homelab/nomad-job/traefik-local.nomad

job "traefik-local" {
  datacenters = ["homelab"]
  priority    = 90
  type        = "service"

  group "traefik-local" {
    network {
      mode = "host"
      port "http" {
        static = 80
      }
      port "https" {
        static = 443
      }
      port "ssh" {
        static = 2222
      }
      port "smtp" {
        static = 25
      }
      port "esmtp" {
        static = 465
      }
      port "imap" {
        static= 993
      }
      port "admin" {
        static = 9080
      }
    }
    vault {
      policies = ["traefik"]
    }

    task "traefik" {
      driver = "docker"
      service {
        name = "traefik-local"

        tags = ["traefik"]
        port = "https"
      }

      service {
        name = "traefik-local-admin"
        port = "admin"
        tags = [
          "homer.enable=true",
          "homer.name=Traefik admin",
          "homer.subtitle=LAN",
          "homer.service=Platform",
          "homer.logo=https://upload.wikimedia.org/wikipedia/commons/1/1b/Traefik.logo.png",
          "homer.target=_blank",
          "homer.url=http://${NOMAD_ADDR_admin}",


        ]
      }

      config {
        image = "traefik"
        ports = [
          "http",
          "https",
          "admin",
          "ssh",
          "smtp",
          "esmtp",
          "imap",
        ]
        volumes = [
          "local/traefik.toml:/etc/traefik/traefik.toml",
          "/mnt/diskstation/nomad/traefik/acme-local.json:/acme.json"
        ]

      }
      # vault{
      #}
      env {
      }
      template {
        data        = <<EOH
          HETZNER_API_KEY = "{{with secret "secrets/data/nomad/traefik"}}{{.Data.data.hetznerdnstoken}}{{end}}"
          EOH
        destination = "secrets/gandi.env"
        env         = true
      }

      template {
        data            = <<EOH
        [entryPoints]
          [entryPoints.web]
            address = ":80"
            [entryPoints.web.http]
              [entryPoints.web.http.redirections]
                [entryPoints.web.http.redirections.entryPoint]
                  to = "websecure"
                  scheme = "https"

          [entryPoints.websecure]
            address = ":443"
          [entryPoints.traefik]
            address = ":9080"
          [entrypoints.ssh]
            address = ":2222"
          [entrypoints.smtp]
            address = ":25"
          [entrypoints.esmtp]
            address = ":465"
          [entrypoints.imap]
            address = ":993"
        [http.middlewares]
          [http.middlewares.https-redirect.redirectscheme]
            scheme = "https"
        [providers.consulCatalog]
          exposedByDefault = false
          [providers.consulCatalog.endpoint]
            address = "172.17.0.1:8500"
        [log]
        [accessLog]
        [api]
          dashboard = true
          insecure = true
        [ping]
        [certificatesResolvers.myresolver.acme]
        email = "vincent@ducamps.eu"
        storage = "acme.json"
        [certificatesResolvers.myresolver.acme.dnsChallenge]
        provider = "hetzner"
        delayBeforeCheck = 0
        resolvers = ["hydrogen.ns.hetzner.com","oxygen.ns.hetzner.com"]
        [metrics]
          [metrics.prometheus]


        EOH
        destination     = "local/traefik.toml"
        env             = false
        change_mode     = "noop"
        left_delimiter  = "{{{"
        right_delimiter = "}}}"
      }
      resources {
        memory = 200
      }
    }
  }
}
add traefik job 2022-04-24 10:47:41 +00:00			`job "traefik-local" {`
			`datacenters = ["homelab"]`
perf: set nomad priority 2022-12-10 16:10:32 +00:00			`priority = 90`
formatting 2022-10-29 08:40:01 +00:00			`type = "service"`
selete constraint on traefik 2022-05-14 07:32:33 +00:00
add traefik job 2022-04-24 10:47:41 +00:00			`group "traefik-local" {`
			`network {`
			`mode = "host"`
			`port "http" {`
formatting 2022-10-29 08:40:01 +00:00			`static = 80`
add traefik job 2022-04-24 10:47:41 +00:00			`}`
			`port "https" {`
formatting 2022-10-29 08:40:01 +00:00			`static = 443`
add traefik job 2022-04-24 10:47:41 +00:00			`}`
add entrypoint for ssh 2022-04-27 11:04:57 +00:00			`port "ssh" {`
			`static = 2222`
			`}`
create docker-mailserver job 2023-10-01 17:30:23 +00:00			`port "smtp" {`
			`static = 25`
			`}`
			`port "esmtp" {`
			`static = 465`
			`}`
			`port "imap" {`
			`static= 993`
			`}`
formatting 2022-10-29 08:40:01 +00:00			`port "admin" {`
add traefik job 2022-04-24 10:47:41 +00:00			`static = 9080`
			`}`
			`}`
formatting 2022-10-29 08:40:01 +00:00			`vault {`
move to heztner DNS 2023-09-17 16:28:12 +00:00			`policies = ["traefik"]`
implement TLS 2022-04-24 20:19:18 +00:00			`}`
add traefik job 2022-04-24 10:47:41 +00:00
formatting 2022-10-29 08:40:01 +00:00			`task "traefik" {`
add traefik job 2022-04-24 10:47:41 +00:00			`driver = "docker"`
			`service {`
change servifce name 2022-04-24 13:23:26 +00:00			`name = "traefik-local"`
add traefik job 2022-04-24 10:47:41 +00:00
			`tags = ["traefik"]`
			`port = "https"`
			`}`

			`service {`
add traefik monitoring 2022-05-13 09:43:07 +00:00			`name = "traefik-local-admin"`
add traefik job 2022-04-24 10:47:41 +00:00			`port = "admin"`
			`tags = [`
formatting 2022-10-29 08:40:01 +00:00			`"homer.enable=true",`
			`"homer.name=Traefik admin",`
			`"homer.subtitle=LAN",`
			`"homer.service=Platform",`
			`"homer.logo=https://upload.wikimedia.org/wikipedia/commons/1/1b/Traefik.logo.png",`
			`"homer.target=_blank",`
			`"homer.url=http://${NOMAD_ADDR_admin}",`
add homer cnfig 2022-05-23 19:44:34 +00:00

add traefik job 2022-04-24 10:47:41 +00:00			`]`
			`}`

			`config {`
			`image = "traefik"`
			`ports = [`
			`"http",`
			`"https",`
add entrypoint for ssh 2022-04-27 11:04:57 +00:00			`"admin",`
create docker-mailserver job 2023-10-01 17:30:23 +00:00			`"ssh",`
			`"smtp",`
			`"esmtp",`
			`"imap",`
add traefik job 2022-04-24 10:47:41 +00:00			`]`
formatting 2022-10-29 08:40:01 +00:00			`volumes = [`
implement TLS 2022-04-24 20:19:18 +00:00			`"local/traefik.toml:/etc/traefik/traefik.toml",`
			`"/mnt/diskstation/nomad/traefik/acme-local.json:/acme.json"`
add traefik job 2022-04-24 10:47:41 +00:00			`]`

			`}`
			`# vault{`
			`#}`
indent 2022-05-12 09:37:38 +00:00			`env {`
			`}`
formatting 2022-10-29 08:40:01 +00:00			`template {`
			`data = <<EOH`
move to heztner DNS 2023-09-17 16:28:12 +00:00			`HETZNER_API_KEY = "{{with secret "secrets/data/nomad/traefik"}}{{.Data.data.hetznerdnstoken}}{{end}}"`
indent 2022-05-12 09:37:38 +00:00			`EOH`
formatting 2022-10-29 08:40:01 +00:00			`destination = "secrets/gandi.env"`
			`env = true`
indent 2022-05-12 09:37:38 +00:00			`}`
implement TLS 2022-04-24 20:19:18 +00:00
formatting 2022-10-29 08:40:01 +00:00			`template {`
			`data = <<EOH`
add traefik job 2022-04-24 10:47:41 +00:00			`[entryPoints]`
			`[entryPoints.web]`
			`address = ":80"`
generalize http redirect 2022-05-23 17:48:35 +00:00			`[entryPoints.web.http]`
			`[entryPoints.web.http.redirections]`
			`[entryPoints.web.http.redirections.entryPoint]`
			`to = "websecure"`
			`scheme = "https"`

add traefik job 2022-04-24 10:47:41 +00:00			`[entryPoints.websecure]`
			`address = ":443"`
			`[entryPoints.traefik]`
			`address = ":9080"`
add entrypoint for ssh 2022-04-27 11:04:57 +00:00			`[entrypoints.ssh]`
			`address = ":2222"`
create docker-mailserver job 2023-10-01 17:30:23 +00:00			`[entrypoints.smtp]`
			`address = ":25"`
			`[entrypoints.esmtp]`
			`address = ":465"`
			`[entrypoints.imap]`
			`address = ":993"`
add traefik job 2022-04-24 10:47:41 +00:00			`[http.middlewares]`
			`[http.middlewares.https-redirect.redirectscheme]`
			`scheme = "https"`
			`[providers.consulCatalog]`
			`exposedByDefault = false`
			`[providers.consulCatalog.endpoint]`
implement TLS 2022-04-24 20:19:18 +00:00			`address = "172.17.0.1:8500"`
add traefik job 2022-04-24 10:47:41 +00:00			`[log]`
chore traefick: add acceslog 2022-12-18 11:25:11 +00:00			`[accessLog]`
add traefik job 2022-04-24 10:47:41 +00:00			`[api]`
			`dashboard = true`
			`insecure = true`
			`[ping]`
implement TLS 2022-04-24 20:19:18 +00:00			`[certificatesResolvers.myresolver.acme]`
fix: missing NS entry for trafieck acme 2023-10-21 12:02:05 +00:00			`email = "vincent@ducamps.eu"`
implement TLS 2022-04-24 20:19:18 +00:00			`storage = "acme.json"`
			`[certificatesResolvers.myresolver.acme.dnsChallenge]`
move to heztner DNS 2023-09-17 16:28:12 +00:00			`provider = "hetzner"`
implement TLS 2022-04-24 20:19:18 +00:00			`delayBeforeCheck = 0`
fix: missing NS entry for trafieck acme 2023-10-21 12:02:05 +00:00			`resolvers = ["hydrogen.ns.hetzner.com","oxygen.ns.hetzner.com"]`
add traefik monitoring 2022-05-13 09:43:07 +00:00			`[metrics]`
			`[metrics.prometheus]`

implement TLS 2022-04-24 20:19:18 +00:00
add traefik job 2022-04-24 10:47:41 +00:00
			`EOH`
formatting 2022-10-29 08:40:01 +00:00			`destination = "local/traefik.toml"`
			`env = false`
			`change_mode = "noop"`
			`left_delimiter = "{{{"`
add traefik job 2022-04-24 10:47:41 +00:00			`right_delimiter = "}}}"`
update ressource memory 2022-05-12 09:36:04 +00:00			`}`
			`resources {`
			`memory = 200`
			`}`
add traefik job 2022-04-24 10:47:41 +00:00			`}`
			`}`
			`}`