homelab/nomad-job/system/traefik-local.nomad

165 lines
4.5 KiB
Plaintext
Raw Normal View History

2022-04-24 10:47:41 +00:00
job "traefik-local" {
datacenters = ["homelab"]
2022-12-10 16:10:32 +00:00
priority = 90
2022-10-29 08:40:01 +00:00
type = "service"
2024-02-21 18:03:31 +00:00
constraint {
attribute = "${node.class}"
operator = "set_contains"
value = "cluster"
}
2022-04-24 10:47:41 +00:00
group "traefik-local" {
network {
mode = "host"
port "http" {
2022-10-29 08:40:01 +00:00
static = 80
2022-04-24 10:47:41 +00:00
}
port "https" {
2022-10-29 08:40:01 +00:00
static = 443
2022-04-24 10:47:41 +00:00
}
2022-04-27 11:04:57 +00:00
port "ssh" {
static = 2222
}
2023-10-01 17:30:23 +00:00
port "smtp" {
static = 25
}
port "esmtp" {
static = 465
}
port "imap" {
static= 993
}
2022-10-29 08:40:01 +00:00
port "admin" {
2024-04-12 06:59:20 +00:00
static = 9080
2022-04-24 10:47:41 +00:00
}
}
2022-10-29 08:40:01 +00:00
vault {
2023-09-17 16:28:12 +00:00
policies = ["traefik"]
2022-04-24 20:19:18 +00:00
}
2022-04-24 10:47:41 +00:00
2022-10-29 08:40:01 +00:00
task "traefik" {
2022-04-24 10:47:41 +00:00
driver = "docker"
service {
2022-04-24 13:23:26 +00:00
name = "traefik-local"
2022-04-24 10:47:41 +00:00
tags = ["traefik"]
port = "https"
}
service {
2022-05-13 09:43:07 +00:00
name = "traefik-local-admin"
2022-04-24 10:47:41 +00:00
port = "admin"
tags = [
2022-10-29 08:40:01 +00:00
"homer.enable=true",
"homer.name=Traefik admin",
"homer.subtitle=LAN",
"homer.service=Platform",
"homer.logo=https://upload.wikimedia.org/wikipedia/commons/1/1b/Traefik.logo.png",
"homer.target=_blank",
"homer.url=http://${NOMAD_ADDR_admin}",
2024-04-12 06:59:20 +00:00
"traefik.enable=true",
"traefik.http.middlewares.authelia.forwardauth.address=https://auth.ducamps.eu/api/authz/forward-auth",
"traefik.http.middlewares.authelia.forwardauth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email",
"traefik.http.middlewares.authelia.forwardauth.trustForwardHeader=true",
"traefik.http.middlewares.authelia-basic.forwardauth.address=https://auth.ducamps.eu/api/verify?auth=basic",
"traefik.http.middlewares.authelia-basic.forwardauth.trustForwardHeader=true",
"traefik.http.middlewares.authelia-basic.forwardauth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email"
2022-05-23 19:44:34 +00:00
2022-04-24 10:47:41 +00:00
]
}
config {
2024-03-17 17:58:24 +00:00
image = "docker.service.consul:5000/library/traefik"
2022-04-24 10:47:41 +00:00
ports = [
"http",
"https",
2022-04-27 11:04:57 +00:00
"admin",
2023-10-01 17:30:23 +00:00
"ssh",
"smtp",
"esmtp",
"imap",
2022-04-24 10:47:41 +00:00
]
2022-10-29 08:40:01 +00:00
volumes = [
2022-04-24 20:19:18 +00:00
"local/traefik.toml:/etc/traefik/traefik.toml",
"/mnt/diskstation/nomad/traefik/acme-local.json:/acme.json"
2022-04-24 10:47:41 +00:00
]
}
# vault{
#}
2022-05-12 09:37:38 +00:00
env {
}
2022-10-29 08:40:01 +00:00
template {
data = <<EOH
2023-09-17 16:28:12 +00:00
HETZNER_API_KEY = "{{with secret "secrets/data/nomad/traefik"}}{{.Data.data.hetznerdnstoken}}{{end}}"
2022-05-12 09:37:38 +00:00
EOH
2022-10-29 08:40:01 +00:00
destination = "secrets/gandi.env"
env = true
2022-05-12 09:37:38 +00:00
}
2022-04-24 20:19:18 +00:00
2022-10-29 08:40:01 +00:00
template {
data = <<EOH
2022-04-24 10:47:41 +00:00
[entryPoints]
[entryPoints.web]
address = ":80"
2022-05-23 17:48:35 +00:00
[entryPoints.web.http]
[entryPoints.web.http.redirections]
[entryPoints.web.http.redirections.entryPoint]
to = "websecure"
scheme = "https"
2022-04-24 10:47:41 +00:00
[entryPoints.websecure]
address = ":443"
2024-04-12 06:59:20 +00:00
[entryPoints.websecure.forwardedHeaders]
trustedIPs = ["127.0.0.1/32", "192.168.0.0/24" ,"10.0.0.0/8","172.16.0.0/12"]
[entryPoints.websecure.proxyProtocol]
trustedIPs = ["127.0.0.1/32", "192.168.0.0/24" ,"10.0.0.0/8","172.16.0.0/12"]
2022-04-24 10:47:41 +00:00
[entryPoints.traefik]
address = ":9080"
2022-04-27 11:04:57 +00:00
[entrypoints.ssh]
address = ":2222"
2023-10-01 17:30:23 +00:00
[entrypoints.smtp]
address = ":25"
[entrypoints.esmtp]
address = ":465"
[entrypoints.imap]
address = ":993"
2022-04-24 10:47:41 +00:00
[http.middlewares]
[http.middlewares.https-redirect.redirectscheme]
scheme = "https"
[providers.consulCatalog]
exposedByDefault = false
[providers.consulCatalog.endpoint]
2022-04-24 20:19:18 +00:00
address = "172.17.0.1:8500"
2022-04-24 10:47:41 +00:00
[log]
2022-12-18 11:25:11 +00:00
[accessLog]
2022-04-24 10:47:41 +00:00
[api]
dashboard = true
insecure = true
[ping]
2022-04-24 20:19:18 +00:00
[certificatesResolvers.myresolver.acme]
email = "vincent@ducamps.eu"
2022-04-24 20:19:18 +00:00
storage = "acme.json"
[certificatesResolvers.myresolver.acme.dnsChallenge]
2023-09-17 16:28:12 +00:00
provider = "hetzner"
2022-04-24 20:19:18 +00:00
delayBeforeCheck = 0
resolvers = ["hydrogen.ns.hetzner.com","oxygen.ns.hetzner.com"]
2022-05-13 09:43:07 +00:00
[metrics]
[metrics.prometheus]
2022-04-24 20:19:18 +00:00
2022-04-24 10:47:41 +00:00
EOH
2022-10-29 08:40:01 +00:00
destination = "local/traefik.toml"
env = false
change_mode = "noop"
left_delimiter = "{{{"
2022-04-24 10:47:41 +00:00
right_delimiter = "}}}"
2022-05-12 09:36:04 +00:00
}
resources {
memory = 200
}
2022-04-24 10:47:41 +00:00
}
}
}