othrayte/infra
1
0
Fork 0
Code Issues 1 Pull Requests 6 Actions Packages Projects Releases Wiki Activity
Files
c14350f1353a9f67aee1e013aff3b834c92e3e98
infra/2-nomad-config
History
Adrian Cowan c14350f135
Some checks failed
CI / Terraform fmt + validate (pull_request) Successful in 20s
Details
CI / Nomad job spec validate (pull_request) Successful in 24s
Details
CI / Docker image pull validation (pull_request) Failing after 17s
Details
ci: add Docker image pull validation job (Phase 2) 
- Add image-pull job to .gitea/workflows/ci.yml that detects image
  changes in *.nomad.hcl files on PRs and pulls each changed image
- Remove act-runner labels config — default runner already uses
  docker.gitea.com/runner-images:ubuntu-latest which has docker CLI
- Remove CONFIG_FILE env var from act-runner (no longer needed)
- Mark Phase 2 complete in cicd-plan.md
2026-04-19 17:55:17 +10:00
..
.terraform/providers/registry.terraform.io/hashicorp/nomad
1-data
Make appdata and unraid smb modules to reduce duplication
2025-11-20 23:45:16 +11:00
2-ingress
Move frigate into the cluster and enable GPU detector
2026-03-28 17:13:09 +11:00
modules
Make appdata and unraid smb modules to reduce duplication
2025-11-20 23:45:16 +11:00
secrets
Add Gitea act-runner and test actions for the repo
2026-04-19 14:20:18 +10:00
.terraform.lock.hcl
1-data.tf
Complete migration now that the changes are applied.
2025-10-22 22:04:37 +11:00
2-ingress.tf
Remove some state moved declarations
2025-11-20 23:45:56 +11:00
act-runner.nomad.hcl
ci: add Docker image pull validation job (Phase 2)
2026-04-19 17:55:17 +10:00
act-runner.tf
Add Gitea act-runner and test actions for the repo
2026-04-19 14:20:18 +10:00
deluge.nomad.hcl
Connect sonarr to deluge
2025-11-19 20:46:38 +11:00
deluge.tf
Make appdata and unraid smb modules to reduce duplication
2025-11-20 23:45:16 +11:00
frigate.nomad.hcl
Move frigate into the cluster and enable GPU detector
2026-03-28 17:13:09 +11:00
frigate.tf
Move frigate into the cluster and enable GPU detector
2026-03-28 17:13:09 +11:00
gitea.nomad.hcl
Add Gitea act-runner and test actions for the repo
2026-04-19 14:20:18 +10:00
gitea.tf
Make appdata and unraid smb modules to reduce duplication
2025-11-20 23:45:16 +11:00
glance.nomad.hcl
glance.tf
immich.nomad.hcl
Setup storage of immich resouces and add tailscale access to allow uploading files too large to go over cloudflare (<100mb) See https://github.com/immich-app/immich/issues/17729 and https://github.com/immich-app/immich/pull/22385
2025-10-13 20:48:35 +11:00
immich.tf
Make appdata and unraid smb modules to reduce duplication
2025-11-20 23:45:16 +11:00
jellyfin.nomad.hcl
Add jellyfin
2025-11-10 19:24:21 +11:00
jellyfin.tf
Make appdata and unraid smb modules to reduce duplication
2025-11-20 23:45:16 +11:00
main.tf
Sort parts of the nomad intra into folders
2025-10-22 22:02:25 +11:00
ntfy.nomad.hcl
Cleanup diun references from ntfy, diun was never actually committed
2026-04-18 16:44:44 +10:00
ntfy.tf
Cleanup diun references from ntfy, diun was never actually committed
2026-04-18 16:44:44 +10:00
openreader.nomad.hcl
Add openreader
2026-04-18 11:37:18 +10:00
openreader.tf
Add openreader
2026-04-18 11:37:18 +10:00
prowlarr.nomad.hcl
Setup prowlarr
2025-11-19 20:49:05 +11:00
prowlarr.tf
Make appdata and unraid smb modules to reduce duplication
2025-11-20 23:45:16 +11:00
readme.md
Use the hostname for the unraid server rather than the IP
2025-11-07 19:42:38 +11:00
renovate.nomad.hcl
Add GitHub token to renovate configuration so it can pull release notes
2026-04-18 16:45:35 +10:00
renovate.tf
Add GitHub token to renovate configuration so it can pull release notes
2026-04-18 16:45:35 +10:00
sonarr.nomad.hcl
Setup prowlarr
2025-11-19 20:49:05 +11:00
sonarr.tf
Make appdata and unraid smb modules to reduce duplication
2025-11-20 23:45:16 +11:00
transfer.nomad.hcl
Remove noauth setting that is probably wrong as it doesn't work
2025-10-21 21:35:35 +11:00
transfer.tf
Make appdata and unraid smb modules to reduce duplication
2025-11-20 23:45:16 +11:00
unifi.nomad.hcl
Add Unifi Network
2025-11-06 19:30:42 +11:00
unifi.tf
Make appdata and unraid smb modules to reduce duplication
2025-11-20 23:45:16 +11:00

readme.md

Terraform State

Mount the state on the fileshare to 2-nomad-config/.tfstate/ sudo mount -t cifs //betelgeuse-seven-unraid.lan/appdata/terraform /home/othrayte/Code/infra/2-nomad-config/.tfstate/ -o rw,username=othrayte,password=<pw>,uid=$(id -u),gid=$(id -g)

Tailscale Oauth Client

We use a Tailscale oauth client secret to allow our containers to connect to tailscale. We created an oauth client called nomad with the auth_keys (write) scope for the tag nomad and stored the secret in our secrets file.

Secrets

The secrets file is encrypted using sops and will be automatically decrypted in the terraform provider.

Put the age keys in /home//.config/sops/age/keys.txt

Adding Secrets

Edit the secrets using sops secrets/secrets.enc.json

Bootstrapping (starting without PostgreSQL running)

terraform apply -target=module.data terraform apply -target=module.ingress

Restoring PostgreSQL DBs

psql -h jaglan-beta-m21 -p 5432 -U postgres -f ~/Downloads/all_databases.sql postgres

Deploying and testing changes

Sometimes the nomad job fails but the solution is to fix another job and so we need to tell nomad to retry the unchanged job. nomad job eval -force-reschedule glance

Reference in New Issue View Git Blame Copy Permalink