163 lines
3.5 KiB
Plaintext
163 lines
3.5 KiB
Plaintext
|
|
||
|
job "pdns-auth" {
|
||
|
datacenters = ["homelab"]
|
||
|
priority = 100
|
||
|
meta {
|
||
|
force = 2
|
||
|
}
|
||
|
type = "service"
|
||
|
constraint {
|
||
|
attribute = "${attr.cpu.arch}"
|
||
|
value = "amd64"
|
||
|
}
|
||
|
group "pdns-auth" {
|
||
|
network {
|
||
|
port "dns" {
|
||
|
static=5300
|
||
|
}
|
||
|
port "http" {
|
||
|
static = 8081
|
||
|
}
|
||
|
port "pdnsadmin"{
|
||
|
to = 80
|
||
|
}
|
||
|
}
|
||
|
vault {
|
||
|
policies = ["pdns"]
|
||
|
}
|
||
|
task "pdns-auth" {
|
||
|
|
||
|
driver = "docker"
|
||
|
service {
|
||
|
name = "pdns-auth"
|
||
|
port = "dns"
|
||
|
|
||
|
check {
|
||
|
name = "service: dns tcp check"
|
||
|
type = "tcp"
|
||
|
interval = "10s"
|
||
|
timeout = "2s"
|
||
|
|
||
|
success_before_passing = "3"
|
||
|
failures_before_critical = "3"
|
||
|
}
|
||
|
}
|
||
|
config {
|
||
|
image = "powerdns/pdns-auth-48:latest"
|
||
|
network_mode = "host"
|
||
|
|
||
|
volumes = [
|
||
|
"/mnt/diskstation/nomad/pdns-auth/var:/var/lib/powerdns/",
|
||
|
"local/dnsupdate.conf:/etc/powerdns/pdns.d/dnsupdate.conf",
|
||
|
"local/pdns.conf:/etc/powerdns/pdns.conf"
|
||
|
]
|
||
|
}
|
||
|
template {
|
||
|
destination = "secrets/env"
|
||
|
|
||
|
data = <<EOH
|
||
|
{{ with secret "secrets/data/nomad/pdns"}}
|
||
|
PDNS_AUTH_API_KEY="{{.Data.data.API_KEY}}"
|
||
|
{{ end }}
|
||
|
EOH
|
||
|
env = true
|
||
|
}
|
||
|
template{
|
||
|
destination = "local/dnsupdate.conf"
|
||
|
data = <<EOH
|
||
|
dnsupdate=yes
|
||
|
allow-dnsupdate-from=192.168.1.41/24
|
||
|
local-address=0.0.0.0:5300
|
||
|
local-port=5300
|
||
|
EOH
|
||
|
}
|
||
|
template{
|
||
|
destination = "local/pdns.conf"
|
||
|
data = <<EOH
|
||
|
launch=gpgsql
|
||
|
gpgsql-host=active.db.service.consul
|
||
|
gpgsql-port=5432
|
||
|
gpgsql-user=pdns-auth
|
||
|
{{ with secret "secrets/data/database/pdns"}}
|
||
|
gpgsql-password={{ .Data.data.pdnsauth }}
|
||
|
{{ end }}
|
||
|
include-dir=/etc/powerdns/pdns.d
|
||
|
EOH
|
||
|
}
|
||
|
resources {
|
||
|
memory = 100
|
||
|
}
|
||
|
}
|
||
|
task "pnds-admin" {
|
||
|
service {
|
||
|
name = "pdns-admin"
|
||
|
tags = [
|
||
|
"homer.enable=true",
|
||
|
"homer.name=PDNS-ADMIN",
|
||
|
"homer.service=Application",
|
||
|
"homer.target=_blank",
|
||
|
"homer.url=http://${NOMAD_ADDR_pdnsadmin}",
|
||
|
|
||
|
]
|
||
|
port = "pdnsadmin"
|
||
|
}
|
||
|
driver = "docker"
|
||
|
config {
|
||
|
image = "powerdnsadmin/pda-legacy:latest"
|
||
|
ports= ["pdnsadmin"]
|
||
|
volumes = [
|
||
|
"/mnt/diskstation/nomad/pdns-admin/:/data/node_module/",
|
||
|
]
|
||
|
}
|
||
|
template{
|
||
|
destination = "secrets/pdns-admin.env"
|
||
|
env = true
|
||
|
data = <<EOH
|
||
|
{{ with secret "secrets/data/nomad/pdns"}}
|
||
|
SECRET_KEY="{{ .Data.data.SECRET_KEY }}"
|
||
|
GUNICORN_WORKERS=2
|
||
|
{{ end }}
|
||
|
{{ with secret "secrets/data/database/pdns"}}
|
||
|
SQLALCHEMY_DATABASE_URI=postgresql://pdns-admin:{{ .Data.data.pdnsadmin }}@active.db.service.consul/pdns-admin
|
||
|
{{end}}
|
||
|
EOH
|
||
|
}
|
||
|
|
||
|
}
|
||
|
task "keepalived" {
|
||
|
driver = "docker"
|
||
|
lifecycle {
|
||
|
hook = "poststart"
|
||
|
sidecar = true
|
||
|
}
|
||
|
|
||
|
env {
|
||
|
KEEPALIVED_ROUTER_ID = "52"
|
||
|
KEEPALIVED_STATE = "MASTER"
|
||
|
KEEPALIVED_VIRTUAL_IPS = "192.168.1.5"
|
||
|
}
|
||
|
template{
|
||
|
destination = "local/env.yaml"
|
||
|
change_mode = "restart"
|
||
|
env= true
|
||
|
data = <<EOH
|
||
|
KEEPALIVED_INTERFACE= {{ sockaddr "GetPrivateInterfaces | include \"network\" \"192.168.1.0/24\" | attr \"name\"" }}
|
||
|
EOH
|
||
|
}
|
||
|
config {
|
||
|
image = "osixia/keepalived:2.0.20"
|
||
|
network_mode = "host"
|
||
|
cap_add = [
|
||
|
"NET_ADMIN",
|
||
|
"NET_BROADCAST",
|
||
|
"NET_RAW"
|
||
|
]
|
||
|
}
|
||
|
resources {
|
||
|
cpu = 20
|
||
|
memory = 20
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
}
|