first commit

This commit is contained in:
vincent 2022-04-03 20:45:50 +02:00
commit 36180489a7
3 changed files with 116 additions and 0 deletions

66
pihole.nomad Normal file
View File

@ -0,0 +1,66 @@
job "pihole" {
datacenters = ["homelab"]
type = "service"
constraint {
attribute = "${attr.unique.hostname}"
value = "oscar"
}
group "pi-hole" {
network {
mode = "host"
port "dns" {
static = 53
}
port "http" {
static = 8090
to = 80
}
}
service {
name = "pihole-gui"
tags = ["pihole", "admin"]
port = "http"
}
task "server" {
driver = "docker"
config {
image = "pihole/pihole:latest"
ports = [
"dns",
"http",
]
volumes =[
"local/dnsmasq.d/02-localresolver.conf:/etc/dnsmasq.d/02-localresolver.conf",
"/mnt/diskstation/nomad/pihole:/etc/pihole"
]
}
vault{
policies= ["access-tables"]
}
env {
TZ= "Europe/Paris"
DNS1= "1.1.1.1"
DNS2= "80.67.169.40"
}
template {
data = <<EOH
WEBPASSWORD="{{with secret "secrets/data/pihole"}}{{.Data.data.WEBPASSWORD}}{{end}}"
EOH
destination = "local/file.env"
env = true
}
template{
data= <<EOH
server=/ducamps.win/192.168.1.10
server=/consul/172.17.0.1#8600
EOH
destination="local/dnsmasq.d/02-localresolver.conf"
}
}
}
}

View File

@ -0,0 +1,9 @@
{
"allowed_policies": "acces-tables",
"disallowed_policies": "",
"token_explicit_max_ttl": 0,
"name": "nomad-cluster",
"orphan": true,
"token_period": 259200,
"renewable": true
}

View File

@ -0,0 +1,41 @@
# Allow creating tokens under "nomad-cluster" token role. The token role name
# should be updated if "nomad-cluster" is not used.
path "auth/token/create/nomad-cluster" {
capabilities = ["update"]
}
# Allow looking up "nomad-cluster" token role. The token role name should be
# updated if "nomad-cluster" is not used.
path "auth/token/roles/nomad-cluster" {
capabilities = ["read"]
}
# Allow looking up the token passed to Nomad to validate # the token has the
# proper capabilities. This is provided by the "default" policy.
path "auth/token/lookup-self" {
capabilities = ["read"]
}
# Allow looking up incoming tokens to validate they have permissions to access
# the tokens they are requesting. This is only required if
# `allow_unauthenticated` is set to false.
path "auth/token/lookup" {
capabilities = ["update"]
}
# Allow revoking tokens that should no longer exist. This allows revoking
# tokens for dead tasks.
path "auth/token/revoke-accessor" {
capabilities = ["update"]
}
# Allow checking the capabilities of our own token. This is used to validate the
# token upon startup.
path "sys/capabilities-self" {
capabilities = ["update"]
}
# Allow our own token to be renewed.
path "auth/token/renew-self" {
capabilities = ["update"]
}