"\n \n tags = [\n \"traefik.enable=true\",\n ]\n\n check {\n name = \"alive\"\n type = \"tcp\"\n port = \"http\"\n interval = \"10s\"\n timeout = \"2s\"\n }\n }\n\n resources {\n cpu = 50\n memory = 128\n }\n\n\n template {\n data = \u003c\u003cEOF\npages:\n - name: Home\n # Optionally, if you only have a single page you can hide the desktop navigation for a cleaner look\n # hide-desktop-navigation: true\n columns:\n - size: small\n widgets:\n - type: calendar\n first-day-of-week: monday\n\n - type: rss\n limit: 10\n collapse-after: 3\n cache: 12h\n feeds:\n - url: https://selfh.st/rss/\n title: selfh.st\n limit: 4\n - url: https://ciechanow.ski/atom.xml\n - url: https://www.joshwcomeau.com/rss.xml\n title: Josh Comeau\n - url: https://samwho.dev/rss.xml\n - url: https://ishadeed.com/feed.xml\n title: Ahmad Shadeed\n\n - type: twitch-channels\n channels:\n - theprimeagen\n - j_blow\n - piratesoftware\n - cohhcarnage\n - christitustech\n - EJ_SA\n\n - size: full\n widgets:\n - type: group\n widgets:\n - type: hacker-news\n - type: lobsters\n\n - type: videos\n channels:\n - UCXuqSBlHAE6Xw-yeJA0Tunw # Linus Tech Tips\n - UCR-DXc1voovS8nhAvccRZhg # Jeff Geerling\n - UCsBjURrPoezykLs9EqgamOA # Fireship\n - UCBJycsmduvYEL83R_U4JriQ # Marques Brownlee\n - UCHnyfMqiRRG1u-2MsSQLbXA # Veritasium\n\n - type: bookmarks\n groups:\n - links:\n - title: Gmail\n url: https://mail.google.com/mail/u/0/\n - title: Amazon\n url: https://www.amazon.com/\n - title: Github\n url: https://github.com/\n - title: Wikipedia\n url: https://en.wikipedia.org/\n - title: Entertainment\n color: 10 70 50\n links:\n - title: Netflix\n url: https://www.netflix.com/\n - title: Disney+\n url: https://www.disneyplus.com/\n - title: YouTube\n url: https://www.youtube.com/\n - title: Prime Video\n url: https://www.primevideo.com/\n - title: Social\n color: 200 50 50\n links:\n - title: Reddit\n url: https://www.reddit.com/\n - title: Twitter\n url: https://twitter.com/\n - title: Instagram\n url: https://www.instagram.com/\n\n - size: small\n widgets:\n - type: weather\n location: Melbourne, Australia\n units: metric\n hour-format: 12h\n # Optionally hide the location from being displayed in the widget\n # hide-location: true\n\n - type: releases\n cache: 1d\n # Without authentication the Github API allows for up to 60 requests per hour. You can create a\n # read-only token from your Github account settings and use it here to increase the limit.\n # token: ...\n repositories:\n - glanceapp/glance\n - go-gitea/gitea\n - immich-app/immich\n - syncthing/syncthing\n\n # Add more pages here:\n # - name: Your page name\n # columns:\n # - size: small\n # widgets:\n # # Add widgets here\n\n # - size: full\n # widgets:\n # # Add widgets here\n\n # - size: small\n # widgets:\n # # Add widgets here\nEOF\n\n destination = \"local/glance.yml\"\n }\n\n }\n }\n}", "jobspec": "job \"glance\" {\n group \"glance\" {\n count = 1\n\n network {\n port \"http\" {\n to = 8080\n }\n }\n\n task \"glance\" {\n driver = \"docker\"\n\n config {\n image = \"glanceapp/glance:latest\"\n ports = [\"http\"]\n volumes = [\n \"local/glance.yml:/app/config/glance.yml\",\n ]\n }\n\n service {\n name = \"home\"\n port = \"http\"\n \n tags = [\n \"traefik.enable=true\",\n ]\n\n check {\n name = \"alive\"\n type = \"tcp\"\n port = \"http\"\n interval = \"10s\"\n timeout = \"2s\"\n }\n }\n\n resources {\n cpu = 50\n memory = 128\n }\n\n\n template {\n data = \u003c\u003cEOF\npages:\n - name: Home\n # Optionally, if you only have a single page you can hide the desktop navigation for a cleaner look\n # hide-desktop-navigation: true\n columns:\n - size: small\n widgets:\n - type: calendar\n first-day-of-week: monday\n\n - type: rss\n limit: 10\n collapse-after: 3\n cache: 12h\n feeds:\n - url: https://selfh.st/rss/\n title: selfh.st\n limit: 4\n - url: https://ciechanow.ski/atom.xml\n - url: https://www.joshwcomeau.com/rss.xml\n title: Josh Comeau\n - url: https://samwho.dev/rss.xml\n - url: https://ishadeed.com/feed.xml\n title: Ahmad Shadeed\n\n - type: twitch-channels\n channels:\n - theprimeagen\n - j_blow\n - piratesoftware\n - cohhcarnage\n - christitustech\n - EJ_SA\n\n - size: full\n widgets:\n - type: group\n widgets:\n - type: hacker-news\n - type: lobsters\n\n - type: videos\n channels:\n - UCXuqSBlHAE6Xw-yeJA0Tunw # Linus Tech Tips\n - UCR-DXc1voovS8nhAvccRZhg # Jeff Geerling\n - UCsBjURrPoezykLs9EqgamOA # Fireship\n - UCBJycsmduvYEL83R_U4JriQ # Marques Brownlee\n - UCHnyfMqiRRG1u-2MsSQLbXA # Veritasium\n\n - type: bookmarks\n groups:\n - links:\n - title: Gmail\n url: https://mail.google.com/mail/u/0/\n - title: Amazon\n url: https://www.amazon.com/\n - title: Github\n url: https://github.com/\n - title: Wikipedia\n url: https://en.wikipedia.org/\n - title: Infra\n color: 10 70 50\n links:\n - title: Nomad\n url: https://nomad.othrayte.one/\n - title: Consul\n url: https://consul.othrayte.one/\n - title: Traefik\n url: https://traefik.othrayte.one/\n - title: Social\n color: 200 50 50\n links:\n - title: Reddit\n url: https://www.reddit.com/\n - title: Twitter\n url: https://twitter.com/\n - title: Instagram\n url: https://www.instagram.com/\n\n - size: small\n widgets:\n - type: weather\n location: Melbourne, Australia\n units: metric\n hour-format: 12h\n # Optionally hide the location from being displayed in the widget\n # hide-location: true\n\n - type: releases\n cache: 1d\n # Without authentication the Github API allows for up to 60 requests per hour. You can create a\n # read-only token from your Github account settings and use it here to increase the limit.\n # token: ...\n repositories:\n - glanceapp/glance\n - go-gitea/gitea\n - immich-app/immich\n - syncthing/syncthing\n\n # Add more pages here:\n # - name: Your page name\n # columns:\n # - size: small\n # widgets:\n # # Add widgets here\n\n # - size: full\n # widgets:\n # # Add widgets here\n\n # - size: small\n # widgets:\n # # Add widgets here\nEOF\n\n destination = \"local/glance.yml\"\n }\n\n }\n }\n}",
"json": null, "json": null,
"modify_index": "9612", "modify_index": "9627",
"name": "glance", "name": "glance",
"namespace": "default", "namespace": "default",
"policy_override": null, "policy_override": null,
@@ -133,9 +190,9 @@
"detach": true, "detach": true,
"hcl2": [], "hcl2": [],
"id": "traefik", "id": "traefik",
"jobspec": "job \"traefik\" {\n group \"traefik\" {\n network {\n port \"http\" {\n static = 80\n }\n\n port \"https\" {\n static = 443\n }\n\n port \"api\" {\n static = 8081\n }\n }\n\n service {\n name = \"traefik\"\n\n tags = [\n \"traefik.enable=true\",\n \"traefik.http.routers.traefik.rule=Host(`traefik.othrayte.one`)\",\n \"traefik.http.routers.traefik.service=traefik\",\n \"traefik.http.services.traefik.loadbalancer.server.port=8081\",\n ]\n\n check {\n name = \"alive\"\n type = \"tcp\"\n port = \"http\"\n interval = \"10s\"\n timeout = \"2s\"\n }\n }\n\n volume \"traefik\" {\n type = \"host\"\n read_only = false\n source = \"traefik\"\n }\n\n task \"traefik\" {\n driver = \"docker\"\n\n config {\n image = \"traefik:v3.3\"\n network_mode = \"host\"\n\n volumes = [\n \"local/traefik.yml:/etc/traefik/traefik.yml\",\n \"local/configs/:/etc/traefik/configs/\"\n ]\n }\n\n volume_mount {\n volume = \"traefik\"\n destination = \"/opt/traefik\"\n read_only = false\n }\n\n template {\n data = \u003c\u003cEOF\nentryPoints:\n web:\n address: \":80\"\n http:\n redirections:\n entryPoint:\n to: websecure\n scheme: https\n websecure:\n address: \":443\"\n http:\n middlewares:\n - auth@file\n tls:\n certResolver: letsencrypt\n traefik:\n address: \":8081\"\n\napi:\n dashboard: true\n insecure: true\n\nproviders:\n file:\n directory: \"/etc/traefik/configs/\"\n\n consulCatalog:\n prefix: \"traefik\"\n exposedByDefault: false\n defaultRule: {{\"Host(`{{ .Name }}.othrayte.one`)\"}}\n endpoint:\n address: \"127.0.0.1:8500\"\n scheme: \"http\"\n\ncertificatesResolvers:\n letsencrypt:\n acme:\n email: \"othrayte@gmail.com\"\n storage: \"/opt/traefik/acme.json\"\n httpChallenge:\n entryPoint: web\nEOF\n\n destination = \"local/traefik.yml\"\n }\n\n template {\n data = \u003c\u003cEOF\nhttp:\n middlewares:\n auth:\n basicAuth:\n users:\n - \"othrayte:$apr1$7PqVUfNm$Go/SNo6y331KYDnQdOLIt/\"\n \n routers:\n nomadui:\n rule: \"Host(`nomad.othrayte.one`)\"\n service: nomadui\n consului:\n rule: \"Host(`consul.othrayte.one`)\"\n service: consului\n\n services:\n nomadui:\n loadBalancer:\n servers:\n - url: \"http://127.0.0.1:4646\"\n consului:\n loadBalancer:\n servers:\n - url: \"http://127.0.0.1:8500\"\nEOF\n\n destination = \"local/configs/nomad.yml\"\n }\n\n resources {\n cpu = 100\n memory = 128\n }\n }\n }\n}\n", "jobspec": "job \"traefik\" {\n group \"traefik\" {\n network {\n port \"http\" {\n static = 80\n }\n\n port \"https\" {\n static = 443\n }\n\n port \"api\" {\n static = 8081\n }\n }\n\n service {\n name = \"traefik\"\n\n tags = [\n \"traefik.enable=true\",\n \"traefik.http.routers.traefik.rule=Host(`traefik.othrayte.one`)\",\n \"traefik.http.routers.traefik.service=traefik\",\n \"traefik.http.services.traefik.loadbalancer.server.port=8081\",\n ]\n\n check {\n name = \"alive\"\n type = \"tcp\"\n port = \"http\"\n interval = \"10s\"\n timeout = \"2s\"\n }\n }\n\n volume \"traefik\" {\n type = \"host\"\n read_only = false\n source = \"traefik\"\n }\n\n task \"traefik\" {\n driver = \"docker\"\n\n config {\n image = \"traefik:v3.3\"\n network_mode = \"host\"\n\n volumes = [\n \"local/traefik.yml:/etc/traefik/traefik.yml\",\n \"local/configs/:/etc/traefik/configs/\"\n ]\n }\n\n volume_mount {\n volume = \"traefik\"\n destination = \"/opt/traefik\"\n read_only = false\n }\n\n template {\n data = \u003c\u003cEOF\nentryPoints:\n web:\n address: \":80\"\n http:\n redirections:\n entryPoint:\n to: websecure\n scheme: https\n websecure:\n address: \":443\"\n http:\n middlewares:\n - auth@file\n tls:\n certResolver: letsencrypt\n traefik:\n address: \":8081\"\n\napi:\n dashboard: true\n insecure: true\n\nproviders:\n file:\n directory: \"/etc/traefik/configs/\"\n\n consulCatalog:\n prefix: \"traefik\"\n exposedByDefault: false\n defaultRule: {{\"Host(`{{ .Name }}.othrayte.one`)\"}}\n endpoint:\n address: \"127.0.0.1:8500\"\n scheme: \"http\"\n\ncertificatesResolvers:\n letsencrypt:\n acme:\n email: \"othrayte@gmail.com\"\n storage: \"/opt/traefik/acme.json\"\n httpChallenge:\n entryPoint: web\nEOF\n\n destination = \"local/traefik.yml\"\n }\n\n template {\n data = \u003c\u003cEOF\nhttp:\n middlewares:\n auth:\n basicAuth:\n users:\n - \"othrayte:$apr1$7PqVUfNm$Go/SNo6y331KYDnQdOLIt/\"\n \n routers:\n nomad-ui:\n rule: \"Host(`nomad.othrayte.one`)\"\n service: nomad-ui\n consul-ui:\n rule: \"Host(`consul.othrayte.one`)\"\n service: consul-ui\n unraid:\n rule: \"Host(`unraid.othrayte.one`)\"\n service: unraid\n\n services:\n nomad-ui:\n loadBalancer:\n servers:\n - url: \"http://127.0.0.1:4646\"\n consul-ui:\n loadBalancer:\n servers:\n - url: \"http://127.0.0.1:8500\"\n unraid:\n loadBalancer:\n servers:\n - url: \"http://192.168.1.192:80\"\nEOF\n\n destination = \"local/configs/nomad.yml\"\n }\n\n resources {\n cpu = 100\n memory = 128\n }\n }\n }\n}\n",
"json": null, "json": null,
"modify_index": "9314", "modify_index": "10880",
"name": "traefik", "name": "traefik",
"namespace": "default", "namespace": "default",
"policy_override": null, "policy_override": null,
@@ -181,6 +238,74 @@
} }
] ]
}, },
{
"mode": "managed",
"type": "nomad_job",
"name": "volume_test",
"provider": "provider[\"registry.terraform.io/hashicorp/nomad\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"allocation_ids": [],
"datacenters": [
"*"
],
"deployment_id": null,
"deployment_status": null,
"deregister_on_destroy": true,
"deregister_on_id_change": true,
"detach": true,
"hcl2": [],
"id": "volume-test",
"jobspec": "job \"volume-test\" {\n group \"web\" {\n network {\n port \"www\" {\n to = 80\n }\n }\n\n volume \"unraid_transfer_use\" {\n type = \"csi\"\n source = \"unraid_transfer_id5\"\n access_mode = \"single-node-writer\"\n attachment_mode = \"file-system\"\n read_only = true\n\n mount_options {\n fs_type = \"ext4\"\n mount_flags = [\"noatime\"]\n }\n }\n\n service {\n name = \"volume-test\"\n port = \"www\"\n \n tags = [\n \"traefik.enable=true\",\n ]\n\n check {\n name = \"alive\"\n type = \"tcp\"\n port = \"www\"\n interval = \"10s\"\n timeout = \"2s\"\n }\n }\n\n task \"webserver\" {\n driver = \"docker\"\n\n config {\n image = \"nginx:latest\"\n\n ports = [\"www\"]\n # volumes = [\n # \"local:/usr/share/nginx/html:ro\"\n # ]\n }\n\n volume_mount {\n volume = \"unraid_transfer_use\"\n\t destination = \"/usr/share/nginx/html/transfer\"\n read_only = true\n }\n\n # template {\n # data = \"\u003ch1\u003eVolume Test 1\u003c/h1\u003e\"\n # destination = \"local/index.html\"\n # }\n\n resources {\n cpu = 500\n memory = 256\n }\n }\n\n # volume \"local\" {\n # type = \"csi\"\n # source = \"unraid_transfer\"\n # read_only = true\n # access_mode = \"single-node-writer\"\n # attachment_mode = \"file-system\"\n # }\n }\n}",
"json": null,
"modify_index": "12190",
"name": "volume-test",
"namespace": "default",
"policy_override": null,
"purge_on_destroy": null,
"read_allocation_ids": false,
"region": "global",
"rerun_if_dead": false,
"status": "pending",
"task_groups": [
{
"count": 1,
"meta": {},
"name": "web",
"task": [
{
"driver": "docker",
"meta": {},
"name": "webserver",
"volume_mounts": [
{
"destination": "/usr/share/nginx/html/transfer",
"read_only": true,
"volume": "unraid_transfer_use"
}
]
}
],
"volumes": [
{
"name": "unraid_transfer_use",
"read_only": true,
"source": "unraid_transfer_id5",
"type": "csi"
}
]
}
],
"timeouts": null,
"type": "service"
},
"sensitive_attributes": [],
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjozMDAwMDAwMDAwMDAsInVwZGF0ZSI6MzAwMDAwMDAwMDAwfX0="
}
]
},
{ {
"mode": "managed", "mode": "managed",
"type": "nomad_job", "type": "nomad_job",
@@ -235,6 +360,67 @@
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjozMDAwMDAwMDAwMDAsInVwZGF0ZSI6MzAwMDAwMDAwMDAwfX0=" "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjozMDAwMDAwMDAwMDAsInVwZGF0ZSI6MzAwMDAwMDAwMDAwfX0="
} }
] ]
},
{
"mode": "managed",
"type": "nomad_volume",
"name": "unraid_transfer",
"provider": "provider[\"registry.terraform.io/hashicorp/nomad\"]",
"instances": [
{
"schema_version": 1,
"attributes": {
"access_mode": null,
"attachment_mode": null,
"capability": [
{
"access_mode": "single-node-writer",
"attachment_mode": "file-system"
}
],
"context": {
"source": "//192.168.1.192/transfer"
},
"controller_required": false,
"controllers_expected": 0,
"controllers_healthy": 0,
"deregister_on_destroy": true,
"external_id": "unraid_transfer_ext",
"id": "unraid_transfer_id5",
"mount_options": [],
"name": "unraid_transfer_name",
"namespace": "default",
"nodes_expected": 1,
"nodes_healthy": 1,
"parameters": {
"csi.storage.k8s.io/node-stage-secret-name": "smbcreds",
"csi.storage.k8s.io/node-stage-secret-namespace": "default",
"source": "//192.168.1.192/transfer"
},
"plugin_id": "smb",
"plugin_provider": "smb.csi.k8s.io",
"plugin_provider_version": "v1.7.0",
"schedulable": true,
"secrets": {
"password": "",
"username": "anon"
},
"topologies": [],
"topology_request": [],
"type": "csi",
"volume_id": "unraid_transfer_id5"
},
"sensitive_attributes": [
[
{
"type": "get_attr",
"value": "secrets"
}
]
],
"private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ=="
}
]
} }
], ],
"check_results": null "check_results": null

19
2-nomad-config/traefik.nomad.hcl
View File

@@ -116,22 +116,29 @@ http:
- "othrayte:$apr1$7PqVUfNm$Go/SNo6y331KYDnQdOLIt/" - "othrayte:$apr1$7PqVUfNm$Go/SNo6y331KYDnQdOLIt/"
routers: routers:
nomadui: nomad-ui:
rule: "Host(`nomad.othrayte.one`)" rule: "Host(`nomad.othrayte.one`)"
service: nomadui service: nomad-ui
consului: consul-ui:
rule: "Host(`consul.othrayte.one`)" rule: "Host(`consul.othrayte.one`)"
service: consului service: consul-ui
unraid:
rule: "Host(`unraid.othrayte.one`)"
service: unraid
services: services:
nomadui: nomad-ui:
loadBalancer: loadBalancer:
servers: servers:
- url: "http://127.0.0.1:4646" - url: "http://127.0.0.1:4646"
consului: consul-ui:
loadBalancer: loadBalancer:
servers: servers:
- url: "http://127.0.0.1:8500" - url: "http://127.0.0.1:8500"
unraid:
loadBalancer:
servers:
- url: "http://192.168.1.192:80"
EOF EOF
destination = "local/configs/nomad.yml" destination = "local/configs/nomad.yml"

76
2-nomad-config/volume-test.nomad.hcl Normal file
View File

@@ -0,0 +1,76 @@
job "volume-test" {
group "web" {
network {
port "www" {
to = 80
}
}
volume "unraid_transfer_use" {
type = "csi"
source = "unraid_transfer_id5"
access_mode = "single-node-writer"
attachment_mode = "file-system"
read_only = true
mount_options {
fs_type = "ext4"
mount_flags = ["noatime"]
}
}
service {
name = "volume-test"
port = "www"
tags = [
"traefik.enable=true",
]
check {
name = "alive"
type = "tcp"
port = "www"
interval = "10s"
timeout = "2s"
}
}
task "webserver" {
driver = "docker"
config {
image = "nginx:latest"
ports = ["www"]
# volumes = [
# "local:/usr/share/nginx/html:ro"
# ]
}
volume_mount {
volume = "unraid_transfer_use"
destination = "/usr/share/nginx/html/transfer"
read_only = true
}
# template {
# data = "<h1>Volume Test 1</h1>"
# destination = "local/index.html"
# }
resources {
cpu = 500
memory = 256
}
}
# volume "local" {
# type = "csi"
# source = "unraid_transfer"
# read_only = true
# access_mode = "single-node-writer"
# attachment_mode = "file-system"
# }
}
}