homelab/traefik-local.nomad

121 lines
2.7 KiB
Plaintext
Raw Normal View History

2022-04-24 10:47:41 +00:00
job "traefik-local" {
datacenters = ["homelab"]
type = "service"
2022-04-30 19:11:10 +00:00
constraint {
attribute = "${attr.unique.hostname}"
value = "gerard"
}
2022-04-24 10:47:41 +00:00
group "traefik-local" {
network {
mode = "host"
port "http" {
static = 80
}
port "https" {
static = 443
}
2022-04-27 11:04:57 +00:00
port "ssh" {
static = 2222
}
port "admin" {
2022-04-24 10:47:41 +00:00
static = 9080
}
}
2022-04-24 20:19:18 +00:00
vault{
policies=["access-tables"]
}
2022-04-24 10:47:41 +00:00
2022-05-12 09:36:04 +00:00
task "traefik-local" {
2022-04-24 10:47:41 +00:00
driver = "docker"
service {
2022-04-24 13:23:26 +00:00
name = "traefik-local"
2022-04-24 10:47:41 +00:00
tags = ["traefik"]
port = "https"
}
service {
2022-05-13 09:43:07 +00:00
name = "traefik-local-admin"
2022-04-24 10:47:41 +00:00
port = "admin"
tags = [
"traefik.enable=true",
"traefik.http.routers.${NOMAD_JOB_NAME}_insecure.rule=Host(`${NOMAD_JOB_NAME}.ducamps.win`)",
"traefik.http.routers.${NOMAD_JOB_NAME}.tls.domains[0].sans=${NOMAD_JOB_NAME}.ducamps.win",
]
}
config {
image = "traefik"
ports = [
"http",
"https",
2022-04-27 11:04:57 +00:00
"admin",
"ssh"
2022-04-24 10:47:41 +00:00
]
volumes =[
2022-04-24 20:19:18 +00:00
"local/traefik.toml:/etc/traefik/traefik.toml",
"/mnt/diskstation/nomad/traefik/acme-local.json:/acme.json"
2022-04-24 10:47:41 +00:00
]
}
# vault{
#}
2022-05-12 09:37:38 +00:00
env {
}
template{
data=<<EOH
GANDIV5_API_KEY = "{{with secret "secrets/data/gandi"}}{{.Data.data.API_KEY}}{{end}}"
EOH
destination= "secrets/gandi.env"
env = true
}
2022-04-24 20:19:18 +00:00
2022-05-12 09:37:38 +00:00
template{
2022-04-24 10:47:41 +00:00
data= <<EOH
[entryPoints]
[entryPoints.web]
address = ":80"
[entryPoints.websecure]
address = ":443"
[entryPoints.traefik]
address = ":9080"
2022-04-27 11:04:57 +00:00
[entrypoints.ssh]
address = ":2222"
2022-04-24 10:47:41 +00:00
[http.middlewares]
[http.middlewares.https-redirect.redirectscheme]
scheme = "https"
[providers.consulCatalog]
exposedByDefault = false
[providers.consulCatalog.endpoint]
2022-04-24 20:19:18 +00:00
address = "172.17.0.1:8500"
2022-04-24 10:47:41 +00:00
[log]
[api]
dashboard = true
insecure = true
[ping]
2022-04-24 20:19:18 +00:00
[certificatesResolvers.myresolver.acme]
email = "vincent@ducamps.win"
storage = "acme.json"
[certificatesResolvers.myresolver.acme.dnsChallenge]
provider = "gandiv5"
delayBeforeCheck = 0
resolvers = ["173.246.100.133:53"]
2022-05-13 09:43:07 +00:00
[metrics]
[metrics.prometheus]
2022-04-24 20:19:18 +00:00
2022-04-24 10:47:41 +00:00
EOH
destination = "local/traefik.toml"
env = false
change_mode = "noop"
left_delimiter = "{{{"
right_delimiter = "}}}"
2022-05-12 09:36:04 +00:00
}
resources {
memory = 200
}
2022-04-24 10:47:41 +00:00
}
}
}