infra/2-nomad-config/traefik.tf

resource "cloudflare_dns_record" "othrayte-one" {
  comment = "othrayte.one proxy via cloudflared tunnel to traefik"
  zone_id = "2616ab2a44d0645b03fbc3106c79bd99"
  type    = "CNAME"
  name    = "othrayte.one"
  content = "59ca3eb1-5f0b-45e1-97ff-e373569c6689.cfargotunnel.com"
  proxied = true
  ttl     = 1 # Auto
}

resource "cloudflare_dns_record" "star-othrayte-one" {
  comment = "*.othrayte.one proxy via cloudflared tunnel to traefik"
  zone_id = "2616ab2a44d0645b03fbc3106c79bd99"
  type    = "CNAME"
  name    = "*.othrayte.one"
  content = "59ca3eb1-5f0b-45e1-97ff-e373569c6689.cfargotunnel.com"
  proxied = true
  ttl     = 1 # Auto
}

resource "nomad_variable" "traefik" {
  path = "nomad/jobs/traefik"
  items = {
    cf_tunnel_token = data.sops_file.secrets.data["traefik.cf_tunnel_token"]
  }
}

resource "nomad_job" "traefik" {
  jobspec = templatefile("traefik.nomad.hcl", {
    hass_magic_token = nonsensitive(data.sops_file.secrets.data["hass.magic-token"])
  })
}