700046cfd1
Remove unused strip-magic-token middleware from Traefik configuration
2025-10-20 20:25:19 +11:00
cdf2a6b72e
Fixup: traefik requires the certificate secrets to be protected. Made the same change on the actual storage host.
2025-10-14 22:07:48 +11:00
f7c2752192
Explicitly enable info level logging in traefik to make it easier to find where to set it to debug level
2025-10-14 20:11:56 +11:00
bf98fb84be
Make sure there is always one traefik instance up when changing the configuration so we can still access nomad via it
2025-10-14 20:11:22 +11:00
2d931f9cfa
Add kopia access to traefik
2025-10-14 20:10:32 +11:00
3cc6f4827d
Route to traefik directly via localhost due to in ability to route via the external port
2025-10-13 21:23:42 +11:00
4a5ad8d36b
Setup storage of immich resouces and add tailscale access to allow uploading files too large to go over cloudflare (<100mb) See https://github.com/immich-app/immich/issues/17729 and https://github.com/immich-app/immich/pull/22385
2025-10-13 20:48:35 +11:00
e6c6bb0c91
Resolve authelia via consul service mesh
2025-10-12 20:58:58 +11:00
e2562ce4b0
Add an immich server
2025-10-11 14:54:07 +11:00
b53bfe4075
Improve resilience by changing routing to traefik and setting up more servers.
...
Some changes were required to set 3 VMs as the cluster since the NUC failed and we are waiting for new hardware to arrive.
The ingest routing from the internet was changed to use cloudflared tunnel to traefik instead of via a specific host.
2025-10-11 14:46:06 +11:00
7f3161b2bb
Add magic token domain for hass to allow app access
2025-10-04 14:36:58 +10:00
facc3c64b2
Route frigate.othrayte.one to internal frigate instance
2025-10-04 14:18:16 +10:00
d64fec4bc0
Disable Nomad job configuration for Teams Status
2025-10-04 13:58:44 +10:00
8b234b8322
Fix bug in teams status (was fixed long ago)
2025-10-04 13:51:26 +10:00
612d322c4f
Update session management settings for Authelia: extend inactivity duration, adjust expiration time, and set remember_me period.
2025-10-04 13:46:56 +10:00
786b2c6670
Switch from tailscale authkeys to an oauth client to fix issues with key expirey
2025-09-06 22:17:24 +10:00
2d497e5195
Add Nomad job configuration for Teams Status Updater
2025-06-07 09:07:48 +10:00
8920be1ba0
Fix use of wrong port in traefik service definition
2025-05-28 00:05:46 +10:00
234c6d075c
Improve use of postgres from terraform
2025-05-27 23:22:08 +10:00
8b0b7c1e73
Fix some networking issues and setup a second nomad host
2025-05-25 22:40:41 +10:00
376c278c11
Cleanup credentials and db use
2025-05-25 18:01:47 +10:00
ffbd240453
Fix pgbackup cron to only run once per day
2025-05-23 01:01:32 +10:00
8e586b3352
Move each service to it's own tf file
2025-05-23 00:43:59 +10:00
c1aeb11354
Use tailscale to allow ssh access to gitea
2025-05-23 00:15:04 +10:00
3f70bc62d3
Disable tailscale on the nomad host
2025-05-22 23:25:35 +10:00
f7c4defe7d
Add gitea
2025-05-19 22:45:33 +10:00
3ab392b50b
Move nomad var secrets to secrets.enc.json
2025-05-18 23:44:24 +10:00
d2279028be
Remove the hello world services initially added for testing
2025-05-18 21:53:44 +10:00
9cdd529633
Format terraform and nomad files
2025-05-18 21:50:04 +10:00
837cfdae68
Remove comment about terraform access to nomad
...
it was orignally only working over tailscale, but it turned out it was just being blocked by the host firewall, that tailscale was bypassing. This was fixed back in the initial commit using nix by setting networking.firewall.allowedTCPPorts to include 4646.
2025-05-18 21:50:04 +10:00
021d22048d
Cleanup terraform files
...
by moving core infra into it's own file
2025-05-18 21:50:04 +10:00
b10df52f1c
Allow login sessions to last longer than 1hr
2025-05-18 20:45:26 +10:00
08a2e458b2
Initial work on db backups
2025-05-18 20:18:48 +10:00
c6925362a6
Add initial PostgreSQL and pgAdmin services with Nomad configuration
2025-05-16 22:43:45 +10:00
805636f44c
Properly persistent configs
2025-05-15 19:06:09 +10:00
b13a52233a
Cleanup volume handling and fix write access
2025-05-15 19:06:09 +10:00
66306e2428
Change from nomad_volume to nomad_csi_volume_registration
...
as the later is deprecated
2025-05-15 19:06:09 +10:00
1df01e6c76
Replace the volume test with a useful file browser
2025-05-15 19:06:09 +10:00
1a4d434d5b
Change from basic auth to authelia
2025-05-03 18:00:30 +10:00
195df929e3
Remove left over file
2025-05-01 03:55:48 +10:00
9c06f0bd80
Setup mounting smb shares as volumes using csi
2025-05-01 03:52:34 +10:00
874f17aa74
Customise glance a bit
2025-04-30 20:23:24 +10:00
2c345e45ce
Add glance as home
2025-04-30 02:02:32 +10:00
557b187c30
Setup HTTPS
2025-04-30 02:02:17 +10:00
8bb9fb18df
Setup basicauth
...
to use whilst we setup https and later proper auth
2025-04-29 22:27:37 +10:00
05771d891b
Add hcl extention for nomad files
...
to get syntax highlighting be default.
2025-04-29 20:58:59 +10:00
a36f10ef73
Setup the default rule for traefik subdomains
2025-04-29 20:56:38 +10:00
aab7efb5c3
Change routing to use subdomains
2025-04-29 20:35:04 +10:00
c158757661
Expose traefix on port 80
2025-04-29 18:49:16 +10:00
bdacd1d6a3
Setup some example apps behing traefik
2025-04-25 21:27:31 +10:00
