othrayte/infra
1
0
Fork 0
Code Issues 1 Pull Requests 2 Actions Packages Projects Releases Wiki Activity

Compare commits

base: othrayte:c1aeb113546f8258ebb7ad667fdcd02582505de3
Branches Tags
othrayte:main othrayte:renovate/null-3.x othrayte:renovate/litestream-litestream-0.x
..
compare: othrayte:376c278c111e9d4125913998de700cfa27b29c5c
Branches Tags
othrayte:main othrayte:renovate/null-3.x othrayte:renovate/litestream-litestream-0.x

3 Commits
c1aeb11354 ... 376c278c11

Author SHA1 Message Date
Adrian Cowan
376c278c11 Cleanup credentials and db use 2025-05-25 18:01:47 +10:00
Adrian Cowan
ffbd240453 Fix pgbackup cron to only run once per day 2025-05-23 01:01:32 +10:00
Adrian Cowan
8e586b3352 Move each service to it's own tf file 2025-05-23 00:43:59 +10:00
13 changed files with 291 additions and 275 deletions
Expand all files Collapse all files

141
2-nomad-config/1-infra.tf
View File

@@ -1,141 +0,0 @@
terraform {
backend "local" {
path = "./.tfstate/terraform.tfstate"
}
}
terraform {
required_providers {
sops = {
source = "carlpett/sops"
version = "~> 0.5"
}
cloudflare = {
source = "cloudflare/cloudflare"
version = "~> 5"
}
postgresql = {
source = "cyrilgdn/postgresql"
}
}
}
provider "nomad" {
address = "http://jaglan-beta-m01.othrayte.one:4646"
}
data "sops_file" "secrets" {
source_file = "secrets.enc.json"
}
provider "cloudflare" {
api_token = data.sops_file.secrets.data["cloudflare.api_token"]
}
// Networking
resource "cloudflare_dns_record" "othrayte-one" {
comment = "othrayte.one proxy to internal IP for traefik"
zone_id = "2616ab2a44d0645b03fbc3106c79bd99"
type = "AAAA"
name = "othrayte.one"
content = data.sops_file.secrets.data["cloudflare.direct_ip6"]
proxied = true
ttl = 1 # Auto
}
resource "cloudflare_dns_record" "star-othrayte-one" {
comment = "*.othrayte.one proxy to internal IP for traefik"
zone_id = "2616ab2a44d0645b03fbc3106c79bd99"
type = "AAAA"
name = "*"
content = data.sops_file.secrets.data["cloudflare.direct_ip6"]
proxied = true
ttl = 1 # Auto
}
resource "nomad_job" "traefik" {
jobspec = file("traefik.nomad.hcl")
}
// Authentication
resource "nomad_job" "authelia" {
jobspec = file("authelia.nomad.hcl")
}
resource "nomad_variable" "authelia" {
path = "nomad/jobs/authelia"
items = {
session_secret = data.sops_file.secrets.data["authelia.session_secret"]
jwt_secret = data.sops_file.secrets.data["authelia.jwt_secret"]
encryption_key = data.sops_file.secrets.data["authelia.encryption_key"]
}
}
// Data
resource "nomad_job" "csi-smb" {
jobspec = file("csi-smb.nomad.hcl")
}
data "nomad_plugin" "smb" {
plugin_id = "smb"
wait_for_healthy = true
}
resource "nomad_job" "postgres" {
jobspec = file("postgres.nomad.hcl")
}
resource "nomad_job" "pgadmin" {
jobspec = file("pgadmin.nomad.hcl")
}
resource "nomad_job" "pgbackup" {
jobspec = file("pgbackup.nomad.hcl")
}
resource "nomad_variable" "postgres" {
path = "nomad/jobs/postgres"
items = {
postgres_password = data.sops_file.secrets.data["postgres.postgres"]
}
}
provider "postgresql" {
#host = "jaglan-beta-m01.othrayte.one"
host = "192.168.1.235"
port = 5432
database = "postgres"
username = "postgres"
password = data.sops_file.secrets.data["postgres.postgres"]
sslmode = "disable"
connect_timeout = 15
}
resource "nomad_csi_volume_registration" "unraid_database_dump" {
#Note: Before chaning the definition of this volume you need to stop the jobs that are using it
depends_on = [data.nomad_plugin.smb]
plugin_id = "smb"
volume_id = "unraid_database_dump"
name = "unraid_database_dump"
external_id = "unraid_database_dump"
capability {
access_mode = "single-node-writer"
attachment_mode = "file-system"
}
context = {
source = "//192.168.1.192/database-dump"
}
secrets = {
"username" = "nomad"
"password" = data.sops_file.secrets.data["unraid.nomad"]
}
}

121
2-nomad-config/2-services.tf
View File

@@ -1,121 +0,0 @@
resource "nomad_job" "glance" {
jobspec = file("glance.nomad.hcl")
}
resource "nomad_job" "transfer" {
jobspec = file("transfer.nomad.hcl")
}
resource "nomad_csi_volume_registration" "unraid_transfer" {
#Note: Before chaning the definition of this volume you need to stop the jobs that are using it
depends_on = [data.nomad_plugin.smb]
plugin_id = "smb"
volume_id = "unraid_transfer"
name = "unraid_transfer"
external_id = "unraid_transfer"
capability {
access_mode = "single-node-writer"
attachment_mode = "file-system"
}
context = {
source = "//192.168.1.192/transfer"
}
secrets = {
"username" = "anon"
"password" = ""
}
}
resource "nomad_csi_volume_registration" "unraid_appdata_transferfilebrowser" {
#Note: Before chaning the definition of this volume you need to stop the jobs that are using it
depends_on = [data.nomad_plugin.smb]
plugin_id = "smb"
volume_id = "unraid_appdata_transferfilebrowser"
name = "unraid_appdata_transferfilebrowser"
external_id = "unraid_appdata_transferfilebrowser"
capability {
access_mode = "single-node-writer"
attachment_mode = "file-system"
}
context = {
source = "//192.168.1.192/appdata"
subDir = "transferfilebrowser" # Note: Needs to be manually created on the share
}
secrets = {
"username" = "nomad"
"password" = data.sops_file.secrets.data["unraid.nomad"]
}
}
resource "cloudflare_dns_record" "git-othrayte-one" {
comment = "git.othrayte.one maps to tailscale fqdn"
zone_id = "2616ab2a44d0645b03fbc3106c79bd99"
type = "CNAME"
name = "git"
content = "git.tail15856.ts.net"
ttl = 1 # Auto
}
resource "nomad_job" "gitea" {
jobspec = templatefile("gitea.nomad.hcl", {
ts_authkey = data.sops_file.secrets.data["tailscale.auth_key"]
})
}
resource "nomad_variable" "gitea" {
path = "nomad/jobs/gitea"
items = {
internal_token = data.sops_file.secrets.data["gitea.internal_token"]
jwt_secret = data.sops_file.secrets.data["gitea.jwt_secret"]
}
}
resource "postgresql_role" "gitea" {
name = "gitea"
password = "gitea"
login = true
}
resource "postgresql_database" "gitea" {
name = "gitea"
owner = postgresql_role.gitea.name
}
resource "nomad_csi_volume_registration" "unraid_appdata_gitea" {
#Note: Before chaning the definition of this volume you need to stop the jobs that are using it
depends_on = [data.nomad_plugin.smb]
plugin_id = "smb"
volume_id = "unraid_appdata_gitea"
name = "unraid_appdata_gitea"
external_id = "unraid_appdata_gitea"
capability {
access_mode = "single-node-writer"
attachment_mode = "file-system"
}
context = {
source = "//192.168.1.192/appdata"
subDir = "gitea" # Note: Needs to be manually created on the share
}
secrets = {
"username" = "nomad"
"password" = data.sops_file.secrets.data["unraid.nomad"]
}
}

26
2-nomad-config/authelia.nomad.hcl
View File

@@ -1,11 +1,25 @@
job "authelia" { job "authelia" {
group "authelia" { group "authelia" {
network { network {
mode = "bridge"
port "http" { port "http" {
static = 9091 static = 9091
} }
} }
service {
connect {
sidecar_service {
proxy {
upstreams {
destination_name = "postgres"
local_bind_port = 5432
}
}
}
}
}
service { service {
name = "auth" name = "auth"
port = "http" port = "http"
@@ -59,9 +73,6 @@ access_control:
rules: rules:
- domain: "*.othrayte.one" - domain: "*.othrayte.one"
policy: one_factor policy: one_factor
# Disable auth for authelia
#- domain: "auth.othrayte.one"
# policy: bypass
session: session:
name: authelia_session name: authelia_session
@@ -72,9 +83,14 @@ session:
authelia_url: "https://auth.othrayte.one" authelia_url: "https://auth.othrayte.one"
storage: storage:
local:
path: /config/db.sqlite3
encryption_key: "{{ with nomadVar "nomad/jobs/authelia" }}{{ .encryption_key }}{{ end }}" encryption_key: "{{ with nomadVar "nomad/jobs/authelia" }}{{ .encryption_key }}{{ end }}"
postgres:
address: 'tcp://127.0.0.1:5432'
database: 'authelia'
schema: 'public'
username: 'authelia'
password: '{{ with nomadVar "nomad/jobs/authelia" }}{{ .database_pw }}{{ end }}'
timeout: '5s'
notifier: notifier:
filesystem: filesystem:

24
2-nomad-config/authelia.tf Normal file
View File

@@ -0,0 +1,24 @@
resource "nomad_job" "authelia" {
jobspec = file("authelia.nomad.hcl")
}
resource "postgresql_role" "authelia" {
name = "authelia"
password = data.sops_file.secrets.data["authelia.database_pw"]
login = true
}
resource "postgresql_database" "authelia" {
name = "authelia"
owner = postgresql_role.authelia.name
}
resource "nomad_variable" "authelia" {
path = "nomad/jobs/authelia"
items = {
session_secret = data.sops_file.secrets.data["authelia.session_secret"]
jwt_secret = data.sops_file.secrets.data["authelia.jwt_secret"]
encryption_key = data.sops_file.secrets.data["authelia.encryption_key"]
database_pw = data.sops_file.secrets.data["authelia.database_pw"]
}
}

2
2-nomad-config/gitea.nomad.hcl
View File

@@ -74,7 +74,7 @@ DB_TYPE = postgres
HOST = localhost:5432 HOST = localhost:5432
NAME = gitea NAME = gitea
USER = gitea USER = gitea
PASSWD = gitea PASSWD = {{ with nomadVar "nomad/jobs/gitea" }}{{ .database_pw }}{{ end }}
[repository] [repository]
ROOT = /data/git/repositories ROOT = /data/git/repositories

60
2-nomad-config/gitea.tf Normal file
View File

@@ -0,0 +1,60 @@
resource "cloudflare_dns_record" "git-othrayte-one" {
comment = "git.othrayte.one maps to tailscale fqdn"
zone_id = "2616ab2a44d0645b03fbc3106c79bd99"
type = "CNAME"
name = "git.othrayte.one"
content = "git.tail15856.ts.net"
ttl = 1 # Auto
}
resource "nomad_job" "gitea" {
jobspec = templatefile("gitea.nomad.hcl", {
ts_authkey = data.sops_file.secrets.data["tailscale.auth_key"]
})
}
resource "nomad_variable" "gitea" {
path = "nomad/jobs/gitea"
items = {
internal_token = data.sops_file.secrets.data["gitea.internal_token"]
jwt_secret = data.sops_file.secrets.data["gitea.jwt_secret"]
database_pw = data.sops_file.secrets.data["gitea.database_pw"]
}
}
resource "postgresql_role" "gitea" {
name = "gitea"
password = data.sops_file.secrets.data["gitea.database_pw"]
login = true
}
resource "postgresql_database" "gitea" {
name = "gitea"
owner = postgresql_role.gitea.name
}
resource "nomad_csi_volume_registration" "unraid_appdata_gitea" {
#Note: Before chaning the definition of this volume you need to stop the jobs that are using it
depends_on = [data.nomad_plugin.smb]
plugin_id = "smb"
volume_id = "unraid_appdata_gitea"
name = "unraid_appdata_gitea"
external_id = "unraid_appdata_gitea"
capability {
access_mode = "single-node-writer"
attachment_mode = "file-system"
}
context = {
source = "//192.168.1.192/appdata"
subDir = "gitea" # Note: Needs to be manually created on the share
}
secrets = {
"username" = "nomad"
"password" = data.sops_file.secrets.data["unraid.nomad"]
}
}

3
2-nomad-config/glance.tf Normal file
View File

@@ -0,0 +1,3 @@
resource "nomad_job" "glance" {
jobspec = file("glance.nomad.hcl")
}

42
2-nomad-config/main.tf Normal file
View File

@@ -0,0 +1,42 @@
terraform {
backend "local" {
path = "./.tfstate/terraform.tfstate"
}
}
terraform {
required_providers {
sops = {
source = "carlpett/sops"
version = "~> 0.5"
}
cloudflare = {
source = "cloudflare/cloudflare"
version = "~> 5"
}
postgresql = {
source = "cyrilgdn/postgresql"
}
}
}
provider "nomad" {
address = "http://jaglan-beta-m01.othrayte.one:4646"
}
data "sops_file" "secrets" {
source_file = "secrets.enc.json"
}
provider "cloudflare" {
api_token = data.sops_file.secrets.data["cloudflare.api_token"]
}
resource "nomad_job" "csi-smb" {
jobspec = file("csi-smb.nomad.hcl")
}
data "nomad_plugin" "smb" {
plugin_id = "smb"
wait_for_healthy = true
}

2
2-nomad-config/pgbackup.nomad.hcl
View File

@@ -2,7 +2,7 @@ job "pgbackup" {
type = "batch" type = "batch"
periodic { periodic {
# Note: To avoid issues with daylight savings, avoid scheduling jobs at 2am +/- 1 hour # Note: To avoid issues with daylight savings, avoid scheduling jobs at 2am +/- 1 hour
cron = "* 04 * * *" # Every day at 4am cron = "0 4 * * *" # Every day at 4am
time_zone = "Australia/Melbourne" time_zone = "Australia/Melbourne"
prohibit_overlap = true prohibit_overlap = true
} }

54
2-nomad-config/postgres.tf Normal file
View File

@@ -0,0 +1,54 @@
resource "nomad_job" "postgres" {
jobspec = file("postgres.nomad.hcl")
}
resource "nomad_job" "pgadmin" {
jobspec = file("pgadmin.nomad.hcl")
}
resource "nomad_job" "pgbackup" {
jobspec = file("pgbackup.nomad.hcl")
}
resource "nomad_variable" "postgres" {
path = "nomad/jobs/postgres"
items = {
postgres_password = data.sops_file.secrets.data["postgres.postgres"]
}
}
provider "postgresql" {
#host = "jaglan-beta-m01.othrayte.one"
host = "192.168.1.235"
port = 5432
database = "postgres"
username = "postgres"
password = data.sops_file.secrets.data["postgres.postgres"]
sslmode = "disable"
connect_timeout = 15
}
resource "nomad_csi_volume_registration" "unraid_database_dump" {
#Note: Before chaning the definition of this volume you need to stop the jobs that are using it
depends_on = [data.nomad_plugin.smb]
plugin_id = "smb"
volume_id = "unraid_database_dump"
name = "unraid_database_dump"
external_id = "unraid_database_dump"
capability {
access_mode = "single-node-writer"
attachment_mode = "file-system"
}
context = {
source = "//192.168.1.192/database-dump"
}
secrets = {
"username" = "nomad"
"password" = data.sops_file.secrets.data["unraid.nomad"]
}
}

14
2-nomad-config/secrets.enc.json
View File

@@ -10,16 +10,18 @@
"auth_key": "ENC[AES256_GCM,data:gzh4nqEOQLijp5DTGHHSn0aO1mFQUB3sVSdAVDLG+a2H6XJ0BtJJGU55oLJURy7E/um7gzwDofP5mwZGTA==,iv:yl8lHqnNLB2AXlBfMyw/0CAR7+KmyKKDFc7kxbo9S6c=,tag:CunYd62x3omji6ozqmhgOg==,type:str]" "auth_key": "ENC[AES256_GCM,data:gzh4nqEOQLijp5DTGHHSn0aO1mFQUB3sVSdAVDLG+a2H6XJ0BtJJGU55oLJURy7E/um7gzwDofP5mwZGTA==,iv:yl8lHqnNLB2AXlBfMyw/0CAR7+KmyKKDFc7kxbo9S6c=,tag:CunYd62x3omji6ozqmhgOg==,type:str]"
}, },
"authelia": { "authelia": {
"session_secret": "ENC[AES256_GCM,data:gPVSGzU00EjuW/NDD9bpsc+4DQ==,iv:IRzSKqfv2Quaj1bzrFaK0glCKEPrle+uI8fq/1HFi60=,tag:loiTEpEBGBwQETRWpOffNg==,type:str]", "session_secret": "ENC[AES256_GCM,data:eSpAwX/KPzed/Y0oi6QvBwB7Gv5Kiml4FJS5RyuJ7A0plAd8acNThNXi3H4=,iv:RmH0wB3smlSF+CYs4x1w2V9ixdxgdav4dAQntjO0S5g=,tag:Vo5eHiU+1/dep/IUryN/XQ==,type:str]",
"jwt_secret": "ENC[AES256_GCM,data:7Q/0M5IY0vLsgCE0z78L,iv:f6GymDrq2/NlKJuMNnDDmG2GUAzhonNa8LXlr0x1elw=,tag:1ITT9WmD3UOP30AjYEkLJQ==,type:str]", "jwt_secret": "ENC[AES256_GCM,data:XGDV2+SbMPYxhzv8S/6SjfA0MZeelRNjgIR10+qcTFYs2IW+IZjkCExLpQ==,iv:hv1b2Dddm21vObwQBUb3LZFfYjAkIm2/ZE1Syt3//YI=,tag:TojRWFctm1H72oPfq62Y2g==,type:str]",
"encryption_key": "ENC[AES256_GCM,data:wT7aYD2DIu4VQa3GTmlkBFBvtoPvlgUF/fYJo9+wQhRcywY=,iv:29pIf46S9+OVWgSNyuwOaOXD2bWTmdcLzMLQ06VywZQ=,tag:n9JkIbHCB2xFfJ7MHcUKvg==,type:str]" "encryption_key": "ENC[AES256_GCM,data:D5F7eScWxCQ8G7pU8khi8aj8/p8ZKSErROhrqKS569fYUQpsHt6+3QQfeH7/naMvJ45r/5oVGCGeeFcEqlY0lEnbFLJEZ/tSOcm4RcIigPcx4a+8H7s=,iv:sf+TdLzacFaDgYjYhw4RKExLu6XfpewKiklt/q7VVzw=,tag:Zu3kCJfCZ7ae7HneXF6jVA==,type:str]",
"database_pw": "ENC[AES256_GCM,data:w5TmJwjeFa8tgTXDBI7doNfbBnDBUoWyZ0Qetp4M5JpwyRv06kAj2sAKOCY=,iv:rJubsGeyxSXkOxyTjzTo1GJRgLNWbAIMy1sS74MiuHc=,tag:Sbi4gVZgRcJLriTxm2ebeQ==,type:str]"
}, },
"postgres": { "postgres": {
"postgres": "ENC[AES256_GCM,data:lKuLcVTuUbfrlVhRdCs=,iv:TsbtAbXYTysxuiCi08F0hJsgoolzzgE2EPdFdPMQ+NQ=,tag:9oNua06hHdeCzE7nB22c0g==,type:str]" "postgres": "ENC[AES256_GCM,data:lKuLcVTuUbfrlVhRdCs=,iv:TsbtAbXYTysxuiCi08F0hJsgoolzzgE2EPdFdPMQ+NQ=,tag:9oNua06hHdeCzE7nB22c0g==,type:str]"
}, },
"gitea": { "gitea": {
"internal_token": "ENC[AES256_GCM,data:teIsV+6nUPWO9/amas3FmK6uv44YEZNpV780ncTwUkQDygDvQRr7A3KEbk/rYFcTjfxK6Kw8nmqi0rBrcBNX1bSVNg8jwfYHhY2TxFMgCo4tkQxLf3eSBUhlPGsfpsskACKIPnZ1RQ2m,iv:NAKPw0YVNtLlyEp7wld9ml4zQlVxo/takiOid6YQlfA=,tag:QIk+USh8MLZDzJkQsglJ+w==,type:str]", "internal_token": "ENC[AES256_GCM,data:teIsV+6nUPWO9/amas3FmK6uv44YEZNpV780ncTwUkQDygDvQRr7A3KEbk/rYFcTjfxK6Kw8nmqi0rBrcBNX1bSVNg8jwfYHhY2TxFMgCo4tkQxLf3eSBUhlPGsfpsskACKIPnZ1RQ2m,iv:NAKPw0YVNtLlyEp7wld9ml4zQlVxo/takiOid6YQlfA=,tag:QIk+USh8MLZDzJkQsglJ+w==,type:str]",
"jwt_secret": "ENC[AES256_GCM,data:/dPDqJdn4Af3Wo005V7lU9b8RbN/wyF0Tx66827cdyaZfi4QPOSj23wNqw==,iv:yJW2PiAGGr97q0DoBr64X88eFNpuVPZX0SPyNDp5QjQ=,tag:p27XTUbMC0WDMTNJCscmGQ==,type:str]" "jwt_secret": "ENC[AES256_GCM,data:/dPDqJdn4Af3Wo005V7lU9b8RbN/wyF0Tx66827cdyaZfi4QPOSj23wNqw==,iv:yJW2PiAGGr97q0DoBr64X88eFNpuVPZX0SPyNDp5QjQ=,tag:p27XTUbMC0WDMTNJCscmGQ==,type:str]",
"database_pw": "ENC[AES256_GCM,data:EzGPKdsX3Ib2zWrz09kUdegIxGNwg1j4msbOKUmvCGy6R9/EG1nvOC9Z5Oo=,iv:msek112FxmVAwFume6b7RnSICL/sw5CK3XzgCq9Sp1s=,tag:UcxUi2hySv54liN+Ddodpw==,type:str]"
}, },
"sops": { "sops": {
"age": [ "age": [
@@ -28,8 +30,8 @@
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByUWM4ZDVVbGFrUGdMRHBX\nUFBmU3Nlc0RBSzhFK0tHNHpkQXUvUVdiZUZJCmpRN1lFdENpWW0rcThjVlVQNUl6\nWnlLU0RnQ3FZby81Ly8xTFBrek9nMncKLS0tIFQ4UTRNOC9CRmx4OFJWem1wckZz\nUDFTSzdWZldFK3FqcTNWTWRyNDhHQ2MKS811mR5xn7qiC/aVgPFYJ5c6Q3zxRfcr\nHcvxUvB01vNJKZpRg92vvKPkV6lQO3DXCT98OdfwiymlEOvYxg71Pg==\n-----END AGE ENCRYPTED FILE-----\n" "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByUWM4ZDVVbGFrUGdMRHBX\nUFBmU3Nlc0RBSzhFK0tHNHpkQXUvUVdiZUZJCmpRN1lFdENpWW0rcThjVlVQNUl6\nWnlLU0RnQ3FZby81Ly8xTFBrek9nMncKLS0tIFQ4UTRNOC9CRmx4OFJWem1wckZz\nUDFTSzdWZldFK3FqcTNWTWRyNDhHQ2MKS811mR5xn7qiC/aVgPFYJ5c6Q3zxRfcr\nHcvxUvB01vNJKZpRg92vvKPkV6lQO3DXCT98OdfwiymlEOvYxg71Pg==\n-----END AGE ENCRYPTED FILE-----\n"
} }
], ],
"lastmodified": "2025-05-22T14:03:49Z", "lastmodified": "2025-05-25T07:55:17Z",
"mac": "ENC[AES256_GCM,data:gRzCl7GS4ywePISLFcR4bd+D8lg+2ZNDpF1QEKS/VZmRZW42NIQT+xiNg7cX7QYYnMyAjckYVGXFlK2/INzHGHWZhuP7pREt9zVCFAXaDZ6s1FVV1ee59u9VdZX7mzUESxvUWEPYvrkbDPtTC6U0x67rihBj/oIc7tGCWt7EoyY=,iv:UVZPZiByRFb1gFL+n1NkokEuDPXaYPbTBhKhraUWOD4=,tag:prVhsjnUswTW9aHz8Xu9IA==,type:str]", "mac": "ENC[AES256_GCM,data:+R6CiOUxUKVJrCULbVPHzx1jI7z7RBwnWxbX2oBDh9gveNWz/e0ZLyRtoJJho7kRb8XugTPn5TOeKFdeecyJzjcL8fOkcwBQsUjywR0FhY/i1kWaPFmOskwl7iIQJUdtFz3etOAEjQlFTxuwxi3PtGcyZJn9kSMPff23tTKfRxY=,iv:2iVkNSaItt/bbWaR9/fIpv55FUyYMyFFD/SDNX467f0=,tag:76R72x9t4gw1G1nLheEniw==,type:str]",
"encrypted_regex": "^(.*)$", "encrypted_regex": "^(.*)$",
"version": "3.10.2" "version": "3.10.2"
} }

23
2-nomad-config/traefik.tf Normal file
View File

@@ -0,0 +1,23 @@
resource "cloudflare_dns_record" "othrayte-one" {
comment = "othrayte.one proxy to internal IP for traefik"
zone_id = "2616ab2a44d0645b03fbc3106c79bd99"
type = "AAAA"
name = "othrayte.one"
content = data.sops_file.secrets.data["cloudflare.direct_ip6"]
proxied = true
ttl = 1 # Auto
}
resource "cloudflare_dns_record" "star-othrayte-one" {
comment = "*.othrayte.one proxy to internal IP for traefik"
zone_id = "2616ab2a44d0645b03fbc3106c79bd99"
type = "AAAA"
name = "*.othrayte.one"
content = data.sops_file.secrets.data["cloudflare.direct_ip6"]
proxied = true
ttl = 1 # Auto
}
resource "nomad_job" "traefik" {
jobspec = file("traefik.nomad.hcl")
}

54
2-nomad-config/transfer.tf Normal file
View File

@@ -0,0 +1,54 @@
resource "nomad_job" "transfer" {
jobspec = file("transfer.nomad.hcl")
}
resource "nomad_csi_volume_registration" "unraid_transfer" {
#Note: Before chaning the definition of this volume you need to stop the jobs that are using it
depends_on = [data.nomad_plugin.smb]
plugin_id = "smb"
volume_id = "unraid_transfer"
name = "unraid_transfer"
external_id = "unraid_transfer"
capability {
access_mode = "single-node-writer"
attachment_mode = "file-system"
}
context = {
source = "//192.168.1.192/transfer"
}
secrets = {
"username" = "anon"
"password" = ""
}
}
resource "nomad_csi_volume_registration" "unraid_appdata_transferfilebrowser" {
#Note: Before chaning the definition of this volume you need to stop the jobs that are using it
depends_on = [data.nomad_plugin.smb]
plugin_id = "smb"
volume_id = "unraid_appdata_transferfilebrowser"
name = "unraid_appdata_transferfilebrowser"
external_id = "unraid_appdata_transferfilebrowser"
capability {
access_mode = "single-node-writer"
attachment_mode = "file-system"
}
context = {
source = "//192.168.1.192/appdata"
subDir = "transferfilebrowser" # Note: Needs to be manually created on the share
}
secrets = {
"username" = "nomad"
"password" = data.sops_file.secrets.data["unraid.nomad"]
}
}