othrayte/infra
1
0
Fork 0
Code Issues 1 Pull Requests 2 Actions Packages Projects Releases Wiki Activity
Files
cf4daacab585d5939af675a4e566413c5a8075eb
infra/2-nomad-config
History
Adrian Cowan cf4daacab5 Add jellyfin 
Customised the forward auth in authelia to ignore Authorization headers as authelia was failing to parse the Authorization: MediaBrowser headers that jellyfin uses.
2025-11-10 19:24:21 +11:00
..
.terraform/providers/registry.terraform.io/hashicorp/nomad
1-data
Use the hostname for the unraid server rather than the IP
2025-11-07 19:42:38 +11:00
2-ingress
Add jellyfin
2025-11-10 19:24:21 +11:00
secrets
Add sonarr
2025-11-09 15:51:25 +11:00
.terraform.lock.hcl
1-data.tf
Complete migration now that the changes are applied.
2025-10-22 22:04:37 +11:00
2-ingress.tf
Complete migration now that the changes are applied.
2025-10-22 22:04:37 +11:00
gitea.nomad.hcl
Switch from tailscale authkeys to an oauth client to fix issues with key expirey
2025-09-06 22:17:24 +10:00
gitea.tf
Use the hostname for the unraid server rather than the IP
2025-11-07 19:42:38 +11:00
glance.nomad.hcl
glance.tf
Move each service to it's own tf file
2025-05-23 00:43:59 +10:00
immich.nomad.hcl
Setup storage of immich resouces and add tailscale access to allow uploading files too large to go over cloudflare (<100mb) See https://github.com/immich-app/immich/issues/17729 and https://github.com/immich-app/immich/pull/22385
2025-10-13 20:48:35 +11:00
immich.tf
Use the hostname for the unraid server rather than the IP
2025-11-07 19:42:38 +11:00
jellyfin.nomad.hcl
Add jellyfin
2025-11-10 19:24:21 +11:00
jellyfin.tf
Add jellyfin
2025-11-10 19:24:21 +11:00
main.tf
Sort parts of the nomad intra into folders
2025-10-22 22:02:25 +11:00
readme.md
Use the hostname for the unraid server rather than the IP
2025-11-07 19:42:38 +11:00
sonarr.nomad.hcl
Add sonarr
2025-11-09 15:51:25 +11:00
sonarr.tf
Add sonarr
2025-11-09 15:51:25 +11:00
transfer.nomad.hcl
Remove noauth setting that is probably wrong as it doesn't work
2025-10-21 21:35:35 +11:00
transfer.tf
Use the hostname for the unraid server rather than the IP
2025-11-07 19:42:38 +11:00
unifi.nomad.hcl
Add Unifi Network
2025-11-06 19:30:42 +11:00
unifi.tf
Use the hostname for the unraid server rather than the IP
2025-11-07 19:42:38 +11:00

readme.md

Terraform State

Mount the state on the fileshare to 2-nomad-config/.tfstate/ sudo mount -t cifs //betelgeuse-seven-unraid.lan/appdata/terraform /home/othrayte/Code/infra/2-nomad-config/.tfstate/ -o rw,username=othrayte,password=<pw>,uid=$(id -u),gid=$(id -g)

Tailscale Oauth Client

We use a Tailscale oauth client secret to allow our containers to connect to tailscale. We created an oauth client called nomad with the auth_keys (write) scope for the tag nomad and stored the secret in our secrets file.

Secrets

The secrets file is encrypted using sops and will be automatically decrypted in the terraform provider.

Put the age keys in /home//.config/sops/age/keys.txt

Adding Secrets

Edit the secrets using sops secrets/secrets.enc.json

Bootstrapping (starting without PostgreSQL running)

terraform apply -target=module.data terraform apply -target=module.ingress

Restoring PostgreSQL DBs

psql -h jaglan-beta-m21 -p 5432 -U postgres -f ~/Downloads/all_databases.sql postgres

Deploying and testing changes

Sometimes the nomad job fails but the solution is to fix another job and so we need to tell nomad to retry the unchanged job. nomad job eval -force-reschedule glance

Reference in New Issue View Git Blame Copy Permalink