formatting

This commit is contained in:
vincent 2022-10-29 10:40:01 +02:00
parent 732d4b458d
commit a3abcb41a3
29 changed files with 500 additions and 500 deletions

View File

@ -1,29 +1,29 @@
job "MQTT" { job "MQTT" {
datacenters = ["homelab"] datacenters = ["homelab"]
priority = 50 priority = 50
type = "service" type = "service"
meta { meta {
forcedeploy = "0" forcedeploy = "0"
} }
constraint { constraint {
attribute = "${attr.unique.hostname}" attribute = "${attr.unique.hostname}"
value = "oscar" value = "oscar"
} }
group "MQTT"{ group "MQTT" {
network { network {
mode = "host" mode = "host"
port "zigbee2mqtt" { port "zigbee2mqtt" {
to = 8090 to = 8090
} }
port "mosquittoMQTT" { port "mosquittoMQTT" {
static= 1883 static = 1883
to = 1883 to = 1883
} }
port "mosquittoWS" { port "mosquittoWS" {
to = 9001 to = 9001
static = 9001 static = 9001
} }
} }
task "mosquitto" { task "mosquitto" {
@ -36,9 +36,9 @@ job "MQTT" {
} }
config { config {
image = "eclipse-mosquitto" image = "eclipse-mosquitto"
ports = ["mosquittoWS","mosquittoMQTT"] ports = ["mosquittoWS", "mosquittoMQTT"]
volumes = [ volumes = [
"/mnt/diskstation/nomad/mosquitto:/mosquitto/data", "/mnt/diskstation/nomad/mosquitto:/mosquitto/data",
"local/mosquitto.conf:/mosquitto/config/mosquitto.conf" "local/mosquitto.conf:/mosquitto/config/mosquitto.conf"
] ]
@ -47,7 +47,7 @@ job "MQTT" {
TZ = "Europe/Paris" TZ = "Europe/Paris"
} }
template { template {
data= <<EOH data = <<EOH
persistence false persistence false
log_dest stdout log_dest stdout
listener 1883 listener 1883
@ -66,19 +66,19 @@ connection_messages true
name = "Zigbee2MQTT" name = "Zigbee2MQTT"
port = "zigbee2mqtt" port = "zigbee2mqtt"
tags = [ tags = [
"homer.enable=true", "homer.enable=true",
"homer.name=zigbee.mqtt", "homer.name=zigbee.mqtt",
"homer.service=Application", "homer.service=Application",
"homer.logo=https://www.zigbee2mqtt.io/logo.png", "homer.logo=https://www.zigbee2mqtt.io/logo.png",
"homer.target=_blank", "homer.target=_blank",
"homer.url=http://${NOMAD_ADDR_zigbee2mqtt}", "homer.url=http://${NOMAD_ADDR_zigbee2mqtt}",
] ]
} }
config { config {
image = "koenkk/zigbee2mqtt" image = "koenkk/zigbee2mqtt"
privileged= true privileged = true
ports = ["zigbee2mqtt"] ports = ["zigbee2mqtt"]
volumes = [ volumes = [
"/mnt/diskstation/nomad/zigbee2mqtt:/app/data", "/mnt/diskstation/nomad/zigbee2mqtt:/app/data",
"local/configuration.yaml:/app/data/configuration.yaml", "local/configuration.yaml:/app/data/configuration.yaml",
@ -92,7 +92,7 @@ connection_messages true
} }
template { template {
data= <<EOH data = <<EOH
# MQTT settings # MQTT settings
mqtt: mqtt:
# MQTT base topic for Zigbee2MQTT MQTT messages # MQTT base topic for Zigbee2MQTT MQTT messages

View File

@ -1,12 +1,12 @@
job "alertmanager" { job "alertmanager" {
datacenters = ["homelab"] datacenters = ["homelab"]
type = "service" type = "service"
meta { meta {
forcedeploy = "0" forcedeploy = "0"
} }
group "alertmanager"{ group "alertmanager" {
network { network {
mode = "host" mode = "host"
port "http" { port "http" {
@ -27,7 +27,7 @@ job "alertmanager" {
"homer.target=_blank", "homer.target=_blank",
"homer.url=http://${NOMAD_ADDR_http}", "homer.url=http://${NOMAD_ADDR_http}",
] ]
check { check {
name = "alertmanager_ui port alive" name = "alertmanager_ui port alive"
type = "http" type = "http"

View File

@ -1,11 +1,11 @@
job "chainetv" { job "chainetv" {
datacenters = ["homelab"] datacenters = ["homelab"]
type = "service" type = "service"
meta { meta {
forcedeploy = "2" forcedeploy = "2"
} }
group "chainetv"{ group "chainetv" {
network { network {
mode = "host" mode = "host"
port "http" { port "http" {
@ -19,20 +19,20 @@ job "chainetv" {
name = "chainetv" name = "chainetv"
port = "http" port = "http"
tags = [ tags = [
"homer.enable=true", "homer.enable=true",
"homer.name=ChaineTV", "homer.name=ChaineTV",
"homer.service=Application", "homer.service=Application",
"homer.icon=fas fa-tv", "homer.icon=fas fa-tv",
"homer.target=_blank", "homer.target=_blank",
"homer.url=https://www.ducamps.win/${NOMAD_JOB_NAME}", "homer.url=https://www.ducamps.win/${NOMAD_JOB_NAME}",
"traefik.enable=true", "traefik.enable=true",
"traefik.http.routers.${NOMAD_JOB_NAME}.rule=Host(`www.ducamps.win`)&&PathPrefix(`/chainetv`)", "traefik.http.routers.${NOMAD_JOB_NAME}.rule=Host(`www.ducamps.win`)&&PathPrefix(`/chainetv`)",
"traefik.http.routers.${NOMAD_JOB_NAME}.tls.domains[0].sans=www.ducamps.win", "traefik.http.routers.${NOMAD_JOB_NAME}.tls.domains[0].sans=www.ducamps.win",
"traefik.http.routers.${NOMAD_JOB_NAME}.tls.certresolver=myresolver", "traefik.http.routers.${NOMAD_JOB_NAME}.tls.certresolver=myresolver",
"traefik.http.routers.${NOMAD_JOB_NAME}.middlewares=chainetv,chainetvStrip", "traefik.http.routers.${NOMAD_JOB_NAME}.middlewares=chainetv,chainetvStrip",
"traefik.http.middlewares.chainetv.headers.customrequestheaders.X-Script-Name=/chainetv", "traefik.http.middlewares.chainetv.headers.customrequestheaders.X-Script-Name=/chainetv",
"traefik.http.middlewares.chainetvStrip.stripprefix.prefixes=/chainetv", "traefik.http.middlewares.chainetvStrip.stripprefix.prefixes=/chainetv",
] ]
} }

View File

@ -1,25 +1,25 @@
job "crowdsec-agent" { job "crowdsec-agent" {
datacenters = ["homelab","hetzner"] datacenters = ["homelab", "hetzner"]
type = "system" type = "system"
meta { meta {
forcedeploy = "2" forcedeploy = "2"
} }
vault{ vault {
policies= ["access-tables"] policies = ["access-tables"]
} }
group "crowdsec-agent"{ group "crowdsec-agent" {
network { network {
mode = "host" mode = "host"
port "metric"{ port "metric" {
to = 6060 to = 6060
} }
} }
task "crowdsec-agent" { task "crowdsec-agent" {
service { service {
name= "crowdsec-metrics" name = "crowdsec-metrics"
port = "metric" port = "metric"
tags = [ tags = [
] ]
@ -36,11 +36,11 @@ job "crowdsec-agent" {
} }
env { env {
COLLECTIONS= "crowdsecurity/traefik crowdsecurity/home-assistant LePresidente/gitea" COLLECTIONS = "crowdsecurity/traefik crowdsecurity/home-assistant LePresidente/gitea"
DISABLE_LOCAL_API= "true" DISABLE_LOCAL_API = "true"
} }
template { template {
data = <<EOH data = <<EOH
--- ---
source: docker source: docker
container_name_regexp: container_name_regexp:
@ -66,15 +66,15 @@ EOH
} }
template { template {
data = <<EOH data = <<EOH
LOCAL_API_URL = {{- range service "crowdsec-api" }} "http://{{ .Address }}:{{ .Port }}"{{- end }} LOCAL_API_URL = {{- range service "crowdsec-api" }} "http://{{ .Address }}:{{ .Port }}"{{- end }}
AGENT_USERNAME = "{{ env "node.unique.name" }}" AGENT_USERNAME = "{{ env "node.unique.name" }}"
{{with secret "secrets/data/crowdsec"}} {{with secret "secrets/data/crowdsec"}}
AGENT_PASSWORD = "{{.Data.data.AGENT_PASSWORD}}" AGENT_PASSWORD = "{{.Data.data.AGENT_PASSWORD}}"
{{end}} {{end}}
EOH EOH
destination ="secret/agent.env" destination = "secret/agent.env"
env = "true" env = "true"
} }
resources { resources {
memory = 100 memory = 100

View File

@ -1,10 +1,10 @@
job "crowdsec-api" { job "crowdsec-api" {
datacenters = ["homelab"] datacenters = ["homelab"]
type = "service" type = "service"
meta { meta {
forcedeploy = "-1" forcedeploy = "-1"
} }
vault{ vault {
policies = ["access-tables"] policies = ["access-tables"]
} }
group "crowdsec-api" { group "crowdsec-api" {
@ -12,30 +12,30 @@ job "crowdsec-api" {
mode = "host" mode = "host"
port "http" { port "http" {
static = 8898 static = 8898
to = 8080 to = 8080
} }
port "metric"{ port "metric" {
to = 6060 to = 6060
} }
} }
task "crowdsec-api" { task "crowdsec-api" {
service { service {
name= "crowdsec-metrics" name = "crowdsec-metrics"
port = "metric" port = "metric"
tags = [ tags = [
] ]
} }
driver = "docker" driver = "docker"
service { service {
name= "crowdsec-api" name = "crowdsec-api"
port = "http" port = "http"
tags = [ tags = [
] ]
} }
config { config {
image ="crowdsecurity/crowdsec" image = "crowdsecurity/crowdsec"
ports = ["http","metric"] ports = ["http", "metric"]
volumes = [ volumes = [
"/mnt/diskstation/nomad/crowdsec/db:/var/lib/crowdsec/data", "/mnt/diskstation/nomad/crowdsec/db:/var/lib/crowdsec/data",
"/mnt/diskstation/nomad/crowdsec/data:/etc/crowdsec_data", "/mnt/diskstation/nomad/crowdsec/data:/etc/crowdsec_data",
@ -43,15 +43,15 @@ job "crowdsec-api" {
} }
template { template {
data = <<EOH data = <<EOH
DISABLE_AGENT = "true" DISABLE_AGENT = "true"
{{with secret "secrets/data/crowdsec"}} {{with secret "secrets/data/crowdsec"}}
AGENT_USERNAME = "{{.Data.data.AGENT_USERNAME}}" AGENT_USERNAME = "{{.Data.data.AGENT_USERNAME}}"
AGENT_PASSWORD = "{{.Data.data.AGENT_PASSWORD}}" AGENT_PASSWORD = "{{.Data.data.AGENT_PASSWORD}}"
{{end}} {{end}}
EOH EOH
destination ="secret/api.env" destination = "secret/api.env"
env = "true" env = "true"
} }
resources { resources {
memory = 99 memory = 99

View File

@ -1,12 +1,12 @@
job "dashboard" { job "dashboard" {
datacenters = ["homelab"] datacenters = ["homelab"]
type = "service" type = "service"
meta { meta {
forcedeploy = "1" forcedeploy = "1"
} }
group "dashboard"{ group "dashboard" {
network { network {
mode = "host" mode = "host"
port "http" { port "http" {
@ -20,10 +20,10 @@ job "dashboard" {
name = "homer" name = "homer"
port = "http" port = "http"
tags = [ tags = [
"traefik.enable=true", "traefik.enable=true",
"traefik.http.routers.${NOMAD_JOB_NAME}.rule=Host(`${NOMAD_JOB_NAME}.ducamps.win`)", "traefik.http.routers.${NOMAD_JOB_NAME}.rule=Host(`${NOMAD_JOB_NAME}.ducamps.win`)",
"traefik.http.routers.${NOMAD_JOB_NAME}.tls.domains[0].sans=${NOMAD_JOB_NAME}.ducamps.win", "traefik.http.routers.${NOMAD_JOB_NAME}.tls.domains[0].sans=${NOMAD_JOB_NAME}.ducamps.win",
"traefik.http.routers.${NOMAD_JOB_NAME}.tls.certresolver=myresolver", "traefik.http.routers.${NOMAD_JOB_NAME}.tls.certresolver=myresolver",
] ]
} }
config { config {
@ -35,7 +35,7 @@ job "dashboard" {
} }
env { env {
INIT_ASSETS= 0 INIT_ASSETS = 0
} }
resources { resources {
@ -45,19 +45,19 @@ job "dashboard" {
task "homer-service-discovery" { task "homer-service-discovery" {
driver = "docker" driver = "docker"
config { config {
image= "ducampsv/homer-service-discovery" image = "ducampsv/homer-service-discovery"
volumes = [ volumes = [
"/mnt/diskstation/nomad/homer/config.yml:/config.yml", "/mnt/diskstation/nomad/homer/config.yml:/config.yml",
"local/base.yml:/base.yml" "local/base.yml:/base.yml"
] ]
} }
env { env {
SERVICE_DISCOVERY="Consul" SERVICE_DISCOVERY = "Consul"
CONSUL_HOST = "consul.service.consul:8500" CONSUL_HOST = "consul.service.consul:8500"
} }
template{ template {
data = <<EOH data = <<EOH
title: "HomeLab dashboard" title: "HomeLab dashboard"
subtitle: "VincentDcmps" subtitle: "VincentDcmps"
logo: "assets/logo.png" logo: "assets/logo.png"
@ -138,7 +138,7 @@ services:
} }
resources { resources {
memory= 30 memory = 30
} }
} }

View File

@ -1,6 +1,6 @@
job "drone" { job "drone" {
datacenters = ["homelab"] datacenters = ["homelab"]
type = "service" type = "service"
vault { vault {
policies = ["access-tables"] policies = ["access-tables"]
} }
@ -15,7 +15,7 @@ job "drone" {
} }
constraint { constraint {
attribute = "${attr.cpu.arch}" attribute = "${attr.cpu.arch}"
value = "amd64" value = "amd64"
} }
task "drone-server" { task "drone-server" {
driver = "docker" driver = "docker"
@ -49,7 +49,7 @@ job "drone" {
} }
template { template {
data= <<EOH data = <<EOH
{{ with secret "secrets/data/droneCI"}} {{ with secret "secrets/data/droneCI"}}
DRONE_GITEA_SERVER="https://git.ducamps.win" DRONE_GITEA_SERVER="https://git.ducamps.win"
DRONE_GITEA_CLIENT_ID="{{ .Data.data.DRONE_GITEA_CLIENT_ID }}" DRONE_GITEA_CLIENT_ID="{{ .Data.data.DRONE_GITEA_CLIENT_ID }}"
@ -64,18 +64,18 @@ job "drone" {
{{end}} {{end}}
EOH EOH
destination = "local/drone.env" destination = "local/drone.env"
env = true env = true
} }
resources { resources {
memory = 100 memory = 100
} }
} }
task "drone-runner"{ task "drone-runner" {
driver = "docker" driver = "docker"
config { config {
image = "drone/drone-runner-docker:latest" image = "drone/drone-runner-docker:latest"
volumes =[ volumes = [
"/var/run/docker.sock:/var/run/docker.sock", "/var/run/docker.sock:/var/run/docker.sock",
] ]
} }
@ -83,7 +83,7 @@ job "drone" {
} }
template { template {
data= <<EOH data = <<EOH
{{ with secret "secrets/data/droneCI"}} {{ with secret "secrets/data/droneCI"}}
DRONE_RPC_HOST="drone.ducamps.win" DRONE_RPC_HOST="drone.ducamps.win"
DRONE_RPC_PROTO="https" DRONE_RPC_PROTO="https"
@ -91,7 +91,7 @@ job "drone" {
{{ end }} {{ end }}
EOH EOH
destination = "local/drone-runner.env" destination = "local/drone-runner.env"
env = true env = true
} }
resources { resources {
memory = 50 memory = 50
@ -102,13 +102,13 @@ job "drone" {
group "Drone-ARM-Runner" { group "Drone-ARM-Runner" {
constraint { constraint {
attribute = "${attr.cpu.arch}" attribute = "${attr.cpu.arch}"
value = "arm" value = "arm"
} }
task "drone-ARM-runner"{ task "drone-ARM-runner" {
driver = "docker" driver = "docker"
config { config {
image = "drone/drone-runner-docker:latest" image = "drone/drone-runner-docker:1.8.2-linux-arm"
volumes =[ volumes = [
"/var/run/docker.sock:/var/run/docker.sock", "/var/run/docker.sock:/var/run/docker.sock",
] ]
} }
@ -116,7 +116,7 @@ job "drone" {
} }
template { template {
data= <<EOH data = <<EOH
{{ with secret "secrets/data/droneCI"}} {{ with secret "secrets/data/droneCI"}}
DRONE_RPC_HOST="drone.ducamps.win" DRONE_RPC_HOST="drone.ducamps.win"
DRONE_RPC_PROTO="https" DRONE_RPC_PROTO="https"
@ -124,7 +124,7 @@ job "drone" {
{{ end }} {{ end }}
EOH EOH
destination = "local/drone-runner.env" destination = "local/drone-runner.env"
env = true env = true
} }
resources { resources {
memory = 50 memory = 50

View File

@ -1,23 +1,23 @@
job "filestash" { job "filestash" {
datacenters = ["hetzner"] datacenters = ["hetzner"]
type = "service" type = "service"
meta { meta {
forcedeploy = "0" forcedeploy = "0"
} }
constraint { constraint {
attribute = "${attr.cpu.arch}" attribute = "${attr.cpu.arch}"
value = "amd64" value = "amd64"
} }
group "filestash"{ group "filestash" {
network { network {
mode = "host" mode = "host"
port "http" { port "http" {
to = 8334 to = 8334
} }
port "onlyoffice"{ port "onlyoffice" {
to = 80 to = 80
} }
} }
@ -27,16 +27,16 @@ job "filestash" {
name = "filestash" name = "filestash"
port = "http" port = "http"
tags = [ tags = [
"homer.enable=true", "homer.enable=true",
"homer.name=FileStash", "homer.name=FileStash",
"homer.service=Application", "homer.service=Application",
"homer.url=http://file.ducamps.win", "homer.url=http://file.ducamps.win",
"homer.logo=http://file.ducamps.win/assets/logo/apple-touch-icon.png", "homer.logo=http://file.ducamps.win/assets/logo/apple-touch-icon.png",
"homer.target=_blank", "homer.target=_blank",
"traefik.enable=true", "traefik.enable=true",
"traefik.http.routers.${NOMAD_JOB_NAME}.rule=Host(`file.ducamps.win`)", "traefik.http.routers.${NOMAD_JOB_NAME}.rule=Host(`file.ducamps.win`)",
"traefik.http.routers.${NOMAD_JOB_NAME}.tls.domains[0].sans=file.ducamps.win", "traefik.http.routers.${NOMAD_JOB_NAME}.tls.domains[0].sans=file.ducamps.win",
"traefik.http.routers.${NOMAD_JOB_NAME}.tls.certresolver=myresolver", "traefik.http.routers.${NOMAD_JOB_NAME}.tls.certresolver=myresolver",
] ]
@ -50,11 +50,11 @@ job "filestash" {
} }
env { env {
APPLICATION_URL= "" APPLICATION_URL = ""
} }
resources { resources {
cpu = 100 cpu = 100
memory = 300 memory = 300
} }
} }

View File

@ -1,6 +1,6 @@
job "git" { job "git" {
datacenters = ["homelab"] datacenters = ["homelab"]
type = "service" type = "service"
group "gitea" { group "gitea" {
network { network {
@ -37,7 +37,7 @@ job "git" {
] ]
} }
service { service {
name= "gitea-ssh" name = "gitea-ssh"
port = "ssh" port = "ssh"
tags = [ tags = [
"traefik.enable=true", "traefik.enable=true",
@ -51,32 +51,32 @@ job "git" {
"http", "http",
"ssh" "ssh"
] ]
volumes = [ volumes = [
"/mnt/diskstation/git:/repo", "/mnt/diskstation/git:/repo",
"/mnt/diskstation/nomad/gitea:/data" "/mnt/diskstation/nomad/gitea:/data"
] ]
} }
env { env {
USER_UID = 1000000 USER_UID = 1000000
USER_GUID = 985 USER_GUID = 985
GITEA__server__DOMAIN = "git.ducamps.win" GITEA__server__DOMAIN = "git.ducamps.win"
GITEA__server__ROOT_URL = "https://git.ducamps.win" GITEA__server__ROOT_URL = "https://git.ducamps.win"
GITEA__server__SSH_DOMAIN = "git.ducamps.win" GITEA__server__SSH_DOMAIN = "git.ducamps.win"
GITEA__server__SSH_PORT = "2222" GITEA__server__SSH_PORT = "2222"
GITEA__server__SSH_LISTEN_PORT = "2222" GITEA__server__SSH_LISTEN_PORT = "2222"
GITEA__server__START_SSH_SERVER = "false" GITEA__server__START_SSH_SERVER = "false"
GITEA__database__DB_TYPE = "postgres" GITEA__database__DB_TYPE = "postgres"
GITEA__database__HOST = "db1.ducamps.win" GITEA__database__HOST = "db1.ducamps.win"
GITEA__database__NAME = "gitea" GITEA__database__NAME = "gitea"
GITEA__database__USER = "gitea" GITEA__database__USER = "gitea"
GITEA__service__DISABLE_REGISTRATION = "true" GITEA__service__DISABLE_REGISTRATION = "true"
GITEA__repository__ROOT = "/repo" GITEA__repository__ROOT = "/repo"
GITEA__server__APP_DATA_PATH = "/data" GITEA__server__APP_DATA_PATH = "/data"
GITEA__server__LFS_CONTENT_PATH = "/repo/LFS" GITEA__server__LFS_CONTENT_PATH = "/repo/LFS"
GITEA__webhook__ALLOWED_HOST_LIST = "drone.ducamps.win" GITEA__webhook__ALLOWED_HOST_LIST = "drone.ducamps.win"
} }
template { template {
data= <<EOH data = <<EOH
{{ with secret "secrets/data/gitea"}} {{ with secret "secrets/data/gitea"}}
GITEA__database__PASSWD = "{{.Data.data.PASSWD}}" GITEA__database__PASSWD = "{{.Data.data.PASSWD}}"
GITEA__security__SECRET_KEY = "{{.Data.data.secret_key}}" GITEA__security__SECRET_KEY = "{{.Data.data.secret_key}}"
@ -85,7 +85,7 @@ job "git" {
{{end}} {{end}}
EOH EOH
destination = "secrets/gitea.env" destination = "secrets/gitea.env"
env = true env = true
} }
resources { resources {
memory = 400 memory = 400

View File

@ -7,14 +7,14 @@ job "grafana" {
group "grafana" { group "grafana" {
network { network {
port "http" { port "http" {
to = 3000 to = 3000
} }
} }
service { service {
name = "grafana" name = "grafana"
port = "http" port = "http"
tags= [ tags = [
"homer.enable=true", "homer.enable=true",
"homer.name=Grafana", "homer.name=Grafana",
"homer.service=Monitoring", "homer.service=Monitoring",

View File

@ -1,29 +1,29 @@
job "homeassistant" { job "homeassistant" {
datacenters = ["homelab"] datacenters = ["homelab"]
type = "service" type = "service"
meta { meta {
forcedeploy = "0" forcedeploy = "0"
} }
constraint { constraint {
attribute = "${attr.unique.hostname}" attribute = "${attr.unique.hostname}"
value = "oscar" value = "oscar"
} }
group "homeassistant"{ group "homeassistant" {
network { network {
mode = "host" mode = "host"
port "http" { port "http" {
to = 8123 to = 8123
static = 8123 static = 8123
} }
port "coap"{ port "coap" {
to = 5683 to = 5683
static = 5683 static = 5683
} }
} }
vault{ vault {
policies= ["access-tables"] policies = ["access-tables"]
} }
@ -35,17 +35,17 @@ job "homeassistant" {
name = "${NOMAD_TASK_NAME}" name = "${NOMAD_TASK_NAME}"
port = "http" port = "http"
tags = [ tags = [
"homer.enable=true", "homer.enable=true",
"homer.name=Hass", "homer.name=Hass",
"homer.service=Application", "homer.service=Application",
"homer.subtitle=Home Assistant", "homer.subtitle=Home Assistant",
"homer.logo=https://raw.githubusercontent.com/home-assistant/assets/master/logo/logo-small.svg", "homer.logo=https://raw.githubusercontent.com/home-assistant/assets/master/logo/logo-small.svg",
"homer.target=_blank", "homer.target=_blank",
"homer.url=https://${NOMAD_TASK_NAME}.ducamps.win", "homer.url=https://${NOMAD_TASK_NAME}.ducamps.win",
"traefik.enable=true", "traefik.enable=true",
"traefik.http.routers.${NOMAD_TASK_NAME}.rule=Host(`${NOMAD_TASK_NAME}.ducamps.win`)", "traefik.http.routers.${NOMAD_TASK_NAME}.rule=Host(`${NOMAD_TASK_NAME}.ducamps.win`)",
"traefik.http.routers.${NOMAD_TASK_NAME}.tls.domains[0].sans=${NOMAD_TASK_NAME}.ducamps.win", "traefik.http.routers.${NOMAD_TASK_NAME}.tls.domains[0].sans=${NOMAD_TASK_NAME}.ducamps.win",
"traefik.http.routers.${NOMAD_TASK_NAME}.tls.certresolver=myresolver", "traefik.http.routers.${NOMAD_TASK_NAME}.tls.certresolver=myresolver",
] ]
check { check {
type = "tcp" type = "tcp"
@ -54,9 +54,9 @@ job "homeassistant" {
} }
} }
config { config {
image = "homeassistant/home-assistant:stable" image = "homeassistant/home-assistant:stable"
ports = ["http","coap"] ports = ["http", "coap"]
privileged = "true" privileged = "true"
network_mode = "host" network_mode = "host"
volumes = [ volumes = [
"/mnt/diskstation/nomad/hass:/config", "/mnt/diskstation/nomad/hass:/config",
@ -68,8 +68,8 @@ job "homeassistant" {
resources { resources {
cpu = 800 # 500 MHz cpu = 800 # 500 MHz
memory = 512 # 512 MB memory = 512 # 512 MB
} }
} }
} }
} }

View File

@ -1,20 +1,20 @@
job "jellyfin" { job "jellyfin" {
datacenters = ["homelab"] datacenters = ["homelab"]
type = "service" type = "service"
meta { meta {
forcedeploy = "0" forcedeploy = "0"
} }
constraint { constraint {
attribute = "${attr.cpu.arch}" attribute = "${attr.cpu.arch}"
value = "amd64" value = "amd64"
} }
group "jellyfin"{ group "jellyfin" {
network { network {
mode = "host" mode = "host"
port "http" { port "http" {
to = 8096 to = 8096
} }
} }
@ -23,7 +23,7 @@ job "jellyfin" {
service { service {
name = "jellyfin" name = "jellyfin"
port = "http" port = "http"
tags = [ tags = [
"homer.enable=true", "homer.enable=true",
"homer.name=jellyfin", "homer.name=jellyfin",
"homer.service=Application", "homer.service=Application",
@ -49,19 +49,19 @@ job "jellyfin" {
] ]
devices = [ devices = [
{ {
host_path = "/dev/dri/renderD128" host_path = "/dev/dri/renderD128"
container_path = "/dev/dri/renderD128" container_path = "/dev/dri/renderD128"
}, },
{ {
host_path = "/dev/dri/card0" host_path = "/dev/dri/card0"
container_path = "/dev/dri/card0" container_path = "/dev/dri/card0"
} }
] ]
} }
resources { resources {
memory = 2000 memory = 2000
cpu= 3000 cpu = 3000
} }
} }

View File

@ -1,12 +1,12 @@
job "loki" { job "loki" {
datacenters = ["homelab"] datacenters = ["homelab"]
type = "service" type = "service"
meta { meta {
forcedeploy = "0" forcedeploy = "0"
} }
group "loki"{ group "loki" {
network { network {
mode = "host" mode = "host"
port "http" { port "http" {
@ -44,7 +44,7 @@ job "loki" {
] ]
} }
template { template {
data = <<EOH data = <<EOH
auth_enabled: false auth_enabled: false
server: server:
http_listen_port: 3100 http_listen_port: 3100

View File

@ -1,11 +1,11 @@
job "node-exporter" { job "node-exporter" {
datacenters = ["homelab","hetzner"] datacenters = ["homelab", "hetzner"]
type = "system" type = "system"
meta { meta {
forcedeploy = "0" forcedeploy = "0"
} }
group "node-exporter"{ group "node-exporter" {
network { network {
port "http" { port "http" {
} }
@ -14,11 +14,11 @@ job "node-exporter" {
name = "node-exporter" name = "node-exporter"
port = "http" port = "http"
check { check {
type = "http" type = "http"
port = "http" port = "http"
path = "/" path = "/"
interval = "10s" interval = "10s"
timeout = "2s" timeout = "2s"
success_before_passing = "3" success_before_passing = "3"
failures_before_critical = "3" failures_before_critical = "3"
check_restart { check_restart {
@ -59,7 +59,7 @@ job "node-exporter" {
} }
resources { resources {
cpu = 20 cpu = 20
memory = 30 memory = 30
} }
} }

View File

@ -1,12 +1,12 @@
job "pacoloco" { job "pacoloco" {
datacenters = ["homelab"] datacenters = ["homelab"]
type = "service" type = "service"
meta { meta {
forcedeploy = "0" forcedeploy = "0"
} }
group "pacoloco"{ group "pacoloco" {
network { network {
mode = "host" mode = "host"
port "http" { port "http" {
@ -19,10 +19,10 @@ job "pacoloco" {
name = "pacoloco" name = "pacoloco"
port = "http" port = "http"
tags = [ tags = [
"traefik.enable=true", "traefik.enable=true",
"traefik.http.routers.${NOMAD_JOB_NAME}.rule=Host(`arch.ducamps.win`)", "traefik.http.routers.${NOMAD_JOB_NAME}.rule=Host(`arch.ducamps.win`)",
"traefik.http.routers.${NOMAD_JOB_NAME}.tls.domains[0].sans=arch.ducamps.win", "traefik.http.routers.${NOMAD_JOB_NAME}.tls.domains[0].sans=arch.ducamps.win",
"traefik.http.routers.${NOMAD_JOB_NAME}.tls.certresolver=myresolver", "traefik.http.routers.${NOMAD_JOB_NAME}.tls.certresolver=myresolver",
] ]
} }
config { config {
@ -36,7 +36,7 @@ job "pacoloco" {
} }
template { template {
data= <<EOH data = <<EOH
port: 9129 port: 9129
cache_dir: /var/cache/pacoloco cache_dir: /var/cache/pacoloco
purge_files_after: 360000 purge_files_after: 360000
@ -54,7 +54,7 @@ prefetch:
ttl_unaccessed_in_days: 30 ttl_unaccessed_in_days: 30
ttl_unupdated_in_days: 300 ttl_unupdated_in_days: 300
EOH EOH
destination = "local/pacoloco.yaml" destination = "local/pacoloco.yaml"
} }
resources { resources {
memory = 200 memory = 200

View File

@ -1,18 +1,18 @@
job "paperless-ng" { job "paperless-ng" {
datacenters = ["homelab"] datacenters = ["homelab"]
priority= 50 priority = 50
type = "service" type = "service"
meta { meta {
forcedeploy = "0" forcedeploy = "0"
} }
constraint { constraint {
attribute = "${attr.cpu.arch}" attribute = "${attr.cpu.arch}"
value = "amd64" value = "amd64"
} }
group "paperless-ng"{ group "paperless-ng" {
network { network {
mode = "host" mode = "host"
port "http" { port "http" {
@ -22,15 +22,15 @@ job "paperless-ng" {
to = 6379 to = 6379
} }
} }
vault{ vault {
policies= ["access-tables"] policies = ["access-tables"]
} }
task "redis" { task "redis" {
driver = "docker" driver = "docker"
config { config {
image= "redis" image = "redis"
ports= ["redis"] ports = ["redis"]
} }
resources { resources {
memory = 100 memory = 100
@ -42,23 +42,23 @@ job "paperless-ng" {
name = "${JOB}" name = "${JOB}"
port = "http" port = "http"
tags = [ tags = [
"traefik.enable=true", "traefik.enable=true",
"traefik.http.routers.${NOMAD_JOB_NAME}.rule=Host(`${NOMAD_JOB_NAME}.ducamps.win`)", "traefik.http.routers.${NOMAD_JOB_NAME}.rule=Host(`${NOMAD_JOB_NAME}.ducamps.win`)",
"traefik.http.routers.${NOMAD_JOB_NAME}.tls.domains[0].sans=${NOMAD_JOB_NAME}.ducamps.win", "traefik.http.routers.${NOMAD_JOB_NAME}.tls.domains[0].sans=${NOMAD_JOB_NAME}.ducamps.win",
"traefik.http.routers.${NOMAD_JOB_NAME}.tls.certresolver=myresolver", "traefik.http.routers.${NOMAD_JOB_NAME}.tls.certresolver=myresolver",
"homer.enable=true", "homer.enable=true",
"homer.name=Paperless", "homer.name=Paperless",
"homer.service=Application", "homer.service=Application",
"homer.logo=https://${NOMAD_JOB_NAME}.ducamps.win/static/frontend/fr-FR/apple-touch-icon.png", "homer.logo=https://${NOMAD_JOB_NAME}.ducamps.win/static/frontend/fr-FR/apple-touch-icon.png",
"homer.target=_blank", "homer.target=_blank",
"homer.url=https://${NOMAD_JOB_NAME}.ducamps.win", "homer.url=https://${NOMAD_JOB_NAME}.ducamps.win",
] ]
check { check {
type = "http" type = "http"
name = "paperless-ng_health" name = "paperless-ng_health"
path="/" path = "/"
interval = "30s" interval = "30s"
timeout = "5s" timeout = "5s"
} }
} }
config { config {
@ -73,26 +73,26 @@ job "paperless-ng" {
} }
env { env {
PAPERLESS_REDIS= "redis://${NOMAD_ADDR_redis}" PAPERLESS_REDIS = "redis://${NOMAD_ADDR_redis}"
PAPERLESS_DBHOST= "db1.ducamps.win" PAPERLESS_DBHOST = "db1.ducamps.win"
PAPERLESS_DBNAME= "paperless" PAPERLESS_DBNAME = "paperless"
PAPERLESS_DBUSER= "paperless" PAPERLESS_DBUSER = "paperless"
PAPERLESS_OCR_LANGUAGE="fra" PAPERLESS_OCR_LANGUAGE = "fra"
PAPERLESS_CONSUMER_POLLING="60" PAPERLESS_CONSUMER_POLLING = "60"
PAPERLESS_URL="https://${NOMAD_JOB_NAME}.ducamps.win" PAPERLESS_URL = "https://${NOMAD_JOB_NAME}.ducamps.win"
PAPERLESS_ALLOWED_HOSTS="*" PAPERLESS_ALLOWED_HOSTS = "*"
} }
template { template {
data= <<EOH data = <<EOH
PAPERLESS_DBPASS= {{ with secret "secrets/data/paperless"}}{{.Data.data.DB_PASSWORD }}{{end}} PAPERLESS_DBPASS= {{ with secret "secrets/data/paperless"}}{{.Data.data.DB_PASSWORD }}{{end}}
EOH EOH
destination = "secrets/paperless.env" destination = "secrets/paperless.env"
env = true env = true
} }
resources { resources {
memory = 800 memory = 800
cpu = 2000 cpu = 2000
} }
} }

View File

@ -1,39 +1,39 @@
job "pihole" { job "pihole" {
datacenters = ["homelab"] datacenters = ["homelab"]
priority= 100 priority = 100
meta { meta {
force = 1 force = 1
} }
type = "service" type = "service"
constraint { constraint {
attribute = "${attr.unique.hostname}" attribute = "${attr.unique.hostname}"
value = "oscar" value = "oscar"
} }
group "pi-hole" { group "pi-hole" {
network { network {
mode = "host" mode = "host"
port "dns" { port "dns" {
static = 53 static = 53
} }
port "http" { port "http" {
static = 8090 static = 8090
to = 80 to = 80
} }
} }
service { service {
name = "pihole-gui" name = "pihole-gui"
tags = ["pihole", "admin", tags = ["pihole", "admin",
"homer.enable=true", "homer.enable=true",
"homer.name=Pi-hole", "homer.name=Pi-hole",
"homer.service=Application", "homer.service=Application",
"homer.type=PiHole", "homer.type=PiHole",
"homer.logo=http://${NOMAD_ADDR_http}/admin/img/logo.svg", "homer.logo=http://${NOMAD_ADDR_http}/admin/img/logo.svg",
"homer.target=_blank", "homer.target=_blank",
"homer.url=http://${NOMAD_ADDR_http}/admin", "homer.url=http://${NOMAD_ADDR_http}/admin",
] ]
port = "http" port = "http"
} }
task "server" { task "server" {
driver = "docker" driver = "docker"
@ -43,32 +43,32 @@ job "pihole" {
"dns", "dns",
"http", "http",
] ]
volumes =[ volumes = [
"local/dnsmasq.d/02-localresolver.conf:/etc/dnsmasq.d/02-localresolver.conf", "local/dnsmasq.d/02-localresolver.conf:/etc/dnsmasq.d/02-localresolver.conf",
"/mnt/diskstation/nomad/pihole:/etc/pihole" "/mnt/diskstation/nomad/pihole:/etc/pihole"
] ]
} }
vault{ vault {
policies= ["access-tables"] policies = ["access-tables"]
} }
env { env {
TZ= "Europe/Paris" TZ = "Europe/Paris"
DNS1= "1.1.1.1" DNS1 = "1.1.1.1"
DNS2= "80.67.169.40" DNS2 = "80.67.169.40"
} }
template { template {
data = <<EOH data = <<EOH
WEBPASSWORD="{{with secret "secrets/data/pihole"}}{{.Data.data.WEBPASSWORD}}{{end}}" WEBPASSWORD="{{with secret "secrets/data/pihole"}}{{.Data.data.WEBPASSWORD}}{{end}}"
EOH EOH
destination = "local/file.env" destination = "local/file.env"
change_mode = "noop" change_mode = "noop"
env = true env = true
} }
template{ template {
data= <<EOH data = <<EOH
server=/ducamps.win/192.168.1.10 server=/ducamps.win/192.168.1.10
{{range service "consul"}}server=/consul/{{.Address}}#8600 {{range service "consul"}}server=/consul/{{.Address}}#8600
{{end}} {{end}}
@ -76,7 +76,7 @@ domain=ducamps.win
no-negcache no-negcache
local-ttl=2 local-ttl=2
EOH EOH
destination="local/dnsmasq.d/02-localresolver.conf" destination = "local/dnsmasq.d/02-localresolver.conf"
change_mode = "restart" change_mode = "restart"
} }

View File

@ -17,7 +17,7 @@ job "prometheus" {
delay = "15s" delay = "15s"
mode = "fail" mode = "fail"
} }
vault { vault {
policies = ["access-tables"] policies = ["access-tables"]
} }
@ -100,10 +100,10 @@ scrape_configs:
EOH EOH
} }
template { template {
destination = "local/nomad-alert-rules.yml" destination = "local/nomad-alert-rules.yml"
right_delimiter = "]]" right_delimiter = "]]"
left_delimiter = "[[" left_delimiter = "[["
data = <<EOH data = <<EOH
--- ---
groups: groups:
- name: nomad_alerts - name: nomad_alerts
@ -166,13 +166,13 @@ EOH
service { service {
name = "prometheus" name = "prometheus"
tags = ["urlprefix-/", tags = ["urlprefix-/",
"homer.enable=true", "homer.enable=true",
"homer.name=Prometheus", "homer.name=Prometheus",
"homer.service=Monitoring", "homer.service=Monitoring",
"homer.type=Prometheus", "homer.type=Prometheus",
"homer.logo=https://upload.wikimedia.org/wikipedia/commons/thumb/3/38/Prometheus_software_logo.svg/173px-Prometheus_software_logo.svg.png", "homer.logo=https://upload.wikimedia.org/wikipedia/commons/thumb/3/38/Prometheus_software_logo.svg/173px-Prometheus_software_logo.svg.png",
"homer.target=_blank", "homer.target=_blank",
"homer.url=http://${NOMAD_ADDR_prometheus_ui}", "homer.url=http://${NOMAD_ADDR_prometheus_ui}",
] ]

View File

@ -1,12 +1,12 @@
job "promtail" { job "promtail" {
datacenters = ["homelab","hetzner"] datacenters = ["homelab", "hetzner"]
type = "system" type = "system"
meta { meta {
forcedeploy = "0" forcedeploy = "0"
} }
group "promtail"{ group "promtail" {
network { network {
mode = "host" mode = "host"
port "http" { port "http" {
@ -47,7 +47,7 @@ job "promtail" {
env { env {
HOSTNAME = "${attr.unique.hostname}" HOSTNAME = "${attr.unique.hostname}"
} }
template { template {
data = <<EOTC data = <<EOTC
positions: positions:
filename: {{ env "NOMAD_ALLOC_DIR"}}/positions.yaml filename: {{ env "NOMAD_ALLOC_DIR"}}/positions.yaml

View File

@ -1,19 +1,19 @@
job "radicale" { job "radicale" {
datacenters = ["homelab"] datacenters = ["homelab"]
type = "service" type = "service"
meta { meta {
forcedeploy = "0" forcedeploy = "0"
} }
group "radicale"{ group "radicale" {
network { network {
mode = "host" mode = "host"
port "http" { port "http" {
to = 5232 to = 5232
} }
} }
vault{ vault {
policies= ["access-tables"] policies = ["access-tables"]
} }
task "radicale" { task "radicale" {
@ -22,21 +22,21 @@ job "radicale" {
name = "radicale" name = "radicale"
port = "http" port = "http"
tags = [ tags = [
"homer.enable=true", "homer.enable=true",
"homer.name=Radicale", "homer.name=Radicale",
"homer.service=Application", "homer.service=Application",
"homer.logo=https://radicale.org/assets/logo.svg", "homer.logo=https://radicale.org/assets/logo.svg",
"homer.target=_blank", "homer.target=_blank",
"homer.url=https://www.ducamps.win/${NOMAD_JOB_NAME}", "homer.url=https://www.ducamps.win/${NOMAD_JOB_NAME}",
"traefik.enable=true", "traefik.enable=true",
"traefik.http.routers.${NOMAD_JOB_NAME}.rule=Host(`www.ducamps.win`)&&PathPrefix(`/radicale`)", "traefik.http.routers.${NOMAD_JOB_NAME}.rule=Host(`www.ducamps.win`)&&PathPrefix(`/radicale`)",
"traefik.http.routers.${NOMAD_JOB_NAME}.tls.domains[0].sans=www.ducamps.win", "traefik.http.routers.${NOMAD_JOB_NAME}.tls.domains[0].sans=www.ducamps.win",
"traefik.http.routers.${NOMAD_JOB_NAME}.tls.certresolver=myresolver", "traefik.http.routers.${NOMAD_JOB_NAME}.tls.certresolver=myresolver",
"traefik.http.routers.${NOMAD_JOB_NAME}.middlewares=radicaleHeader,radicalestrip", "traefik.http.routers.${NOMAD_JOB_NAME}.middlewares=radicaleHeader,radicalestrip",
"traefik.http.middlewares.radicaleHeader.headers.customrequestheaders.X-Script-Name=/radicale", "traefik.http.middlewares.radicaleHeader.headers.customrequestheaders.X-Script-Name=/radicale",
"traefik.http.middlewares.radicalestrip.stripprefix.prefixes=/radicale", "traefik.http.middlewares.radicalestrip.stripprefix.prefixes=/radicale",
] ]
} }
@ -50,10 +50,10 @@ job "radicale" {
} }
env { env {
TAKE_FILE_OWNERSHIP=false TAKE_FILE_OWNERSHIP = false
} }
template { template {
data = <<EOH data = <<EOH
[server] [server]
hosts = 0.0.0.0:5232 hosts = 0.0.0.0:5232
[auth] [auth]

View File

@ -1,23 +1,23 @@
job "torrent" { job "torrent" {
datacenters = ["hetzner"] datacenters = ["hetzner"]
type = "service" type = "service"
meta { meta {
forcedeploy = "0" forcedeploy = "0"
} }
group "bittorent"{ group "bittorent" {
network { network {
mode = "host" mode = "host"
port "http" { port "http" {
to = 8080 to = 8080
host_network = "private" host_network = "private"
} }
port "torrent" { port "torrent" {
static=6881 static = 6881
host_network = "public" host_network = "public"
} }
port "ecoute" { port "ecoute" {
static= 50000 static = 50000
host_network = "public" host_network = "public"
} }
} }
@ -27,16 +27,16 @@ job "torrent" {
name = "bittorent" name = "bittorent"
port = "http" port = "http"
tags = [ tags = [
"homer.enable=true", "homer.enable=true",
"homer.name=torrent", "homer.name=torrent",
"homer.url=https://torrent.ducamps.win", "homer.url=https://torrent.ducamps.win",
"homer.service=Application", "homer.service=Application",
"homer.logo=https://${NOMAD_JOB_NAME}.ducamps.win/images/favicon-196x196.png", "homer.logo=https://${NOMAD_JOB_NAME}.ducamps.win/images/favicon-196x196.png",
"homer.target=_blank", "homer.target=_blank",
"traefik.enable=true", "traefik.enable=true",
"traefik.http.routers.${NOMAD_JOB_NAME}.rule=Host(`${NOMAD_JOB_NAME}.ducamps.win`)", "traefik.http.routers.${NOMAD_JOB_NAME}.rule=Host(`${NOMAD_JOB_NAME}.ducamps.win`)",
"traefik.http.routers.${NOMAD_JOB_NAME}.tls.domains[0].sans=${NOMAD_JOB_NAME}.ducamps.win", "traefik.http.routers.${NOMAD_JOB_NAME}.tls.domains[0].sans=${NOMAD_JOB_NAME}.ducamps.win",
"traefik.http.routers.${NOMAD_JOB_NAME}.tls.certresolver=myresolver", "traefik.http.routers.${NOMAD_JOB_NAME}.tls.certresolver=myresolver",
] ]
@ -47,7 +47,7 @@ job "torrent" {
"http", "http",
"torrent", "torrent",
"ecoute" "ecoute"
] ]
volumes = [ volumes = [
"/mnt/hetzner/storagebox/rutorrentConfig:/data", "/mnt/hetzner/storagebox/rutorrentConfig:/data",
"/mnt/hetzner/storagebox/file:/downloads" "/mnt/hetzner/storagebox/file:/downloads"
@ -55,10 +55,10 @@ job "torrent" {
} }
env { env {
PUID=1024 PUID = 1024
PGID=984 PGID = 984
UMASK=002 UMASK = 002
WEBUI_PORT="8070" WEBUI_PORT = "8070"
} }
resources { resources {

View File

@ -1,26 +1,26 @@
job "seedboxsync" { job "seedboxsync" {
datacenters = ["homelab"] datacenters = ["homelab"]
priority = 50 priority = 50
type = "batch" type = "batch"
meta { meta {
forcedeploy = "0" forcedeploy = "0"
} }
constraint { constraint {
attribute = "${attr.cpu.arch}" attribute = "${attr.cpu.arch}"
value = "amd64" value = "amd64"
} }
periodic { periodic {
cron = "0,30 * * * *" cron = "0,30 * * * *"
prohibit_overlap = true prohibit_overlap = true
} }
group "seedboxsync"{ group "seedboxsync" {
network { network {
mode = "host" mode = "host"
} }
vault{ vault {
policies= ["access-tables"] policies = ["access-tables"]
} }
task "server" { task "server" {
driver = "docker" driver = "docker"
@ -32,19 +32,19 @@ job "seedboxsync" {
volumes = [ volumes = [
"/mnt/diskstation/media/download:/media" "/mnt/diskstation/media/download:/media"
] ]
args=[ args = [
"-u" ,"${USERNAME},${PASSWORD}", "-u", "${USERNAME},${PASSWORD}",
"-e" ,"mirror -c -P 5 -x seed ${REMOTE_PATH} /media;quit", "-e", "mirror -c -P 5 -x seed ${REMOTE_PATH} /media;quit",
"${REMOTE_SERVER}" "${REMOTE_SERVER}"
] ]
} }
env { env {
USER_ID=1000001 USER_ID = 1000001
GROUP_ID=1000007 GROUP_ID = 1000007
} }
template { template {
data= <<EOH data = <<EOH
{{ with secret "secrets/data/seedbox"}} {{ with secret "secrets/data/seedbox"}}
USERNAME = "{{ .Data.data.username }}" USERNAME = "{{ .Data.data.username }}"
PASSWORD = "{{ .Data.data.password }}" PASSWORD = "{{ .Data.data.password }}"
@ -53,7 +53,7 @@ job "seedboxsync" {
{{end}} {{end}}
EOH EOH
destination = "secrets/sample.env" destination = "secrets/sample.env"
env = true env = true
} }
resources { resources {
memory = 100 memory = 100

View File

@ -1,44 +1,44 @@
job "supysonic" { job "supysonic" {
datacenters = ["homelab"] datacenters = ["homelab"]
type = "service" type = "service"
meta { meta {
forcedeploy = "0" forcedeploy = "0"
} }
constraint { constraint {
attribute = "${attr.cpu.arch}" attribute = "${attr.cpu.arch}"
value = "amd64" value = "amd64"
} }
group "supysonic"{ group "supysonic" {
network { network {
mode = "host" mode = "host"
port "fcgi" { port "fcgi" {
to = 5000 to = 5000
} }
port "http" { port "http" {
to=80 to = 80
} }
} }
vault{ vault {
policies= ["access-tables"] policies = ["access-tables"]
} }
service { service {
name = "supysonic" name = "supysonic"
port = "http" port = "http"
tags = [ tags = [
"homer.enable=true", "homer.enable=true",
"homer.name=Supysonic", "homer.name=Supysonic",
"homer.service=Application", "homer.service=Application",
"homer.icon=fas fa-headphones", "homer.icon=fas fa-headphones",
"homer.target=_blank", "homer.target=_blank",
"homer.url=http://${NOMAD_JOB_NAME}.ducamps.win", "homer.url=http://${NOMAD_JOB_NAME}.ducamps.win",
"traefik.enable=true", "traefik.enable=true",
"traefik.http.routers.${NOMAD_JOB_NAME}.rule=Host(`${NOMAD_JOB_NAME}.ducamps.win`)", "traefik.http.routers.${NOMAD_JOB_NAME}.rule=Host(`${NOMAD_JOB_NAME}.ducamps.win`)",
"traefik.http.routers.${NOMAD_JOB_NAME}.tls.domains[0].sans=${NOMAD_JOB_NAME}.ducamps.win", "traefik.http.routers.${NOMAD_JOB_NAME}.tls.domains[0].sans=${NOMAD_JOB_NAME}.ducamps.win",
"traefik.http.routers.${NOMAD_JOB_NAME}.tls.certresolver=myresolver", "traefik.http.routers.${NOMAD_JOB_NAME}.tls.certresolver=myresolver",
] ]
@ -47,8 +47,8 @@ job "supysonic" {
task "supysonic-frontend" { task "supysonic-frontend" {
driver = "docker" driver = "docker"
config { config {
image= "nginx:alpine" image = "nginx:alpine"
ports= [ ports = [
"http" "http"
] ]
volumes = [ volumes = [
@ -56,7 +56,7 @@ job "supysonic" {
] ]
} }
template { template {
data = <<EOH data = <<EOH
worker_processes auto; worker_processes auto;
pid /var/run/nginx.pid; pid /var/run/nginx.pid;
events { events {
@ -83,36 +83,36 @@ http {
destination = "etc/nginx/nginx.conf" destination = "etc/nginx/nginx.conf"
} }
resources { resources {
memory = 75 memory = 75
} }
} }
task "supysonic-server" { task "supysonic-server" {
driver = "docker" driver = "docker"
config { config {
image = "ogarcia/supysonic:full-sql" image = "ogarcia/supysonic:full-sql"
ports = ["fcgi"] ports = ["fcgi"]
force_pull= true force_pull = true
volumes = [ volumes = [
"/mnt/diskstation/music:/mnt/diskstation/music" "/mnt/diskstation/music:/mnt/diskstation/music"
] ]
} }
env { env {
SUPYSONIC_RUN_MODE= "fcgi-port" SUPYSONIC_RUN_MODE = "fcgi-port"
SUPYSONIC_DAEMON_ENABLED = "true" SUPYSONIC_DAEMON_ENABLED = "true"
SUPYSONIC_WEBAPP_LOG_LEVEL = "WARNING" SUPYSONIC_WEBAPP_LOG_LEVEL = "WARNING"
SUPYSONIC_DAEMON_LOG_LEVEL = "INFO" SUPYSONIC_DAEMON_LOG_LEVEL = "INFO"
} }
template { template {
data= <<EOH data = <<EOH
{{ with secret "secrets/data/supysonic"}} {{ with secret "secrets/data/supysonic"}}
SUPYSONIC_DB_URI = "postgres://supysonic:{{ .Data.data.db_password}}@db1.ducamps.win/supysonic" SUPYSONIC_DB_URI = "postgres://supysonic:{{ .Data.data.db_password}}@db1.ducamps.win/supysonic"
{{end}} {{end}}
EOH EOH
destination = "secrets/supysonic.env" destination = "secrets/supysonic.env"
env = true env = true
} }
resources { resources {
memory = 256 memory = 256

View File

@ -1,26 +1,26 @@
job "syncthing" { job "syncthing" {
datacenters = ["homelab"] datacenters = ["homelab"]
type = "service" type = "service"
meta { meta {
forcedeploy = "0" forcedeploy = "0"
} }
group "syncthing"{ group "syncthing" {
network { network {
mode = "host" mode = "host"
port "http" { port "http" {
to = 8384 to = 8384
} }
port "listen"{ port "listen" {
static = 22000 static = 22000
} }
port "discovery" { port "discovery" {
static = 21027 static = 21027
} }
} }
vault{ vault {
policies= ["access-tables"] policies = ["access-tables"]
} }
task "syncthing" { task "syncthing" {
@ -29,12 +29,12 @@ job "syncthing" {
name = "syncthing-web" name = "syncthing-web"
port = "http" port = "http"
tags = [ tags = [
"homer.enable=true", "homer.enable=true",
"homer.name=Syncthing", "homer.name=Syncthing",
"homer.service=Application", "homer.service=Application",
"homer.logo=http://${NOMAD_ADDR_http}/assets/img/logo-horizontal.svg", "homer.logo=http://${NOMAD_ADDR_http}/assets/img/logo-horizontal.svg",
"homer.target=_blank", "homer.target=_blank",
"homer.url=http://${NOMAD_ADDR_http}", "homer.url=http://${NOMAD_ADDR_http}",
] ]
} }
config { config {

View File

@ -1,34 +1,34 @@
job "traefik-ingress" { job "traefik-ingress" {
datacenters = ["hetzner"] datacenters = ["hetzner"]
type = "service" type = "service"
meta { meta {
force_deploy= 1 force_deploy = 1
} }
group "traefik-ingress" { group "traefik-ingress" {
network { network {
mode = "host" mode = "host"
port "http" { port "http" {
static = 80 static = 80
host_network = "public" host_network = "public"
} }
port "https" { port "https" {
static = 443 static = 443
host_network = "public" host_network = "public"
} }
port "admin" { port "admin" {
static = 9080 static = 9080
host_network = "private" host_network = "private"
} }
port "ssh" { port "ssh" {
static = 2222 static = 2222
host_network = "public" host_network = "public"
} }
} }
vault{ vault {
policies=["access-tables"] policies = ["access-tables"]
} }
task "traefik" { task "traefik" {
driver = "docker" driver = "docker"
service { service {
name = "traefik" name = "traefik"
@ -41,13 +41,13 @@ job "traefik-ingress" {
name = "traefik-admin" name = "traefik-admin"
port = "admin" port = "admin"
tags = [ tags = [
"homer.enable=true", "homer.enable=true",
"homer.name=Traefik admin", "homer.name=Traefik admin",
"homer.subtitle=WAN", "homer.subtitle=WAN",
"homer.service=Platform", "homer.service=Platform",
"homer.logo=https://upload.wikimedia.org/wikipedia/commons/1/1b/Traefik.logo.png", "homer.logo=https://upload.wikimedia.org/wikipedia/commons/1/1b/Traefik.logo.png",
"homer.target=_blank", "homer.target=_blank",
"homer.url=http://${NOMAD_ADDR_admin}", "homer.url=http://${NOMAD_ADDR_admin}",
] ]
@ -61,7 +61,7 @@ job "traefik-ingress" {
"admin", "admin",
"ssh" "ssh"
] ]
volumes =[ volumes = [
"local/traefik.toml:/etc/traefik/traefik.toml", "local/traefik.toml:/etc/traefik/traefik.toml",
"/mnt/diskstation/nomad/traefik/acme.json:/acme.json" "/mnt/diskstation/nomad/traefik/acme.json:/acme.json"
] ]
@ -69,17 +69,17 @@ job "traefik-ingress" {
} }
# vault{ # vault{
#} #}
env { env {
} }
template{ template {
data=<<EOH data = <<EOH
GANDIV5_API_KEY = "{{with secret "secrets/data/gandi"}}{{.Data.data.API_KEY}}{{end}}" GANDIV5_API_KEY = "{{with secret "secrets/data/gandi"}}{{.Data.data.API_KEY}}{{end}}"
EOH EOH
destination= "secrets/gandi.env" destination = "secrets/gandi.env"
env = true env = true
} }
template{ template {
data= <<EOH data = <<EOH
[entryPoints] [entryPoints]
[entrypoints.ssh] [entrypoints.ssh]
@ -118,15 +118,15 @@ job "traefik-ingress" {
EOH EOH
destination = "local/traefik.toml" destination = "local/traefik.toml"
env = false env = false
change_mode = "noop" change_mode = "noop"
left_delimiter = "{{{" left_delimiter = "{{{"
right_delimiter = "}}}" right_delimiter = "}}}"
} }
resources { resources {
memory = 200 memory = 200
} }
} }
} }
} }

View File

@ -1,28 +1,28 @@
job "traefik-local" { job "traefik-local" {
datacenters = ["homelab"] datacenters = ["homelab"]
type = "service" type = "service"
group "traefik-local" { group "traefik-local" {
network { network {
mode = "host" mode = "host"
port "http" { port "http" {
static = 80 static = 80
} }
port "https" { port "https" {
static = 443 static = 443
} }
port "ssh" { port "ssh" {
static = 2222 static = 2222
} }
port "admin" { port "admin" {
static = 9080 static = 9080
} }
} }
vault{ vault {
policies=["access-tables"] policies = ["access-tables"]
} }
task "traefik" { task "traefik" {
driver = "docker" driver = "docker"
service { service {
name = "traefik-local" name = "traefik-local"
@ -35,13 +35,13 @@ job "traefik-local" {
name = "traefik-local-admin" name = "traefik-local-admin"
port = "admin" port = "admin"
tags = [ tags = [
"homer.enable=true", "homer.enable=true",
"homer.name=Traefik admin", "homer.name=Traefik admin",
"homer.subtitle=LAN", "homer.subtitle=LAN",
"homer.service=Platform", "homer.service=Platform",
"homer.logo=https://upload.wikimedia.org/wikipedia/commons/1/1b/Traefik.logo.png", "homer.logo=https://upload.wikimedia.org/wikipedia/commons/1/1b/Traefik.logo.png",
"homer.target=_blank", "homer.target=_blank",
"homer.url=http://${NOMAD_ADDR_admin}", "homer.url=http://${NOMAD_ADDR_admin}",
] ]
@ -55,7 +55,7 @@ job "traefik-local" {
"admin", "admin",
"ssh" "ssh"
] ]
volumes =[ volumes = [
"local/traefik.toml:/etc/traefik/traefik.toml", "local/traefik.toml:/etc/traefik/traefik.toml",
"/mnt/diskstation/nomad/traefik/acme-local.json:/acme.json" "/mnt/diskstation/nomad/traefik/acme-local.json:/acme.json"
] ]
@ -65,16 +65,16 @@ job "traefik-local" {
#} #}
env { env {
} }
template{ template {
data=<<EOH data = <<EOH
GANDIV5_API_KEY = "{{with secret "secrets/data/gandi"}}{{.Data.data.API_KEY}}{{end}}" GANDIV5_API_KEY = "{{with secret "secrets/data/gandi"}}{{.Data.data.API_KEY}}{{end}}"
EOH EOH
destination= "secrets/gandi.env" destination = "secrets/gandi.env"
env = true env = true
} }
template{ template {
data= <<EOH data = <<EOH
[entryPoints] [entryPoints]
[entryPoints.web] [entryPoints.web]
address = ":80" address = ":80"
@ -115,10 +115,10 @@ job "traefik-local" {
EOH EOH
destination = "local/traefik.toml" destination = "local/traefik.toml"
env = false env = false
change_mode = "noop" change_mode = "noop"
left_delimiter = "{{{" left_delimiter = "{{{"
right_delimiter = "}}}" right_delimiter = "}}}"
} }
resources { resources {

View File

@ -1,22 +1,22 @@
job "tt-rss" { job "tt-rss" {
datacenters = ["homelab"] datacenters = ["homelab"]
type = "service" type = "service"
constraint { constraint {
attribute = "${attr.cpu.arch}" attribute = "${attr.cpu.arch}"
value = "amd64" value = "amd64"
} }
group "tt-rss" { group "tt-rss" {
ephemeral_disk { ephemeral_disk {
migrate = true migrate = true
size = 200 size = 200
sticky = true sticky = true
} }
network { network {
mode = "host" mode = "host"
port "http"{ port "http" {
to = 80 to = 80
} }
port "appPort" { port "appPort" {
@ -30,12 +30,12 @@ job "tt-rss" {
name = "tt-rss" name = "tt-rss"
port = "http" port = "http"
tags = [ tags = [
"homer.enable=true", "homer.enable=true",
"homer.name=TT-RSS", "homer.name=TT-RSS",
"homer.service=Application", "homer.service=Application",
"homer.logo=https://framalibre.org/sites/default/files/styles/thumbnail/public/leslogos/ic_launcher_1.png", "homer.logo=https://framalibre.org/sites/default/files/styles/thumbnail/public/leslogos/ic_launcher_1.png",
"homer.target=_blank", "homer.target=_blank",
"homer.url=https://www.ducamps.win/tt-rss", "homer.url=https://www.ducamps.win/tt-rss",
"traefik.enable=true", "traefik.enable=true",
"traefik.http.routers.${NOMAD_JOB_NAME}.rule=Host(`www.ducamps.win`)&&PathPrefix(`/tt-rss`)", "traefik.http.routers.${NOMAD_JOB_NAME}.rule=Host(`www.ducamps.win`)&&PathPrefix(`/tt-rss`)",
@ -50,27 +50,27 @@ job "tt-rss" {
config { config {
image = "cthulhoo/ttrss-fpm-pgsql-static" image = "cthulhoo/ttrss-fpm-pgsql-static"
ports = [ ports = [
"appPort" "appPort"
] ]
volumes = [ volumes = [
"${NOMAD_ALLOC_DIR}/data:/var/www/html" "${NOMAD_ALLOC_DIR}/data:/var/www/html"
] ]
} }
env { env {
TTRSS_DB-TYPE = "pgsql" TTRSS_DB-TYPE = "pgsql"
TTRSS_DB_HOST = "db1.ducamps.win" TTRSS_DB_HOST = "db1.ducamps.win"
TTRSS_DB_NAME = "ttrss" TTRSS_DB_NAME = "ttrss"
TTRSS_DB_USER = "ttrss" TTRSS_DB_USER = "ttrss"
TTRSS_SELF_URL_PATH = "https://www.ducamps.win/tt-rss" TTRSS_SELF_URL_PATH = "https://www.ducamps.win/tt-rss"
} }
template { template {
data= <<EOH data = <<EOH
{{ with secret "secrets/data/ttrss"}} {{ with secret "secrets/data/ttrss"}}
TTRSS_DB_PASS = "{{ .Data.data.DB_PASS }}" TTRSS_DB_PASS = "{{ .Data.data.DB_PASS }}"
{{end}} {{end}}
EOH EOH
destination = "secrets/tt-rss.env" destination = "secrets/tt-rss.env"
env = true env = true
} }
resources { resources {
@ -78,7 +78,7 @@ job "tt-rss" {
} }
} }
task "ttrss-updater" { task "ttrss-updater" {
driver = "docker" driver = "docker"
config { config {
image = "cthulhoo/ttrss-fpm-pgsql-static" image = "cthulhoo/ttrss-fpm-pgsql-static"
@ -89,20 +89,20 @@ job "tt-rss" {
} }
env { env {
TTRSS_DB-TYPE = "pgsql" TTRSS_DB-TYPE = "pgsql"
TTRSS_DB_HOST = "db1.ducamps.win" TTRSS_DB_HOST = "db1.ducamps.win"
TTRSS_DB_NAME = "ttrss" TTRSS_DB_NAME = "ttrss"
TTRSS_DB_USER = "ttrss" TTRSS_DB_USER = "ttrss"
TTRSS_SELF_URL_PATH = "https://rss.ducamps.win/tt-rss" TTRSS_SELF_URL_PATH = "https://rss.ducamps.win/tt-rss"
} }
template { template {
data= <<EOH data = <<EOH
{{ with secret "secrets/data/ttrss"}} {{ with secret "secrets/data/ttrss"}}
TTRSS_DB_PASS = "{{ .Data.data.DB_PASS }}" TTRSS_DB_PASS = "{{ .Data.data.DB_PASS }}"
{{end}} {{end}}
EOH EOH
destination = "secrets/tt-rss.env" destination = "secrets/tt-rss.env"
env = true env = true
} }
resources { resources {
@ -113,8 +113,8 @@ job "tt-rss" {
task "ttrss-frontend" { task "ttrss-frontend" {
driver = "docker" driver = "docker"
config { config {
image= "nginx:alpine" image = "nginx:alpine"
ports= [ ports = [
"http" "http"
] ]
volumes = [ volumes = [
@ -124,7 +124,7 @@ job "tt-rss" {
} }
template { template {
data = <<EOH data = <<EOH
worker_processes auto; worker_processes auto;
pid /var/run/nginx.pid; pid /var/run/nginx.pid;

View File

@ -1,20 +1,20 @@
job "vaultwarden" { job "vaultwarden" {
datacenters = ["homelab"] datacenters = ["homelab"]
type = "service" type = "service"
meta { meta {
forcedeploy = "0" forcedeploy = "0"
} }
group "vaultwarden"{ group "vaultwarden" {
network { network {
mode = "host" mode = "host"
port "http" { port "http" {
to = 80 to = 80
} }
} }
vault{ vault {
policies= ["access-tables"] policies = ["access-tables"]
} }
task "vaultwarden" { task "vaultwarden" {
@ -23,17 +23,17 @@ job "vaultwarden" {
name = "vaultwarden" name = "vaultwarden"
port = "http" port = "http"
tags = [ tags = [
"homer.enable=true", "homer.enable=true",
"homer.name=VaultWarden", "homer.name=VaultWarden",
"homer.service=Application", "homer.service=Application",
"homer.logo=https://yunohost.org/user/images/bitwarden_logo.png", "homer.logo=https://yunohost.org/user/images/bitwarden_logo.png",
"homer.target=_blank", "homer.target=_blank",
"homer.url=https://${NOMAD_JOB_NAME}.ducamps.win", "homer.url=https://${NOMAD_JOB_NAME}.ducamps.win",
"traefik.enable=true", "traefik.enable=true",
"traefik.http.routers.${NOMAD_JOB_NAME}.rule=Host(`vault.ducamps.win`)", "traefik.http.routers.${NOMAD_JOB_NAME}.rule=Host(`vault.ducamps.win`)",
"traefik.http.routers.${NOMAD_JOB_NAME}.tls.domains[0].sans=vault.ducamps.win", "traefik.http.routers.${NOMAD_JOB_NAME}.tls.domains[0].sans=vault.ducamps.win",
"traefik.http.routers.${NOMAD_JOB_NAME}.tls.certresolver=myresolver", "traefik.http.routers.${NOMAD_JOB_NAME}.tls.certresolver=myresolver",
] ]
check { check {
type = "http" type = "http"
@ -56,20 +56,20 @@ job "vaultwarden" {
} }
env { env {
DATA_FOLDER = "/data" DATA_FOLDER = "/data"
WEB_VAULT_ENABLED = "true" WEB_VAULT_ENABLED = "true"
DOMAIN = "https://vault.ducamps.win" DOMAIN = "https://vault.ducamps.win"
} }
template { template {
data= <<EOH data = <<EOH
{{ with secret "secrets/data/vaultwarden"}} {{ with secret "secrets/data/vaultwarden"}}
DATABASE_URL=postgresql://vaultwarden:{{ .Data.data.DB_PASSWORD }}@db1.ducamps.win/vaultwarden DATABASE_URL=postgresql://vaultwarden:{{ .Data.data.DB_PASSWORD }}@db1.ducamps.win/vaultwarden
{{end}} {{end}}
EOH EOH
destination = "secrets/vaultwarden.env" destination = "secrets/vaultwarden.env"
env = true env = true
} }
resources { resources {
memory = 150 memory = 150

View File

@ -1,34 +1,34 @@
job "www" { job "www" {
datacenters = ["hetzner"] datacenters = ["hetzner"]
type = "service" type = "service"
group "www" { group "www" {
network { network {
mode = "host" mode = "host"
port "http" { port "http" {
to = 80 to = 80
host_network = "private" host_network = "private"
} }
} }
service { service {
name = "www" name = "www"
tags = [ tags = [
"homer.enable=true", "homer.enable=true",
"homer.name=Website", "homer.name=Website",
"homer.service=Application", "homer.service=Application",
"homer.icon=fas fa-blog", "homer.icon=fas fa-blog",
"homer.target=_blank", "homer.target=_blank",
"homer.url=https://www.ducamps.win", "homer.url=https://www.ducamps.win",
"traefik.enable=true", "traefik.enable=true",
"traefik.http.routers.${NOMAD_JOB_NAME}.rule=Host(`${NOMAD_JOB_NAME}.ducamps.win`)", "traefik.http.routers.${NOMAD_JOB_NAME}.rule=Host(`${NOMAD_JOB_NAME}.ducamps.win`)",
"traefik.http.routers.${NOMAD_JOB_NAME}.tls.domains[0].sans=${NOMAD_JOB_NAME}.ducamps.win", "traefik.http.routers.${NOMAD_JOB_NAME}.tls.domains[0].sans=${NOMAD_JOB_NAME}.ducamps.win",
"traefik.http.routers.${NOMAD_JOB_NAME}.tls.certresolver=myresolver", "traefik.http.routers.${NOMAD_JOB_NAME}.tls.certresolver=myresolver",
"traefik.http.routers.default.rule=Host(`ducamps.win`)", "traefik.http.routers.default.rule=Host(`ducamps.win`)",
"traefik.http.routers.default.tls.domains[0].sans=ducamps.win", "traefik.http.routers.default.tls.domains[0].sans=ducamps.win",
"traefik.http.routers.default.tls.certresolver=myresolver", "traefik.http.routers.default.tls.certresolver=myresolver",
] ]
port = "http" port = "http"
} }
task "server" { task "server" {
driver = "docker" driver = "docker"
@ -37,14 +37,14 @@ job "www" {
ports = [ ports = [
"http" "http"
] ]
volumes =[ volumes = [
"local/nginx.conf:/etc/nginx/nginx.conf", "local/nginx.conf:/etc/nginx/nginx.conf",
"/srv/http:/usr/share/nginx/html" "/srv/http:/usr/share/nginx/html"
] ]
} }
template{ template {
data= <<EOH data = <<EOH
worker_processes auto; worker_processes auto;
pid /var/run/nginx.pid; pid /var/run/nginx.pid;
events { events {
@ -73,7 +73,7 @@ http {
} }
EOH EOH
destination="local/nginx.conf" destination = "local/nginx.conf"
} }
resources { resources {
memory = 50 memory = 50