homelab/traefik-local.nomad

job "traefik-local" {
  datacenters = ["homelab"]
  type = "service"

  group "traefik-local" {
    network {
      mode = "host"
      port "http" {
        static  = 80
      }
      port "https" {
        static  = 443
      }
      port "ssh" {
        static = 2222
      }
     port "admin" {
        static = 9080
      }
    }
   vault{
      policies=["access-tables"]
    }

     task "traefik-local" {
      driver = "docker"
      service {
        name = "traefik-local"

        tags = ["traefik"]
        port = "https"
      }

      service {
        name = "traefik-local-admin"
        port = "admin"
        tags = [
        ]
      }

      config {
        image = "traefik"
        ports = [
          "http",
          "https",
          "admin",
          "ssh"
        ]
        volumes =[
          "local/traefik.toml:/etc/traefik/traefik.toml",
          "/mnt/diskstation/nomad/traefik/acme-local.json:/acme.json"
        ]

      }
      # vault{
      #}
      env {
      }
      template{
        data=<<EOH
          GANDIV5_API_KEY = "{{with secret "secrets/data/gandi"}}{{.Data.data.API_KEY}}{{end}}"
          EOH
        destination= "secrets/gandi.env"
        env = true
      }

      template{
        data= <<EOH
        [entryPoints]
          [entryPoints.web]
            address = ":80"
            [entryPoints.web.http]
              [entryPoints.web.http.redirections]
                [entryPoints.web.http.redirections.entryPoint]
                  to = "websecure"
                  scheme = "https"

          [entryPoints.websecure]
            address = ":443"
          [entryPoints.traefik]
            address = ":9080"
          [entrypoints.ssh]
            address = ":2222"
        [http.middlewares]
          [http.middlewares.https-redirect.redirectscheme]
            scheme = "https"
        [providers.consulCatalog]
          exposedByDefault = false
          [providers.consulCatalog.endpoint]
            address = "172.17.0.1:8500"
        [log]
        [api]
          dashboard = true
          insecure = true
        [ping]
        [certificatesResolvers.myresolver.acme]
        email = "vincent@ducamps.win"
        storage = "acme.json"
        [certificatesResolvers.myresolver.acme.dnsChallenge]
        provider = "gandiv5"
        delayBeforeCheck = 0
        resolvers = ["173.246.100.133:53"]
        [metrics]
          [metrics.prometheus]


        EOH
        destination = "local/traefik.toml"
        env         = false
        change_mode = "noop"
        left_delimiter = "{{{"
        right_delimiter = "}}}"
      }
      resources {
        memory = 200
      }
    }
  }
}
add traefik job 2022-04-24 10:47:41 +00:00			`job "traefik-local" {`
			`datacenters = ["homelab"]`
			`type = "service"`
selete constraint on traefik 2022-05-14 07:32:33 +00:00
add traefik job 2022-04-24 10:47:41 +00:00			`group "traefik-local" {`
			`network {`
			`mode = "host"`
			`port "http" {`
			`static = 80`
			`}`
			`port "https" {`
			`static = 443`
			`}`
add entrypoint for ssh 2022-04-27 11:04:57 +00:00			`port "ssh" {`
			`static = 2222`
			`}`
			`port "admin" {`
add traefik job 2022-04-24 10:47:41 +00:00			`static = 9080`
			`}`
			`}`
implement TLS 2022-04-24 20:19:18 +00:00			`vault{`
			`policies=["access-tables"]`
			`}`
add traefik job 2022-04-24 10:47:41 +00:00
update ressource memory 2022-05-12 09:36:04 +00:00			`task "traefik-local" {`
add traefik job 2022-04-24 10:47:41 +00:00			`driver = "docker"`
			`service {`
change servifce name 2022-04-24 13:23:26 +00:00			`name = "traefik-local"`
add traefik job 2022-04-24 10:47:41 +00:00
			`tags = ["traefik"]`
			`port = "https"`
			`}`

			`service {`
add traefik monitoring 2022-05-13 09:43:07 +00:00			`name = "traefik-local-admin"`
add traefik job 2022-04-24 10:47:41 +00:00			`port = "admin"`
			`tags = [`
			`]`
			`}`

			`config {`
			`image = "traefik"`
			`ports = [`
			`"http",`
			`"https",`
add entrypoint for ssh 2022-04-27 11:04:57 +00:00			`"admin",`
			`"ssh"`
add traefik job 2022-04-24 10:47:41 +00:00			`]`
			`volumes =[`
implement TLS 2022-04-24 20:19:18 +00:00			`"local/traefik.toml:/etc/traefik/traefik.toml",`
			`"/mnt/diskstation/nomad/traefik/acme-local.json:/acme.json"`
add traefik job 2022-04-24 10:47:41 +00:00			`]`

			`}`
			`# vault{`
			`#}`
indent 2022-05-12 09:37:38 +00:00			`env {`
			`}`
			`template{`
			`data=<<EOH`
			`GANDIV5_API_KEY = "{{with secret "secrets/data/gandi"}}{{.Data.data.API_KEY}}{{end}}"`
			`EOH`
			`destination= "secrets/gandi.env"`
			`env = true`
			`}`
implement TLS 2022-04-24 20:19:18 +00:00
indent 2022-05-12 09:37:38 +00:00			`template{`
add traefik job 2022-04-24 10:47:41 +00:00			`data= <<EOH`
			`[entryPoints]`
			`[entryPoints.web]`
			`address = ":80"`
generalize http redirect 2022-05-23 17:48:35 +00:00			`[entryPoints.web.http]`
			`[entryPoints.web.http.redirections]`
			`[entryPoints.web.http.redirections.entryPoint]`
			`to = "websecure"`
			`scheme = "https"`

add traefik job 2022-04-24 10:47:41 +00:00			`[entryPoints.websecure]`
			`address = ":443"`
			`[entryPoints.traefik]`
			`address = ":9080"`
add entrypoint for ssh 2022-04-27 11:04:57 +00:00			`[entrypoints.ssh]`
			`address = ":2222"`
add traefik job 2022-04-24 10:47:41 +00:00			`[http.middlewares]`
			`[http.middlewares.https-redirect.redirectscheme]`
			`scheme = "https"`
			`[providers.consulCatalog]`
			`exposedByDefault = false`
			`[providers.consulCatalog.endpoint]`
implement TLS 2022-04-24 20:19:18 +00:00			`address = "172.17.0.1:8500"`
add traefik job 2022-04-24 10:47:41 +00:00			`[log]`
			`[api]`
			`dashboard = true`
			`insecure = true`
			`[ping]`
implement TLS 2022-04-24 20:19:18 +00:00			`[certificatesResolvers.myresolver.acme]`
			`email = "vincent@ducamps.win"`
			`storage = "acme.json"`
			`[certificatesResolvers.myresolver.acme.dnsChallenge]`
			`provider = "gandiv5"`
			`delayBeforeCheck = 0`
			`resolvers = ["173.246.100.133:53"]`
add traefik monitoring 2022-05-13 09:43:07 +00:00			`[metrics]`
			`[metrics.prometheus]`

implement TLS 2022-04-24 20:19:18 +00:00
add traefik job 2022-04-24 10:47:41 +00:00
			`EOH`
			`destination = "local/traefik.toml"`
			`env = false`
			`change_mode = "noop"`
			`left_delimiter = "{{{"`
			`right_delimiter = "}}}"`
update ressource memory 2022-05-12 09:36:04 +00:00			`}`
			`resources {`
			`memory = 200`
			`}`
add traefik job 2022-04-24 10:47:41 +00:00			`}`
			`}`
			`}`