othrayte/infra
1
0
Fork 0
Code Issues 1 Pull Requests 2 Actions Packages Projects Releases Wiki Activity
Files
main
infra/2-nomad-config
History
Adrian Cowan a13f2cef25
Some checks failed
CI / Terraform fmt + validate (push) Failing after 42s
Details
Add Gitea act-runner and test actions for the repo
2026-04-18 18:12:39 +10:00
..
.terraform/providers/registry.terraform.io/hashicorp/nomad
1-data
Make appdata and unraid smb modules to reduce duplication
2025-11-20 23:45:16 +11:00
2-ingress
Move frigate into the cluster and enable GPU detector
2026-03-28 17:13:09 +11:00
modules
Make appdata and unraid smb modules to reduce duplication
2025-11-20 23:45:16 +11:00
secrets
Add Gitea act-runner and test actions for the repo
2026-04-18 18:12:39 +10:00
.terraform.lock.hcl
Use tailscale to allow ssh access to gitea
2025-05-23 00:15:04 +10:00
1-data.tf
Complete migration now that the changes are applied.
2025-10-22 22:04:37 +11:00
2-ingress.tf
Remove some state moved declarations
2025-11-20 23:45:56 +11:00
act-runner.nomad.hcl
Add Gitea act-runner and test actions for the repo
2026-04-18 18:12:39 +10:00
act-runner.tf
Add Gitea act-runner and test actions for the repo
2026-04-18 18:12:39 +10:00
deluge.nomad.hcl
Connect sonarr to deluge
2025-11-19 20:46:38 +11:00
deluge.tf
Make appdata and unraid smb modules to reduce duplication
2025-11-20 23:45:16 +11:00
frigate.nomad.hcl
Move frigate into the cluster and enable GPU detector
2026-03-28 17:13:09 +11:00
frigate.tf
Move frigate into the cluster and enable GPU detector
2026-03-28 17:13:09 +11:00
gitea.nomad.hcl
Add renovate and ntfy (unrelated)
2026-04-18 16:14:43 +10:00
gitea.tf
Make appdata and unraid smb modules to reduce duplication
2025-11-20 23:45:16 +11:00
glance.nomad.hcl
Format terraform and nomad files
2025-05-18 21:50:04 +10:00
glance.tf
Move each service to it's own tf file
2025-05-23 00:43:59 +10:00
immich.nomad.hcl
Setup storage of immich resouces and add tailscale access to allow uploading files too large to go over cloudflare (<100mb) See https://github.com/immich-app/immich/issues/17729 and https://github.com/immich-app/immich/pull/22385
2025-10-13 20:48:35 +11:00
immich.tf
Make appdata and unraid smb modules to reduce duplication
2025-11-20 23:45:16 +11:00
jellyfin.nomad.hcl
Add jellyfin
2025-11-10 19:24:21 +11:00
jellyfin.tf
Make appdata and unraid smb modules to reduce duplication
2025-11-20 23:45:16 +11:00
main.tf
Sort parts of the nomad intra into folders
2025-10-22 22:02:25 +11:00
ntfy.nomad.hcl
Cleanup diun references from ntfy, diun was never actually committed
2026-04-18 16:44:44 +10:00
ntfy.tf
Cleanup diun references from ntfy, diun was never actually committed
2026-04-18 16:44:44 +10:00
openreader.nomad.hcl
Add openreader
2026-04-18 11:37:18 +10:00
openreader.tf
Add openreader
2026-04-18 11:37:18 +10:00
prowlarr.nomad.hcl
Setup prowlarr
2025-11-19 20:49:05 +11:00
prowlarr.tf
Make appdata and unraid smb modules to reduce duplication
2025-11-20 23:45:16 +11:00
readme.md
Use the hostname for the unraid server rather than the IP
2025-11-07 19:42:38 +11:00
renovate.nomad.hcl
Add GitHub token to renovate configuration so it can pull release notes
2026-04-18 16:45:35 +10:00
renovate.tf
Add GitHub token to renovate configuration so it can pull release notes
2026-04-18 16:45:35 +10:00
sonarr.nomad.hcl
Setup prowlarr
2025-11-19 20:49:05 +11:00
sonarr.tf
Make appdata and unraid smb modules to reduce duplication
2025-11-20 23:45:16 +11:00
transfer.nomad.hcl
Remove noauth setting that is probably wrong as it doesn't work
2025-10-21 21:35:35 +11:00
transfer.tf
Make appdata and unraid smb modules to reduce duplication
2025-11-20 23:45:16 +11:00
unifi.nomad.hcl
Add Unifi Network
2025-11-06 19:30:42 +11:00
unifi.tf
Make appdata and unraid smb modules to reduce duplication
2025-11-20 23:45:16 +11:00

readme.md

Terraform State

Mount the state on the fileshare to 2-nomad-config/.tfstate/ sudo mount -t cifs //betelgeuse-seven-unraid.lan/appdata/terraform /home/othrayte/Code/infra/2-nomad-config/.tfstate/ -o rw,username=othrayte,password=<pw>,uid=$(id -u),gid=$(id -g)

Tailscale Oauth Client

We use a Tailscale oauth client secret to allow our containers to connect to tailscale. We created an oauth client called nomad with the auth_keys (write) scope for the tag nomad and stored the secret in our secrets file.

Secrets

The secrets file is encrypted using sops and will be automatically decrypted in the terraform provider.

Put the age keys in /home//.config/sops/age/keys.txt

Adding Secrets

Edit the secrets using sops secrets/secrets.enc.json

Bootstrapping (starting without PostgreSQL running)

terraform apply -target=module.data terraform apply -target=module.ingress

Restoring PostgreSQL DBs

psql -h jaglan-beta-m21 -p 5432 -U postgres -f ~/Downloads/all_databases.sql postgres

Deploying and testing changes

Sometimes the nomad job fails but the solution is to fix another job and so we need to tell nomad to retry the unchanged job. nomad job eval -force-reschedule glance

Reference in New Issue View Git Blame Copy Permalink