othrayte/infra
1
0
Fork 0
Code Issues 1 Pull Requests 2 Actions Packages Projects Releases Wiki Activity

Expose traefix on port 80

Browse Source
This commit is contained in:
Adrian Cowan
2025-04-29 18:49:16 +10:00
parent bdacd1d6a3
commit c158757661
6 changed files with 22 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
1-nixos-node/configuration.nix
View File

@@ -72,7 +72,7 @@
]; ];
# Open ports in the firewall. 464X are the default ports for Nomad. # Open ports in the firewall. 464X are the default ports for Nomad.
networking.firewall.allowedTCPPorts = [ 4646 4647 4648 ]; networking.firewall.allowedTCPPorts = [ 80 4646 4647 4648 ];
# Copy the NixOS configuration file and link it from the resulting system # Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you # (/run/current-system/configuration.nix). This is useful in case you

6
1-nixos-node/terraform.tfstate
View File

@@ -1,7 +1,7 @@
{ {
"version": 4, "version": 4,
"terraform_version": "1.11.4", "terraform_version": "1.11.4",
"serial": 58, "serial": 64,
"lineage": "db7dcf21-a255-0ec4-c8b8-d4a7559b3768", "lineage": "db7dcf21-a255-0ec4-c8b8-d4a7559b3768",
"outputs": {}, "outputs": {},
"resources": [ "resources": [
@@ -14,9 +14,9 @@
{ {
"schema_version": 0, "schema_version": 0,
"attributes": { "attributes": {
"id": "4356981667558216389", "id": "6660434058046251894",
"triggers": { "triggers": {
"configuration_content": "{ config, lib, pkgs, ... }:\n{\n imports =\n [ # Include the results of the hardware scan.\n ./hardware-configuration.nix\n ];\n\n nixpkgs.config.allowUnfree = true;\n\n # Use the systemd-boot EFI boot loader.\n boot.loader.systemd-boot.enable = true;\n boot.loader.efi.canTouchEfiVariables = true;\n\n networking.hostName = \"jaglan-beta-m01\"; # Define your hostname.\n\n time.timeZone = \"Australia/Melbourne\";\n\n # List packages installed in system profile. To search, run:\n # $ nix search wget\n # environment.systemPackages = with pkgs; [\n # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.\n # wget\n # ];\n\n # Some programs need SUID wrappers, can be configured further or are\n # started in user sessions.\n # programs.mtr.enable = true;\n # programs.gnupg.agent = {\n # enable = true;\n # enableSSHSupport = true;\n # };\n\n # List services that you want to enable:\n services = {\n tailscale.enable = true;\n nomad = {\n enable = true;\n enableDocker = true;\n dropPrivileges = false;\n settings = {\n datacenter = \"jaglan-beta\";\n server = {\n enabled = true;\n bootstrap_expect = 1;\n };\n client = {\n enabled = true;\n };\n };\n };\n consul = {\n enable = true;\n webUi = true;\n interface.bind = \"tailscale0\"; # Bind to the Tailscale interface\n interface.advertise = \"tailscale0\"; # Advertise the Tailscale interface\n extraConfig = {\n bootstrap_expect = 1;\n server = true;\n client_addr = \"127.0.0.1 100.79.223.55\";\n datacenter = \"jaglan-beta\";\n };\n };\n openssh = {\n enable = true;\n settings.PermitRootLogin = \"yes\";\n };\n };\n\n # Fix issue where nomad needs alloc_mounts to be writable\n systemd.tmpfiles.rules = [\n \"d /var/lib/alloc_mounts 0755 root root -\"\n ];\n\n # Open ports in the firewall. 464X are the default ports for Nomad.\n networking.firewall.allowedTCPPorts = [ 4646 4647 4648 ];\n\n # Copy the NixOS configuration file and link it from the resulting system\n # (/run/current-system/configuration.nix). This is useful in case you\n # accidentally delete configuration.nix.\n system.copySystemConfiguration = true;\n\n # Defines the initial NixOS version for compatibility with older application data.\n # Do NOT change this value after installation without careful consideration.\n system.stateVersion = \"24.11\"; # Did you read the comment?\n}\n" "configuration_content": "{ config, lib, pkgs, ... }:\n{\n imports =\n [ # Include the results of the hardware scan.\n ./hardware-configuration.nix\n ];\n\n nixpkgs.config.allowUnfree = true;\n\n # Use the systemd-boot EFI boot loader.\n boot.loader.systemd-boot.enable = true;\n boot.loader.efi.canTouchEfiVariables = true;\n\n networking.hostName = \"jaglan-beta-m01\"; # Define your hostname.\n\n time.timeZone = \"Australia/Melbourne\";\n\n # List packages installed in system profile. To search, run:\n # $ nix search wget\n # environment.systemPackages = with pkgs; [\n # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.\n # wget\n # ];\n\n # Some programs need SUID wrappers, can be configured further or are\n # started in user sessions.\n # programs.mtr.enable = true;\n # programs.gnupg.agent = {\n # enable = true;\n # enableSSHSupport = true;\n # };\n\n # List services that you want to enable:\n services = {\n tailscale.enable = true;\n nomad = {\n enable = true;\n enableDocker = true;\n dropPrivileges = false;\n settings = {\n datacenter = \"jaglan-beta\";\n server = {\n enabled = true;\n bootstrap_expect = 1;\n };\n client = {\n enabled = true;\n };\n };\n };\n consul = {\n enable = true;\n webUi = true;\n interface.bind = \"tailscale0\"; # Bind to the Tailscale interface\n interface.advertise = \"tailscale0\"; # Advertise the Tailscale interface\n extraConfig = {\n bootstrap_expect = 1;\n server = true;\n client_addr = \"127.0.0.1 100.79.223.55\";\n datacenter = \"jaglan-beta\";\n };\n };\n openssh = {\n enable = true;\n settings.PermitRootLogin = \"yes\";\n };\n };\n\n # Fix issue where nomad needs alloc_mounts to be writable\n systemd.tmpfiles.rules = [\n \"d /var/lib/alloc_mounts 0755 root root -\"\n ];\n\n # Open ports in the firewall. 464X are the default ports for Nomad.\n networking.firewall.allowedTCPPorts = [ 80 4646 4647 4648 ];\n\n # Copy the NixOS configuration file and link it from the resulting system\n # (/run/current-system/configuration.nix). This is useful in case you\n # accidentally delete configuration.nix.\n system.copySystemConfiguration = true;\n\n # Defines the initial NixOS version for compatibility with older application data.\n # Do NOT change this value after installation without careful consideration.\n system.stateVersion = \"24.11\"; # Did you read the comment?\n}\n"
} }
}, },
"sensitive_attributes": [] "sensitive_attributes": []

6
1-nixos-node/terraform.tfstate.backup
View File

@@ -1,7 +1,7 @@
{ {
"version": 4, "version": 4,
"terraform_version": "1.11.4", "terraform_version": "1.11.4",
"serial": 55, "serial": 61,
"lineage": "db7dcf21-a255-0ec4-c8b8-d4a7559b3768", "lineage": "db7dcf21-a255-0ec4-c8b8-d4a7559b3768",
"outputs": {}, "outputs": {},
"resources": [ "resources": [
@@ -14,9 +14,9 @@
{ {
"schema_version": 0, "schema_version": 0,
"attributes": { "attributes": {
"id": "971598338822699043", "id": "5465400375216950796",
"triggers": { "triggers": {
"configuration_content": "{ config, lib, pkgs, ... }:\n{\n imports =\n [ # Include the results of the hardware scan.\n ./hardware-configuration.nix\n ];\n\n nixpkgs.config.allowUnfree = true;\n\n # Use the systemd-boot EFI boot loader.\n boot.loader.systemd-boot.enable = true;\n boot.loader.efi.canTouchEfiVariables = true;\n\n networking.hostName = \"jaglan-beta-m01\"; # Define your hostname.\n\n time.timeZone = \"Australia/Melbourne\";\n\n # List packages installed in system profile. To search, run:\n # $ nix search wget\n # environment.systemPackages = with pkgs; [\n # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.\n # wget\n # ];\n\n # Some programs need SUID wrappers, can be configured further or are\n # started in user sessions.\n # programs.mtr.enable = true;\n # programs.gnupg.agent = {\n # enable = true;\n # enableSSHSupport = true;\n # };\n\n # List services that you want to enable:\n services = {\n tailscale.enable = true;\n nomad = {\n enable = true;\n enableDocker = true;\n dropPrivileges = false;\n settings = {\n datacenter = \"jaglan-beta\";\n server = {\n enabled = true;\n bootstrap_expect = 1;\n };\n client = {\n enabled = true;\n };\n };\n };\n consul = {\n enable = true;\n webUi = true;\n interface.bind = \"tailscale0\"; # Bind to the Tailscale interface\n interface.advertise = \"tailscale0\"; # Advertise the Tailscale interface\n extraConfig = {\n bootstrap_expect = 1;\n server = true;\n client_addr = \"100.79.223.55\";\n datacenter = \"jaglan-beta\";\n };\n };\n openssh = {\n enable = true;\n settings.PermitRootLogin = \"yes\";\n };\n };\n\n # Fix issue where nomad needs alloc_mounts to be writable\n systemd.tmpfiles.rules = [\n \"d /var/lib/alloc_mounts 0755 root root -\"\n ];\n\n # Open ports in the firewall. 464X are the default ports for Nomad.\n networking.firewall.allowedTCPPorts = [ 4646 4647 4648 ];\n\n # Copy the NixOS configuration file and link it from the resulting system\n # (/run/current-system/configuration.nix). This is useful in case you\n # accidentally delete configuration.nix.\n system.copySystemConfiguration = true;\n\n # Defines the initial NixOS version for compatibility with older application data.\n # Do NOT change this value after installation without careful consideration.\n system.stateVersion = \"24.11\"; # Did you read the comment?\n}\n" "configuration_content": "{ config, lib, pkgs, ... }:\n{\n imports =\n [ # Include the results of the hardware scan.\n ./hardware-configuration.nix\n ];\n\n nixpkgs.config.allowUnfree = true;\n\n # Use the systemd-boot EFI boot loader.\n boot.loader.systemd-boot.enable = true;\n boot.loader.efi.canTouchEfiVariables = true;\n\n networking.hostName = \"jaglan-beta-m01\"; # Define your hostname.\n\n time.timeZone = \"Australia/Melbourne\";\n\n # List packages installed in system profile. To search, run:\n # $ nix search wget\n # environment.systemPackages = with pkgs; [\n # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.\n # wget\n # ];\n\n # Some programs need SUID wrappers, can be configured further or are\n # started in user sessions.\n # programs.mtr.enable = true;\n # programs.gnupg.agent = {\n # enable = true;\n # enableSSHSupport = true;\n # };\n\n # List services that you want to enable:\n services = {\n tailscale.enable = true;\n nomad = {\n enable = true;\n enableDocker = true;\n dropPrivileges = false;\n settings = {\n datacenter = \"jaglan-beta\";\n server = {\n enabled = true;\n bootstrap_expect = 1;\n };\n client = {\n enabled = true;\n };\n };\n };\n consul = {\n enable = true;\n webUi = true;\n interface.bind = \"tailscale0\"; # Bind to the Tailscale interface\n interface.advertise = \"tailscale0\"; # Advertise the Tailscale interface\n extraConfig = {\n bootstrap_expect = 1;\n server = true;\n client_addr = \"127.0.0.1 100.79.223.55\";\n datacenter = \"jaglan-beta\";\n };\n };\n openssh = {\n enable = true;\n settings.PermitRootLogin = \"yes\";\n };\n };\n\n # Fix issue where nomad needs alloc_mounts to be writable\n systemd.tmpfiles.rules = [\n \"d /var/lib/alloc_mounts 0755 root root -\"\n ];\n\n # Open ports in the firewall. 464X are the default ports for Nomad.\n networking.firewall.allowedTCPPorts = [ 80 8080 4646 4647 4648 ];\n\n # Copy the NixOS configuration file and link it from the resulting system\n # (/run/current-system/configuration.nix). This is useful in case you\n # accidentally delete configuration.nix.\n system.copySystemConfiguration = true;\n\n # Defines the initial NixOS version for compatibility with older application data.\n # Do NOT change this value after installation without careful consideration.\n system.stateVersion = \"24.11\"; # Did you read the comment?\n}\n"
} }
}, },
"sensitive_attributes": [] "sensitive_attributes": []

14
2-nomad-config/terraform.tfstate
View File

@@ -1,7 +1,7 @@
{ {
"version": 4, "version": 4,
"terraform_version": "1.11.4", "terraform_version": "1.11.4",
"serial": 84, "serial": 87,
"lineage": "15e0900c-88bc-9754-4600-e3977d018ba0", "lineage": "15e0900c-88bc-9754-4600-e3977d018ba0",
"outputs": {}, "outputs": {},
"resources": [ "resources": [
@@ -15,7 +15,9 @@
"schema_version": 0, "schema_version": 0,
"attributes": { "attributes": {
"allocation_ids": [], "allocation_ids": [],
"datacenters": [], "datacenters": [
"*"
],
"deployment_id": null, "deployment_id": null,
"deployment_status": null, "deployment_status": null,
"deregister_on_destroy": true, "deregister_on_destroy": true,
@@ -68,9 +70,7 @@
"schema_version": 0, "schema_version": 0,
"attributes": { "attributes": {
"allocation_ids": [], "allocation_ids": [],
"datacenters": [ "datacenters": [],
"*"
],
"deployment_id": null, "deployment_id": null,
"deployment_status": null, "deployment_status": null,
"deregister_on_destroy": true, "deregister_on_destroy": true,
@@ -78,9 +78,9 @@
"detach": true, "detach": true,
"hcl2": [], "hcl2": [],
"id": "traefik", "id": "traefik",
"jobspec": "job \"traefik\" {\n group \"traefik\" {\n network {\n port \"http\" {\n static = 8080\n }\n\n port \"api\" {\n static = 8081\n }\n }\n\n service {\n name = \"traefik\"\n\n check {\n name = \"alive\"\n type = \"tcp\"\n port = \"http\"\n interval = \"10s\"\n timeout = \"2s\"\n }\n }\n\n task \"traefik\" {\n driver = \"docker\"\n\n config {\n image = \"traefik:v3.3\"\n network_mode = \"host\"\n\n volumes = [\n \"local/traefik.toml:/etc/traefik/traefik.toml\",\n ]\n }\n\n template {\n data = \u003c\u003cEOF\n[entryPoints]\n [entryPoints.http]\n address = \":8080\"\n [entryPoints.traefik]\n address = \":8081\"\n\n[api]\n dashboard = true\n insecure = true\n\n# Enable Consul Catalog configuration backend.\n[providers.consulCatalog]\n prefix = \"traefik\"\n exposedByDefault = false\n\n [providers.consulCatalog.endpoint]\n address = \"127.0.0.1:8500\"\n scheme = \"http\"\nEOF\n\n destination = \"local/traefik.toml\"\n }\n\n resources {\n cpu = 100\n memory = 128\n }\n }\n }\n}\n", "jobspec": "job \"traefik\" {\n group \"traefik\" {\n network {\n port \"http\" {\n static = 80\n }\n\n port \"api\" {\n static = 8081\n }\n }\n\n service {\n name = \"traefik\"\n\n check {\n name = \"alive\"\n type = \"tcp\"\n port = \"http\"\n interval = \"10s\"\n timeout = \"2s\"\n }\n }\n\n task \"traefik\" {\n driver = \"docker\"\n\n config {\n image = \"traefik:v3.3\"\n network_mode = \"host\"\n\n volumes = [\n \"local/traefik.toml:/etc/traefik/traefik.toml\",\n ]\n }\n\n template {\n data = \u003c\u003cEOF\n[entryPoints]\n [entryPoints.http]\n address = \":80\"\n [entryPoints.traefik]\n address = \":8081\"\n\n[api]\n dashboard = true\n insecure = true\n\n# Enable Consul Catalog configuration backend.\n[providers.consulCatalog]\n prefix = \"traefik\"\n exposedByDefault = false\n\n [providers.consulCatalog.endpoint]\n address = \"127.0.0.1:8500\"\n scheme = \"http\"\nEOF\n\n destination = \"local/traefik.toml\"\n }\n\n resources {\n cpu = 100\n memory = 128\n }\n }\n }\n}\n",
"json": null, "json": null,
"modify_index": "1509", "modify_index": "8173",
"name": "traefik", "name": "traefik",
"namespace": "default", "namespace": "default",
"policy_override": null, "policy_override": null,

10
2-nomad-config/terraform.tfstate.backup
View File

@@ -1,7 +1,7 @@
{ {
"version": 4, "version": 4,
"terraform_version": "1.11.4", "terraform_version": "1.11.4",
"serial": 82, "serial": 85,
"lineage": "15e0900c-88bc-9754-4600-e3977d018ba0", "lineage": "15e0900c-88bc-9754-4600-e3977d018ba0",
"outputs": {}, "outputs": {},
"resources": [ "resources": [
@@ -15,7 +15,9 @@
"schema_version": 0, "schema_version": 0,
"attributes": { "attributes": {
"allocation_ids": [], "allocation_ids": [],
"datacenters": [], "datacenters": [
"*"
],
"deployment_id": null, "deployment_id": null,
"deployment_status": null, "deployment_status": null,
"deregister_on_destroy": true, "deregister_on_destroy": true,
@@ -23,9 +25,9 @@
"detach": true, "detach": true,
"hcl2": [], "hcl2": [],
"id": "hello-world", "id": "hello-world",
"jobspec": "job \"hello-world\" {\n group \"servers\" {\n network {\n port \"www\" {\n to = -1\n }\n }\n\n service {\n name = \"hello-world\"\n port = \"www\"\n \n tags = [\n \"traefik.enable=true\",\n \"traefik.http.routers.hello.rule=PathPrefix(`/hello`)\",\n \"traefik.http.middlewares.strip-hello.stripPrefix.prefixes=/hello\",\n \"traefik.http.routers.foo.middlewares=strip-hello\",\n ]\n\n check {\n name = \"alive\"\n type = \"tcp\"\n port = \"www\"\n interval = \"10s\"\n timeout = \"2s\"\n }\n }\n \n\n # Tasks are individual units of work that are run by Nomad.\n task \"web\" {\n # This particular task starts a simple web server within a Docker container\n driver = \"docker\"\n\n config {\n image = \"busybox:1\"\n command = \"httpd\"\n args = [\"-v\", \"-f\", \"-p\", \"${NOMAD_PORT_www}\", \"-h\", \"/local\"]\n ports = [\"www\"]\n }\n\n template {\n data = \u003c\u003c-EOF\n \u003ch1\u003eHello, Nomad!\u003c/h1\u003e\n \u003cul\u003e\n \u003cli\u003eTask: {{env \"NOMAD_TASK_NAME\"}}\u003c/li\u003e\n \u003cli\u003eGroup: {{env \"NOMAD_GROUP_NAME\"}}\u003c/li\u003e\n \u003cli\u003eJob: {{env \"NOMAD_JOB_NAME\"}}\u003c/li\u003e\n \u003cli\u003eMetadata value for foo: {{env \"NOMAD_META_foo\"}}\u003c/li\u003e\n \u003cli\u003eCurrently running on port: {{env \"NOMAD_PORT_www\"}}\u003c/li\u003e\n \u003c/ul\u003e\n EOF\n destination = \"local/index.html\"\n }\n\n # Specify the maximum resources required to run the task\n resources {\n cpu = 50\n memory = 64\n }\n }\n }\n}", "jobspec": "job \"hello-world\" {\n group \"servers\" {\n network {\n port \"www\" {\n to = -1\n }\n }\n\n service {\n name = \"hello-world\"\n port = \"www\"\n \n tags = [\n \"traefik.enable=true\",\n \"traefik.http.routers.hello.rule=PathPrefix(`/hello`)\",\n \"traefik.http.middlewares.strip-hello.stripPrefix.prefixes=/hello\",\n \"traefik.http.routers.hello.middlewares=strip-hello\",\n ]\n\n check {\n name = \"alive\"\n type = \"tcp\"\n port = \"www\"\n interval = \"10s\"\n timeout = \"2s\"\n }\n }\n \n\n # Tasks are individual units of work that are run by Nomad.\n task \"web\" {\n # This particular task starts a simple web server within a Docker container\n driver = \"docker\"\n\n config {\n image = \"busybox:1\"\n command = \"httpd\"\n args = [\"-v\", \"-f\", \"-p\", \"${NOMAD_PORT_www}\", \"-h\", \"/local\"]\n ports = [\"www\"]\n }\n\n template {\n data = \u003c\u003c-EOF\n \u003ch1\u003eHello, Nomad!\u003c/h1\u003e\n \u003cul\u003e\n \u003cli\u003eTask: {{env \"NOMAD_TASK_NAME\"}}\u003c/li\u003e\n \u003cli\u003eGroup: {{env \"NOMAD_GROUP_NAME\"}}\u003c/li\u003e\n \u003cli\u003eJob: {{env \"NOMAD_JOB_NAME\"}}\u003c/li\u003e\n \u003cli\u003eMetadata value for foo: {{env \"NOMAD_META_foo\"}}\u003c/li\u003e\n \u003cli\u003eCurrently running on port: {{env \"NOMAD_PORT_www\"}}\u003c/li\u003e\n \u003c/ul\u003e\n EOF\n destination = \"local/index.html\"\n }\n\n # Specify the maximum resources required to run the task\n resources {\n cpu = 50\n memory = 64\n }\n }\n }\n}",
"json": null, "json": null,
"modify_index": "1981", "modify_index": "1989",
"name": "hello-world", "name": "hello-world",
"namespace": "default", "namespace": "default",
"policy_override": null, "policy_override": null,

4
2-nomad-config/traefik.nomad
View File

@@ -2,7 +2,7 @@ job "traefik" {
group "traefik" { group "traefik" {
network { network {
port "http" { port "http" {
static = 8080 static = 80
} }
port "api" { port "api" {
@@ -38,7 +38,7 @@ job "traefik" {
data = <<EOF data = <<EOF
[entryPoints] [entryPoints]
[entryPoints.http] [entryPoints.http]
address = ":8080" address = ":80"
[entryPoints.traefik] [entryPoints.traefik]
address = ":8081" address = ":8081"