feat: add floating IP to pihole

2022-11-27 11:09:50 +01:00 · 2022-11-27 11:09:50 +01:00 · 1e42376ed4
commit 1e42376ed4
parent 2c770c0163
1 changed files with 74 additions and 10 deletions
--- a/nomad-job/pihole.nomad
+++ b/nomad-job/pihole.nomad
@ -7,20 +7,18 @@ job "pihole" {
  }
  type = "service"
  constraint {
-    attribute = "${attr.unique.hostname}"
-    value     = "oscar"
+    attribute = "${attr.cpu.arch}"
+    value     = "amd64"
  }
  group "pi-hole" {
    network {
-      mode = "host"
      port "dns" {
        static = 53
      }
      port "http" {
-        static = 8090
-        to     = 80
      }
    }
+
    service {
      name = "pihole-gui"
      tags = ["pihole", "admin",
@ -37,12 +35,37 @@ job "pihole" {
    }
    task "server" {
      driver = "docker"
+     service {
+        name = "dns"
+        port = "dns"
+
+        check {
+          name     = "service: dns tcp check"
+          type     = "tcp"
+          interval = "10s"
+          timeout  = "2s"
+
+          success_before_passing   = "3"
+          failures_before_critical = "3"
+        }
+
+        check {
+          name     = "service: dns dig check"
+          type     = "script"
+          command  = "/usr/bin/dig"
+          args     = ["+short", "@127.0.0.1"]
+          interval = "10s"
+          timeout  = "2s"
+
+          check_restart {
+            limit = 3
+            grace = "60s"
+          }
+        }
+      }
      config {
        image = "pihole/pihole:latest"
-        ports = [
-          "dns",
-          "http",
-        ]
+        network_mode = "host"
        volumes = [
          "local/dnsmasq.d/02-localresolver.conf:/etc/dnsmasq.d/02-localresolver.conf",
          "/mnt/diskstation/nomad/pihole:/etc/pihole"
@ -57,10 +80,13 @@ job "pihole" {
        TZ   = "Europe/Paris"
        DNS1 = "1.1.1.1"
        DNS2 = "80.67.169.40"
+        WEB_PORT      = "${NOMAD_PORT_http}"

      }
      template {
        data        = <<EOH
+        INTERFACE     = {{ sockaddr "GetPrivateInterfaces | include \"network\" \"192.168.1.0/24\" | attr \"name\"" }}
+
        WEBPASSWORD="{{with secret "secrets/data/nomad/pihole"}}{{.Data.data.WEBPASSWORD}}{{end}}"
        EOH
        destination = "local/file.env"
@ -81,8 +107,46 @@ local-ttl=2

      }
      resources {
-        memory = 200
+        memory = 100
      }
    }
+
+    task "keepalived" {
+      driver = "docker"
+
+      lifecycle {
+        hook    = "poststart"
+        sidecar = true
+      }
+
+      env {
+        KEEPALIVED_ROUTER_ID     = "53"
+        KEEPALIVED_STATE         = "MASTER"
+        KEEPALIVED_VIRTUAL_IPS   = "192.168.1.4"
+      }
+      template{
+        destination = "local/env.yaml"
+        change_mode = "restart"
+        env= true
+        data = <<EOH
+        KEEPALIVED_INTERFACE= {{ sockaddr "GetPrivateInterfaces | include \"network\" \"192.168.1.0/24\" | attr \"name\"" }}
+        EOH
+      }
+      config {
+        image        = "osixia/keepalived:2.0.20"
+        network_mode = "host"
+        cap_add = [
+          "NET_ADMIN",
+          "NET_BROADCAST",
+          "NET_RAW"
+        ]
+      }
+
+      resources {
+        cpu    = 20
+        memory = 20
+      }
+    }
+
  }
 }