vincent/homelab
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

formatting

Browse Source
This commit is contained in:
vincent 2022-10-29 10:40:01 +02:00
parent 732d4b458d
commit a3abcb41a3
29 changed files with 500 additions and 500 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
nomad-job/MQTT.nomad
View File

@ -1,29 +1,29 @@
job "MQTT" {
datacenters = ["homelab"]
priority = 50
type = "service"
priority = 50
type = "service"
meta {
forcedeploy = "0"
}
constraint {
attribute = "${attr.unique.hostname}"
value = "oscar"
value = "oscar"
}
group "MQTT"{
group "MQTT" {
network {
mode = "host"
port "zigbee2mqtt" {
to = 8090
}
port "mosquittoMQTT" {
static= 1883
to = 1883
static = 1883
to = 1883
}
port "mosquittoWS" {
to = 9001
static = 9001
to = 9001
static = 9001
}
}
task "mosquitto" {
@ -36,9 +36,9 @@ job "MQTT" {
}
config {
image = "eclipse-mosquitto"
ports = ["mosquittoWS","mosquittoMQTT"]
ports = ["mosquittoWS", "mosquittoMQTT"]
volumes = [
"/mnt/diskstation/nomad/mosquitto:/mosquitto/data",
"/mnt/diskstation/nomad/mosquitto:/mosquitto/data",
"local/mosquitto.conf:/mosquitto/config/mosquitto.conf"
]
@ -47,7 +47,7 @@ job "MQTT" {
TZ = "Europe/Paris"
}
template {
data= <<EOH
data = <<EOH
persistence false
log_dest stdout
listener 1883
@ -66,19 +66,19 @@ connection_messages true
name = "Zigbee2MQTT"
port = "zigbee2mqtt"
tags = [
"homer.enable=true",
"homer.name=zigbee.mqtt",
"homer.service=Application",
"homer.logo=https://www.zigbee2mqtt.io/logo.png",
"homer.target=_blank",
"homer.url=http://${NOMAD_ADDR_zigbee2mqtt}",
"homer.enable=true",
"homer.name=zigbee.mqtt",
"homer.service=Application",
"homer.logo=https://www.zigbee2mqtt.io/logo.png",
"homer.target=_blank",
"homer.url=http://${NOMAD_ADDR_zigbee2mqtt}",
]
}
config {
image = "koenkk/zigbee2mqtt"
privileged= true
ports = ["zigbee2mqtt"]
image = "koenkk/zigbee2mqtt"
privileged = true
ports = ["zigbee2mqtt"]
volumes = [
"/mnt/diskstation/nomad/zigbee2mqtt:/app/data",
"local/configuration.yaml:/app/data/configuration.yaml",
@ -92,7 +92,7 @@ connection_messages true
}
template {
data= <<EOH
data = <<EOH
# MQTT settings
mqtt:
# MQTT base topic for Zigbee2MQTT MQTT messages

6
nomad-job/alertmanager.nomad
View File

@ -1,12 +1,12 @@
job "alertmanager" {
datacenters = ["homelab"]
type = "service"
type = "service"
meta {
forcedeploy = "0"
}
group "alertmanager"{
group "alertmanager" {
network {
mode = "host"
port "http" {
@ -27,7 +27,7 @@ job "alertmanager" {
"homer.target=_blank",
"homer.url=http://${NOMAD_ADDR_http}",
]
]
check {
name = "alertmanager_ui port alive"
type = "http"

30
nomad-job/chainetv.nomad
View File

@ -1,11 +1,11 @@
job "chainetv" {
datacenters = ["homelab"]
type = "service"
type = "service"
meta {
forcedeploy = "2"
}
group "chainetv"{
group "chainetv" {
network {
mode = "host"
port "http" {
@ -19,20 +19,20 @@ job "chainetv" {
name = "chainetv"
port = "http"
tags = [
"homer.enable=true",
"homer.name=ChaineTV",
"homer.service=Application",
"homer.icon=fas fa-tv",
"homer.target=_blank",
"homer.url=https://www.ducamps.win/${NOMAD_JOB_NAME}",
"homer.enable=true",
"homer.name=ChaineTV",
"homer.service=Application",
"homer.icon=fas fa-tv",
"homer.target=_blank",
"homer.url=https://www.ducamps.win/${NOMAD_JOB_NAME}",
"traefik.enable=true",
"traefik.http.routers.${NOMAD_JOB_NAME}.rule=Host(`www.ducamps.win`)&&PathPrefix(`/chainetv`)",
"traefik.http.routers.${NOMAD_JOB_NAME}.tls.domains[0].sans=www.ducamps.win",
"traefik.http.routers.${NOMAD_JOB_NAME}.tls.certresolver=myresolver",
"traefik.http.routers.${NOMAD_JOB_NAME}.middlewares=chainetv,chainetvStrip",
"traefik.http.middlewares.chainetv.headers.customrequestheaders.X-Script-Name=/chainetv",
"traefik.http.middlewares.chainetvStrip.stripprefix.prefixes=/chainetv",
"traefik.enable=true",
"traefik.http.routers.${NOMAD_JOB_NAME}.rule=Host(`www.ducamps.win`)&&PathPrefix(`/chainetv`)",
"traefik.http.routers.${NOMAD_JOB_NAME}.tls.domains[0].sans=www.ducamps.win",
"traefik.http.routers.${NOMAD_JOB_NAME}.tls.certresolver=myresolver",
"traefik.http.routers.${NOMAD_JOB_NAME}.middlewares=chainetv,chainetvStrip",
"traefik.http.middlewares.chainetv.headers.customrequestheaders.X-Script-Name=/chainetv",
"traefik.http.middlewares.chainetvStrip.stripprefix.prefixes=/chainetv",
]
}

26
nomad-job/crowdsec-agent.nomad
View File

@ -1,25 +1,25 @@
job "crowdsec-agent" {
datacenters = ["homelab","hetzner"]
type = "system"
datacenters = ["homelab", "hetzner"]
type = "system"
meta {
forcedeploy = "2"
}
vault{
policies= ["access-tables"]
vault {
policies = ["access-tables"]
}
group "crowdsec-agent"{
group "crowdsec-agent" {
network {
mode = "host"
port "metric"{
port "metric" {
to = 6060
}
}
task "crowdsec-agent" {
service {
name= "crowdsec-metrics"
name = "crowdsec-metrics"
port = "metric"
tags = [
]
@ -36,11 +36,11 @@ job "crowdsec-agent" {
}
env {
COLLECTIONS= "crowdsecurity/traefik crowdsecurity/home-assistant LePresidente/gitea"
DISABLE_LOCAL_API= "true"
COLLECTIONS = "crowdsecurity/traefik crowdsecurity/home-assistant LePresidente/gitea"
DISABLE_LOCAL_API = "true"
}
template {
data = <<EOH
data = <<EOH
---
source: docker
container_name_regexp:
@ -66,15 +66,15 @@ EOH
}
template {
data = <<EOH
data = <<EOH
LOCAL_API_URL = {{- range service "crowdsec-api" }} "http://{{ .Address }}:{{ .Port }}"{{- end }}
AGENT_USERNAME = "{{ env "node.unique.name" }}"
{{with secret "secrets/data/crowdsec"}}
AGENT_PASSWORD = "{{.Data.data.AGENT_PASSWORD}}"
{{end}}
EOH
destination ="secret/agent.env"
env = "true"
destination = "secret/agent.env"
env = "true"
}
resources {
memory = 100

28
nomad-job/crowdsec-api.nomad
View File

@ -1,10 +1,10 @@
job "crowdsec-api" {
datacenters = ["homelab"]
type = "service"
type = "service"
meta {
forcedeploy = "-1"
}
vault{
vault {
policies = ["access-tables"]
}
group "crowdsec-api" {
@ -12,30 +12,30 @@ job "crowdsec-api" {
mode = "host"
port "http" {
static = 8898
to = 8080
to = 8080
}
port "metric"{
port "metric" {
to = 6060
}
}
task "crowdsec-api" {
service {
name= "crowdsec-metrics"
service {
name = "crowdsec-metrics"
port = "metric"
tags = [
]
}
driver = "docker"
driver = "docker"
service {
name= "crowdsec-api"
name = "crowdsec-api"
port = "http"
tags = [
]
}
config {
image ="crowdsecurity/crowdsec"
ports = ["http","metric"]
image = "crowdsecurity/crowdsec"
ports = ["http", "metric"]
volumes = [
"/mnt/diskstation/nomad/crowdsec/db:/var/lib/crowdsec/data",
"/mnt/diskstation/nomad/crowdsec/data:/etc/crowdsec_data",
@ -43,21 +43,21 @@ job "crowdsec-api" {
}
template {
data = <<EOH
data = <<EOH
DISABLE_AGENT = "true"
{{with secret "secrets/data/crowdsec"}}
AGENT_USERNAME = "{{.Data.data.AGENT_USERNAME}}"
AGENT_PASSWORD = "{{.Data.data.AGENT_PASSWORD}}"
{{end}}
EOH
destination ="secret/api.env"
env = "true"
destination = "secret/api.env"
env = "true"
}
resources {
memory = 99
}
}
}

26
nomad-job/dashboard.nomad
View File

@ -1,12 +1,12 @@
job "dashboard" {
datacenters = ["homelab"]
type = "service"
type = "service"
meta {
forcedeploy = "1"
}
group "dashboard"{
group "dashboard" {
network {
mode = "host"
port "http" {
@ -20,10 +20,10 @@ job "dashboard" {
name = "homer"
port = "http"
tags = [
"traefik.enable=true",
"traefik.http.routers.${NOMAD_JOB_NAME}.rule=Host(`${NOMAD_JOB_NAME}.ducamps.win`)",
"traefik.http.routers.${NOMAD_JOB_NAME}.tls.domains[0].sans=${NOMAD_JOB_NAME}.ducamps.win",
"traefik.http.routers.${NOMAD_JOB_NAME}.tls.certresolver=myresolver",
"traefik.enable=true",
"traefik.http.routers.${NOMAD_JOB_NAME}.rule=Host(`${NOMAD_JOB_NAME}.ducamps.win`)",
"traefik.http.routers.${NOMAD_JOB_NAME}.tls.domains[0].sans=${NOMAD_JOB_NAME}.ducamps.win",
"traefik.http.routers.${NOMAD_JOB_NAME}.tls.certresolver=myresolver",
]
}
config {
@ -35,7 +35,7 @@ job "dashboard" {
}
env {
INIT_ASSETS= 0
INIT_ASSETS = 0
}
resources {
@ -45,19 +45,19 @@ job "dashboard" {
task "homer-service-discovery" {
driver = "docker"
config {
image= "ducampsv/homer-service-discovery"
image = "ducampsv/homer-service-discovery"
volumes = [
"/mnt/diskstation/nomad/homer/config.yml:/config.yml",
"local/base.yml:/base.yml"
]
}
env {
SERVICE_DISCOVERY="Consul"
CONSUL_HOST = "consul.service.consul:8500"
SERVICE_DISCOVERY = "Consul"
CONSUL_HOST = "consul.service.consul:8500"
}
template{
data = <<EOH
template {
data = <<EOH
title: "HomeLab dashboard"
subtitle: "VincentDcmps"
logo: "assets/logo.png"
@ -138,7 +138,7 @@ services:
}
resources {
memory= 30
memory = 30
}
}

28
nomad-job/drone.nomad
View File

@ -1,6 +1,6 @@
job "drone" {
datacenters = ["homelab"]
type = "service"
type = "service"
vault {
policies = ["access-tables"]
}
@ -15,7 +15,7 @@ job "drone" {
}
constraint {
attribute = "${attr.cpu.arch}"
value = "amd64"
value = "amd64"
}
task "drone-server" {
driver = "docker"
@ -49,7 +49,7 @@ job "drone" {
}
template {
data= <<EOH
data = <<EOH
{{ with secret "secrets/data/droneCI"}}
DRONE_GITEA_SERVER="https://git.ducamps.win"
DRONE_GITEA_CLIENT_ID="{{ .Data.data.DRONE_GITEA_CLIENT_ID }}"
@ -64,18 +64,18 @@ job "drone" {
{{end}}
EOH
destination = "local/drone.env"
env = true
env = true
}
resources {
memory = 100
}
}
task "drone-runner"{
task "drone-runner" {
driver = "docker"
config {
image = "drone/drone-runner-docker:latest"
volumes =[
volumes = [
"/var/run/docker.sock:/var/run/docker.sock",
]
}
@ -83,7 +83,7 @@ job "drone" {
}
template {
data= <<EOH
data = <<EOH
{{ with secret "secrets/data/droneCI"}}
DRONE_RPC_HOST="drone.ducamps.win"
DRONE_RPC_PROTO="https"
@ -91,7 +91,7 @@ job "drone" {
{{ end }}
EOH
destination = "local/drone-runner.env"
env = true
env = true
}
resources {
memory = 50
@ -102,13 +102,13 @@ job "drone" {
group "Drone-ARM-Runner" {
constraint {
attribute = "${attr.cpu.arch}"
value = "arm"
value = "arm"
}
task "drone-ARM-runner"{
task "drone-ARM-runner" {
driver = "docker"
config {
image = "drone/drone-runner-docker:latest"
volumes =[
image = "drone/drone-runner-docker:1.8.2-linux-arm"
volumes = [
"/var/run/docker.sock:/var/run/docker.sock",
]
}
@ -116,7 +116,7 @@ job "drone" {
}
template {
data= <<EOH
data = <<EOH
{{ with secret "secrets/data/droneCI"}}
DRONE_RPC_HOST="drone.ducamps.win"
DRONE_RPC_PROTO="https"
@ -124,7 +124,7 @@ job "drone" {
{{ end }}
EOH
destination = "local/drone-runner.env"
env = true
env = true
}
resources {
memory = 50

32
nomad-job/filestash.nomad
View File

@ -1,23 +1,23 @@
job "filestash" {
datacenters = ["hetzner"]
type = "service"
type = "service"
meta {
forcedeploy = "0"
}
constraint {
attribute = "${attr.cpu.arch}"
value = "amd64"
value = "amd64"
}
group "filestash"{
group "filestash" {
network {
mode = "host"
port "http" {
to = 8334
}
port "onlyoffice"{
port "onlyoffice" {
to = 80
}
}
@ -27,16 +27,16 @@ job "filestash" {
name = "filestash"
port = "http"
tags = [
"homer.enable=true",
"homer.name=FileStash",
"homer.service=Application",
"homer.url=http://file.ducamps.win",
"homer.logo=http://file.ducamps.win/assets/logo/apple-touch-icon.png",
"homer.target=_blank",
"traefik.enable=true",
"traefik.http.routers.${NOMAD_JOB_NAME}.rule=Host(`file.ducamps.win`)",
"traefik.http.routers.${NOMAD_JOB_NAME}.tls.domains[0].sans=file.ducamps.win",
"traefik.http.routers.${NOMAD_JOB_NAME}.tls.certresolver=myresolver",
"homer.enable=true",
"homer.name=FileStash",
"homer.service=Application",
"homer.url=http://file.ducamps.win",
"homer.logo=http://file.ducamps.win/assets/logo/apple-touch-icon.png",
"homer.target=_blank",
"traefik.enable=true",
"traefik.http.routers.${NOMAD_JOB_NAME}.rule=Host(`file.ducamps.win`)",
"traefik.http.routers.${NOMAD_JOB_NAME}.tls.domains[0].sans=file.ducamps.win",
"traefik.http.routers.${NOMAD_JOB_NAME}.tls.certresolver=myresolver",
]
@ -50,11 +50,11 @@ job "filestash" {
}
env {
APPLICATION_URL= ""
APPLICATION_URL = ""
}
resources {
cpu = 100
cpu = 100
memory = 300
}
}

48
nomad-job/gitea.nomad
View File

@ -1,6 +1,6 @@
job "git" {
datacenters = ["homelab"]
type = "service"
type = "service"
group "gitea" {
network {
@ -37,7 +37,7 @@ job "git" {
]
}
service {
name= "gitea-ssh"
name = "gitea-ssh"
port = "ssh"
tags = [
"traefik.enable=true",
@ -51,32 +51,32 @@ job "git" {
"http",
"ssh"
]
volumes = [
"/mnt/diskstation/git:/repo",
"/mnt/diskstation/nomad/gitea:/data"
]
volumes = [
"/mnt/diskstation/git:/repo",
"/mnt/diskstation/nomad/gitea:/data"
]
}
env {
USER_UID = 1000000
USER_GUID = 985
GITEA__server__DOMAIN = "git.ducamps.win"
GITEA__server__ROOT_URL = "https://git.ducamps.win"
GITEA__server__SSH_DOMAIN = "git.ducamps.win"
GITEA__server__SSH_PORT = "2222"
GITEA__server__SSH_LISTEN_PORT = "2222"
GITEA__server__START_SSH_SERVER = "false"
GITEA__database__DB_TYPE = "postgres"
GITEA__database__HOST = "db1.ducamps.win"
GITEA__database__NAME = "gitea"
GITEA__database__USER = "gitea"
USER_UID = 1000000
USER_GUID = 985
GITEA__server__DOMAIN = "git.ducamps.win"
GITEA__server__ROOT_URL = "https://git.ducamps.win"
GITEA__server__SSH_DOMAIN = "git.ducamps.win"
GITEA__server__SSH_PORT = "2222"
GITEA__server__SSH_LISTEN_PORT = "2222"
GITEA__server__START_SSH_SERVER = "false"
GITEA__database__DB_TYPE = "postgres"
GITEA__database__HOST = "db1.ducamps.win"
GITEA__database__NAME = "gitea"
GITEA__database__USER = "gitea"
GITEA__service__DISABLE_REGISTRATION = "true"
GITEA__repository__ROOT = "/repo"
GITEA__server__APP_DATA_PATH = "/data"
GITEA__server__LFS_CONTENT_PATH = "/repo/LFS"
GITEA__webhook__ALLOWED_HOST_LIST = "drone.ducamps.win"
GITEA__repository__ROOT = "/repo"
GITEA__server__APP_DATA_PATH = "/data"
GITEA__server__LFS_CONTENT_PATH = "/repo/LFS"
GITEA__webhook__ALLOWED_HOST_LIST = "drone.ducamps.win"
}
template {
data= <<EOH
data = <<EOH
{{ with secret "secrets/data/gitea"}}
GITEA__database__PASSWD = "{{.Data.data.PASSWD}}"
GITEA__security__SECRET_KEY = "{{.Data.data.secret_key}}"
@ -85,7 +85,7 @@ job "git" {
{{end}}
EOH
destination = "secrets/gitea.env"
env = true
env = true
}
resources {
memory = 400

4
nomad-job/grafana.nomad
View File

@ -7,14 +7,14 @@ job "grafana" {
group "grafana" {
network {
port "http" {
to = 3000
to = 3000
}
}
service {
name = "grafana"
port = "http"
tags= [
tags = [
"homer.enable=true",
"homer.name=Grafana",
"homer.service=Monitoring",

50
nomad-job/homeassistant.nomad
View File

@ -1,29 +1,29 @@
job "homeassistant" {
datacenters = ["homelab"]
type = "service"
type = "service"
meta {
forcedeploy = "0"
}
constraint {
attribute = "${attr.unique.hostname}"
value = "oscar"
attribute = "${attr.unique.hostname}"
value = "oscar"
}
group "homeassistant"{
group "homeassistant" {
network {
mode = "host"
port "http" {
to = 8123
to = 8123
static = 8123
}
port "coap"{
to = 5683
port "coap" {
to = 5683
static = 5683
}
}
vault{
policies= ["access-tables"]
vault {
policies = ["access-tables"]
}
@ -35,17 +35,17 @@ job "homeassistant" {
name = "${NOMAD_TASK_NAME}"
port = "http"
tags = [
"homer.enable=true",
"homer.name=Hass",
"homer.service=Application",
"homer.subtitle=Home Assistant",
"homer.logo=https://raw.githubusercontent.com/home-assistant/assets/master/logo/logo-small.svg",
"homer.target=_blank",
"homer.url=https://${NOMAD_TASK_NAME}.ducamps.win",
"traefik.enable=true",
"traefik.http.routers.${NOMAD_TASK_NAME}.rule=Host(`${NOMAD_TASK_NAME}.ducamps.win`)",
"traefik.http.routers.${NOMAD_TASK_NAME}.tls.domains[0].sans=${NOMAD_TASK_NAME}.ducamps.win",
"traefik.http.routers.${NOMAD_TASK_NAME}.tls.certresolver=myresolver",
"homer.enable=true",
"homer.name=Hass",
"homer.service=Application",
"homer.subtitle=Home Assistant",
"homer.logo=https://raw.githubusercontent.com/home-assistant/assets/master/logo/logo-small.svg",
"homer.target=_blank",
"homer.url=https://${NOMAD_TASK_NAME}.ducamps.win",
"traefik.enable=true",
"traefik.http.routers.${NOMAD_TASK_NAME}.rule=Host(`${NOMAD_TASK_NAME}.ducamps.win`)",
"traefik.http.routers.${NOMAD_TASK_NAME}.tls.domains[0].sans=${NOMAD_TASK_NAME}.ducamps.win",
"traefik.http.routers.${NOMAD_TASK_NAME}.tls.certresolver=myresolver",
]
check {
type = "tcp"
@ -54,9 +54,9 @@ job "homeassistant" {
}
}
config {
image = "homeassistant/home-assistant:stable"
ports = ["http","coap"]
privileged = "true"
image = "homeassistant/home-assistant:stable"
ports = ["http", "coap"]
privileged = "true"
network_mode = "host"
volumes = [
"/mnt/diskstation/nomad/hass:/config",
@ -68,8 +68,8 @@ job "homeassistant" {
resources {
cpu = 800 # 500 MHz
memory = 512 # 512 MB
}
}
}
}
}
}

20
nomad-job/jellyfin.nomad
View File

@ -1,20 +1,20 @@
job "jellyfin" {
datacenters = ["homelab"]
type = "service"
type = "service"
meta {
forcedeploy = "0"
}
constraint {
attribute = "${attr.cpu.arch}"
value = "amd64"
value = "amd64"
}
group "jellyfin"{
group "jellyfin" {
network {
mode = "host"
port "http" {
to = 8096
to = 8096
}
}
@ -23,7 +23,7 @@ job "jellyfin" {
service {
name = "jellyfin"
port = "http"
tags = [
tags = [
"homer.enable=true",
"homer.name=jellyfin",
"homer.service=Application",
@ -49,19 +49,19 @@ job "jellyfin" {
]
devices = [
{
host_path = "/dev/dri/renderD128"
container_path = "/dev/dri/renderD128"
host_path = "/dev/dri/renderD128"
container_path = "/dev/dri/renderD128"
},
{
host_path = "/dev/dri/card0"
container_path = "/dev/dri/card0"
host_path = "/dev/dri/card0"
container_path = "/dev/dri/card0"
}
]
}
resources {
memory = 2000
cpu= 3000
cpu = 3000
}
}

6
nomad-job/loki.nomad
View File

@ -1,12 +1,12 @@
job "loki" {
datacenters = ["homelab"]
type = "service"
type = "service"
meta {
forcedeploy = "0"
}
group "loki"{
group "loki" {
network {
mode = "host"
port "http" {
@ -44,7 +44,7 @@ job "loki" {
]
}
template {
data = <<EOH
data = <<EOH
auth_enabled: false
server:
http_listen_port: 3100

18
nomad-job/node-exporter.nomad
View File

@ -1,11 +1,11 @@
job "node-exporter" {
datacenters = ["homelab","hetzner"]
type = "system"
datacenters = ["homelab", "hetzner"]
type = "system"
meta {
forcedeploy = "0"
}
group "node-exporter"{
group "node-exporter" {
network {
port "http" {
}
@ -14,11 +14,11 @@ job "node-exporter" {
name = "node-exporter"
port = "http"
check {
type = "http"
port = "http"
path = "/"
interval = "10s"
timeout = "2s"
type = "http"
port = "http"
path = "/"
interval = "10s"
timeout = "2s"
success_before_passing = "3"
failures_before_critical = "3"
check_restart {
@ -59,7 +59,7 @@ job "node-exporter" {
}
resources {
cpu = 20
cpu = 20
memory = 30
}
}

16
nomad-job/pacoloco.nomad
View File

@ -1,12 +1,12 @@
job "pacoloco" {
datacenters = ["homelab"]
type = "service"
type = "service"
meta {
forcedeploy = "0"
}
group "pacoloco"{
group "pacoloco" {
network {
mode = "host"
port "http" {
@ -19,10 +19,10 @@ job "pacoloco" {
name = "pacoloco"
port = "http"
tags = [
"traefik.enable=true",
"traefik.http.routers.${NOMAD_JOB_NAME}.rule=Host(`arch.ducamps.win`)",
"traefik.http.routers.${NOMAD_JOB_NAME}.tls.domains[0].sans=arch.ducamps.win",
"traefik.http.routers.${NOMAD_JOB_NAME}.tls.certresolver=myresolver",
"traefik.enable=true",
"traefik.http.routers.${NOMAD_JOB_NAME}.rule=Host(`arch.ducamps.win`)",
"traefik.http.routers.${NOMAD_JOB_NAME}.tls.domains[0].sans=arch.ducamps.win",
"traefik.http.routers.${NOMAD_JOB_NAME}.tls.certresolver=myresolver",
]
}
config {
@ -36,7 +36,7 @@ job "pacoloco" {
}
template {
data= <<EOH
data = <<EOH
port: 9129
cache_dir: /var/cache/pacoloco
purge_files_after: 360000
@ -54,7 +54,7 @@ prefetch:
ttl_unaccessed_in_days: 30
ttl_unupdated_in_days: 300
EOH
destination = "local/pacoloco.yaml"
destination = "local/pacoloco.yaml"
}
resources {
memory = 200

68
nomad-job/paperless-ng.nomad
View File

@ -1,18 +1,18 @@
job "paperless-ng" {
datacenters = ["homelab"]
priority= 50
type = "service"
priority = 50
type = "service"
meta {
forcedeploy = "0"
}
constraint {
attribute = "${attr.cpu.arch}"
value = "amd64"
value = "amd64"
}
group "paperless-ng"{
group "paperless-ng" {
network {
mode = "host"
port "http" {
@ -22,15 +22,15 @@ job "paperless-ng" {
to = 6379
}
}
vault{
policies= ["access-tables"]
vault {
policies = ["access-tables"]
}
task "redis" {
driver = "docker"
config {
image= "redis"
ports= ["redis"]
image = "redis"
ports = ["redis"]
}
resources {
memory = 100
@ -42,23 +42,23 @@ job "paperless-ng" {
name = "${JOB}"
port = "http"
tags = [
"traefik.enable=true",
"traefik.http.routers.${NOMAD_JOB_NAME}.rule=Host(`${NOMAD_JOB_NAME}.ducamps.win`)",
"traefik.http.routers.${NOMAD_JOB_NAME}.tls.domains[0].sans=${NOMAD_JOB_NAME}.ducamps.win",
"traefik.http.routers.${NOMAD_JOB_NAME}.tls.certresolver=myresolver",
"homer.enable=true",
"homer.name=Paperless",
"homer.service=Application",
"homer.logo=https://${NOMAD_JOB_NAME}.ducamps.win/static/frontend/fr-FR/apple-touch-icon.png",
"homer.target=_blank",
"homer.url=https://${NOMAD_JOB_NAME}.ducamps.win",
"traefik.enable=true",
"traefik.http.routers.${NOMAD_JOB_NAME}.rule=Host(`${NOMAD_JOB_NAME}.ducamps.win`)",
"traefik.http.routers.${NOMAD_JOB_NAME}.tls.domains[0].sans=${NOMAD_JOB_NAME}.ducamps.win",
"traefik.http.routers.${NOMAD_JOB_NAME}.tls.certresolver=myresolver",
"homer.enable=true",
"homer.name=Paperless",
"homer.service=Application",
"homer.logo=https://${NOMAD_JOB_NAME}.ducamps.win/static/frontend/fr-FR/apple-touch-icon.png",
"homer.target=_blank",
"homer.url=https://${NOMAD_JOB_NAME}.ducamps.win",
]
check {
type = "http"
name = "paperless-ng_health"
path="/"
type = "http"
name = "paperless-ng_health"
path = "/"
interval = "30s"
timeout = "5s"
timeout = "5s"
}
}
config {
@ -73,26 +73,26 @@ job "paperless-ng" {
}
env {
PAPERLESS_REDIS= "redis://${NOMAD_ADDR_redis}"
PAPERLESS_DBHOST= "db1.ducamps.win"
PAPERLESS_DBNAME= "paperless"
PAPERLESS_DBUSER= "paperless"
PAPERLESS_OCR_LANGUAGE="fra"
PAPERLESS_CONSUMER_POLLING="60"
PAPERLESS_URL="https://${NOMAD_JOB_NAME}.ducamps.win"
PAPERLESS_ALLOWED_HOSTS="*"
PAPERLESS_REDIS = "redis://${NOMAD_ADDR_redis}"
PAPERLESS_DBHOST = "db1.ducamps.win"
PAPERLESS_DBNAME = "paperless"
PAPERLESS_DBUSER = "paperless"
PAPERLESS_OCR_LANGUAGE = "fra"
PAPERLESS_CONSUMER_POLLING = "60"
PAPERLESS_URL = "https://${NOMAD_JOB_NAME}.ducamps.win"
PAPERLESS_ALLOWED_HOSTS = "*"
}
template {
data= <<EOH
data = <<EOH
PAPERLESS_DBPASS= {{ with secret "secrets/data/paperless"}}{{.Data.data.DB_PASSWORD }}{{end}}
EOH
destination = "secrets/paperless.env"
env = true
env = true
}
resources {
memory = 800
cpu = 2000
cpu = 2000
}
}

72
nomad-job/pihole.nomad
View File

@ -1,39 +1,39 @@
job "pihole" {
datacenters = ["homelab"]
priority= 100
priority = 100
meta {
force = 1
}
type = "service"
constraint {
attribute = "${attr.unique.hostname}"
value = "oscar"
constraint {
attribute = "${attr.unique.hostname}"
value = "oscar"
}
group "pi-hole" {
group "pi-hole" {
network {
mode = "host"
port "dns" {
static = 53
static = 53
}
port "http" {
static = 8090
to = 80
static = 8090
to = 80
}
}
service {
name = "pihole-gui"
tags = ["pihole", "admin",
"homer.enable=true",
"homer.name=Pi-hole",
"homer.service=Application",
"homer.type=PiHole",
"homer.logo=http://${NOMAD_ADDR_http}/admin/img/logo.svg",
"homer.target=_blank",
"homer.url=http://${NOMAD_ADDR_http}/admin",
name = "pihole-gui"
tags = ["pihole", "admin",
"homer.enable=true",
"homer.name=Pi-hole",
"homer.service=Application",
"homer.type=PiHole",
"homer.logo=http://${NOMAD_ADDR_http}/admin/img/logo.svg",
"homer.target=_blank",
"homer.url=http://${NOMAD_ADDR_http}/admin",
]
port = "http"
]
port = "http"
}
task "server" {
driver = "docker"
@ -43,32 +43,32 @@ job "pihole" {
"dns",
"http",
]
volumes =[
"local/dnsmasq.d/02-localresolver.conf:/etc/dnsmasq.d/02-localresolver.conf",
"/mnt/diskstation/nomad/pihole:/etc/pihole"
volumes = [
"local/dnsmasq.d/02-localresolver.conf:/etc/dnsmasq.d/02-localresolver.conf",
"/mnt/diskstation/nomad/pihole:/etc/pihole"
]
}
vault{
policies= ["access-tables"]
vault {
policies = ["access-tables"]
}
env {
TZ= "Europe/Paris"
DNS1= "1.1.1.1"
DNS2= "80.67.169.40"
}
env {
TZ = "Europe/Paris"
DNS1 = "1.1.1.1"
DNS2 = "80.67.169.40"
}
template {
data = <<EOH
}
template {
data = <<EOH
WEBPASSWORD="{{with secret "secrets/data/pihole"}}{{.Data.data.WEBPASSWORD}}{{end}}"
EOH
destination = "local/file.env"
change_mode = "noop"
env = true
}
template{
data= <<EOH
}
template {
data = <<EOH
server=/ducamps.win/192.168.1.10
{{range service "consul"}}server=/consul/{{.Address}}#8600
{{end}}
@ -76,7 +76,7 @@ domain=ducamps.win
no-negcache
local-ttl=2
EOH
destination="local/dnsmasq.d/02-localresolver.conf"
destination = "local/dnsmasq.d/02-localresolver.conf"
change_mode = "restart"
}

22
nomad-job/prometheus.nomad
View File

@ -17,7 +17,7 @@ job "prometheus" {
delay = "15s"
mode = "fail"
}
vault {
vault {
policies = ["access-tables"]
}
@ -100,10 +100,10 @@ scrape_configs:
EOH
}
template {
destination = "local/nomad-alert-rules.yml"
destination = "local/nomad-alert-rules.yml"
right_delimiter = "]]"
left_delimiter = "[["
data = <<EOH
left_delimiter = "[["
data = <<EOH
---
groups:
- name: nomad_alerts
@ -166,13 +166,13 @@ EOH
service {
name = "prometheus"
tags = ["urlprefix-/",
"homer.enable=true",
"homer.name=Prometheus",
"homer.service=Monitoring",
"homer.type=Prometheus",
"homer.logo=https://upload.wikimedia.org/wikipedia/commons/thumb/3/38/Prometheus_software_logo.svg/173px-Prometheus_software_logo.svg.png",
"homer.target=_blank",
"homer.url=http://${NOMAD_ADDR_prometheus_ui}",
"homer.enable=true",
"homer.name=Prometheus",
"homer.service=Monitoring",
"homer.type=Prometheus",
"homer.logo=https://upload.wikimedia.org/wikipedia/commons/thumb/3/38/Prometheus_software_logo.svg/173px-Prometheus_software_logo.svg.png",
"homer.target=_blank",
"homer.url=http://${NOMAD_ADDR_prometheus_ui}",
]

8
nomad-job/promtail.nomad
View File

@ -1,12 +1,12 @@
job "promtail" {
datacenters = ["homelab","hetzner"]
type = "system"
datacenters = ["homelab", "hetzner"]
type = "system"
meta {
forcedeploy = "0"
}
group "promtail"{
group "promtail" {
network {
mode = "host"
port "http" {
@ -47,7 +47,7 @@ job "promtail" {
env {
HOSTNAME = "${attr.unique.hostname}"
}
template {
template {
data = <<EOTC
positions:
filename: {{ env "NOMAD_ALLOC_DIR"}}/positions.yaml

38
nomad-job/radicale.nomad
View File

@ -1,19 +1,19 @@
job "radicale" {
datacenters = ["homelab"]
type = "service"
type = "service"
meta {
forcedeploy = "0"
}
group "radicale"{
group "radicale" {
network {
mode = "host"
port "http" {
to = 5232
}
}
vault{
policies= ["access-tables"]
vault {
policies = ["access-tables"]
}
task "radicale" {
@ -22,21 +22,21 @@ job "radicale" {
name = "radicale"
port = "http"
tags = [
"homer.enable=true",
"homer.name=Radicale",
"homer.service=Application",
"homer.logo=https://radicale.org/assets/logo.svg",
"homer.target=_blank",
"homer.url=https://www.ducamps.win/${NOMAD_JOB_NAME}",
"homer.enable=true",
"homer.name=Radicale",
"homer.service=Application",
"homer.logo=https://radicale.org/assets/logo.svg",
"homer.target=_blank",
"homer.url=https://www.ducamps.win/${NOMAD_JOB_NAME}",
"traefik.enable=true",
"traefik.http.routers.${NOMAD_JOB_NAME}.rule=Host(`www.ducamps.win`)&&PathPrefix(`/radicale`)",
"traefik.http.routers.${NOMAD_JOB_NAME}.tls.domains[0].sans=www.ducamps.win",
"traefik.http.routers.${NOMAD_JOB_NAME}.tls.certresolver=myresolver",
"traefik.http.routers.${NOMAD_JOB_NAME}.middlewares=radicaleHeader,radicalestrip",
"traefik.http.middlewares.radicaleHeader.headers.customrequestheaders.X-Script-Name=/radicale",
"traefik.http.middlewares.radicalestrip.stripprefix.prefixes=/radicale",
"traefik.enable=true",
"traefik.http.routers.${NOMAD_JOB_NAME}.rule=Host(`www.ducamps.win`)&&PathPrefix(`/radicale`)",
"traefik.http.routers.${NOMAD_JOB_NAME}.tls.domains[0].sans=www.ducamps.win",
"traefik.http.routers.${NOMAD_JOB_NAME}.tls.certresolver=myresolver",
"traefik.http.routers.${NOMAD_JOB_NAME}.middlewares=radicaleHeader,radicalestrip",
"traefik.http.middlewares.radicaleHeader.headers.customrequestheaders.X-Script-Name=/radicale",
"traefik.http.middlewares.radicalestrip.stripprefix.prefixes=/radicale",
]
}
@ -50,10 +50,10 @@ job "radicale" {
}
env {
TAKE_FILE_OWNERSHIP=false
TAKE_FILE_OWNERSHIP = false
}
template {
data = <<EOH
data = <<EOH
[server]
hosts = 0.0.0.0:5232
[auth]

40
nomad-job/rutorrent.nomad
View File

@ -1,23 +1,23 @@
job "torrent" {
datacenters = ["hetzner"]
type = "service"
type = "service"
meta {
forcedeploy = "0"
}
group "bittorent"{
group "bittorent" {
network {
mode = "host"
port "http" {
to = 8080
to = 8080
host_network = "private"
}
port "torrent" {
static=6881
static = 6881
host_network = "public"
}
port "ecoute" {
static= 50000
static = 50000
host_network = "public"
}
}
@ -27,16 +27,16 @@ job "torrent" {
name = "bittorent"
port = "http"
tags = [
"homer.enable=true",
"homer.name=torrent",
"homer.url=https://torrent.ducamps.win",
"homer.service=Application",
"homer.logo=https://${NOMAD_JOB_NAME}.ducamps.win/images/favicon-196x196.png",
"homer.target=_blank",
"traefik.enable=true",
"traefik.http.routers.${NOMAD_JOB_NAME}.rule=Host(`${NOMAD_JOB_NAME}.ducamps.win`)",
"traefik.http.routers.${NOMAD_JOB_NAME}.tls.domains[0].sans=${NOMAD_JOB_NAME}.ducamps.win",
"traefik.http.routers.${NOMAD_JOB_NAME}.tls.certresolver=myresolver",
"homer.enable=true",
"homer.name=torrent",
"homer.url=https://torrent.ducamps.win",
"homer.service=Application",
"homer.logo=https://${NOMAD_JOB_NAME}.ducamps.win/images/favicon-196x196.png",
"homer.target=_blank",
"traefik.enable=true",
"traefik.http.routers.${NOMAD_JOB_NAME}.rule=Host(`${NOMAD_JOB_NAME}.ducamps.win`)",
"traefik.http.routers.${NOMAD_JOB_NAME}.tls.domains[0].sans=${NOMAD_JOB_NAME}.ducamps.win",
"traefik.http.routers.${NOMAD_JOB_NAME}.tls.certresolver=myresolver",
]
@ -47,7 +47,7 @@ job "torrent" {
"http",
"torrent",
"ecoute"
]
]
volumes = [
"/mnt/hetzner/storagebox/rutorrentConfig:/data",
"/mnt/hetzner/storagebox/file:/downloads"
@ -55,10 +55,10 @@ job "torrent" {
}
env {
PUID=1024
PGID=984
UMASK=002
WEBUI_PORT="8070"
PUID = 1024
PGID = 984
UMASK = 002
WEBUI_PORT = "8070"
}
resources {

28
nomad-job/seedboxsync.nomad
View File

@ -1,26 +1,26 @@
job "seedboxsync" {
datacenters = ["homelab"]
priority = 50
type = "batch"
priority = 50
type = "batch"
meta {
forcedeploy = "0"
}
constraint {
attribute = "${attr.cpu.arch}"
value = "amd64"
value = "amd64"
}
periodic {
cron = "0,30 * * * *"
cron = "0,30 * * * *"
prohibit_overlap = true
}
group "seedboxsync"{
group "seedboxsync" {
network {
mode = "host"
}
vault{
policies= ["access-tables"]
vault {
policies = ["access-tables"]
}
task "server" {
driver = "docker"
@ -32,19 +32,19 @@ job "seedboxsync" {
volumes = [
"/mnt/diskstation/media/download:/media"
]
args=[
"-u" ,"${USERNAME},${PASSWORD}",
"-e" ,"mirror -c -P 5 -x seed ${REMOTE_PATH} /media;quit",
args = [
"-u", "${USERNAME},${PASSWORD}",
"-e", "mirror -c -P 5 -x seed ${REMOTE_PATH} /media;quit",
"${REMOTE_SERVER}"
]
}
env {
USER_ID=1000001
GROUP_ID=1000007
USER_ID = 1000001
GROUP_ID = 1000007
}
template {
data= <<EOH
data = <<EOH
{{ with secret "secrets/data/seedbox"}}
USERNAME = "{{ .Data.data.username }}"
PASSWORD = "{{ .Data.data.password }}"
@ -53,7 +53,7 @@ job "seedboxsync" {
{{end}}
EOH
destination = "secrets/sample.env"
env = true
env = true
}
resources {
memory = 100

60
nomad-job/supysonic.nomad
View File

@ -1,44 +1,44 @@
job "supysonic" {
datacenters = ["homelab"]
type = "service"
type = "service"
meta {
forcedeploy = "0"
}
constraint {
attribute = "${attr.cpu.arch}"
value = "amd64"
value = "amd64"
}
group "supysonic"{
group "supysonic" {
network {
mode = "host"
port "fcgi" {
to = 5000
}
port "http" {
to=80
to = 80
}
}
vault{
policies= ["access-tables"]
vault {
policies = ["access-tables"]
}
service {
name = "supysonic"
port = "http"
tags = [
"homer.enable=true",
"homer.name=Supysonic",
"homer.service=Application",
"homer.icon=fas fa-headphones",
"homer.target=_blank",
"homer.url=http://${NOMAD_JOB_NAME}.ducamps.win",
"homer.enable=true",
"homer.name=Supysonic",
"homer.service=Application",
"homer.icon=fas fa-headphones",
"homer.target=_blank",
"homer.url=http://${NOMAD_JOB_NAME}.ducamps.win",
"traefik.enable=true",
"traefik.http.routers.${NOMAD_JOB_NAME}.rule=Host(`${NOMAD_JOB_NAME}.ducamps.win`)",
"traefik.http.routers.${NOMAD_JOB_NAME}.tls.domains[0].sans=${NOMAD_JOB_NAME}.ducamps.win",
"traefik.http.routers.${NOMAD_JOB_NAME}.tls.certresolver=myresolver",
"traefik.enable=true",
"traefik.http.routers.${NOMAD_JOB_NAME}.rule=Host(`${NOMAD_JOB_NAME}.ducamps.win`)",
"traefik.http.routers.${NOMAD_JOB_NAME}.tls.domains[0].sans=${NOMAD_JOB_NAME}.ducamps.win",
"traefik.http.routers.${NOMAD_JOB_NAME}.tls.certresolver=myresolver",
]
@ -47,8 +47,8 @@ job "supysonic" {
task "supysonic-frontend" {
driver = "docker"
config {
image= "nginx:alpine"
ports= [
image = "nginx:alpine"
ports = [
"http"
]
volumes = [
@ -56,7 +56,7 @@ job "supysonic" {
]
}
template {
data = <<EOH
data = <<EOH
worker_processes auto;
pid /var/run/nginx.pid;
events {
@ -83,36 +83,36 @@ http {
destination = "etc/nginx/nginx.conf"
}
resources {
memory = 75
}
resources {
memory = 75
}
}
task "supysonic-server" {
driver = "docker"
config {
image = "ogarcia/supysonic:full-sql"
ports = ["fcgi"]
force_pull= true
image = "ogarcia/supysonic:full-sql"
ports = ["fcgi"]
force_pull = true
volumes = [
"/mnt/diskstation/music:/mnt/diskstation/music"
]
}
env {
SUPYSONIC_RUN_MODE= "fcgi-port"
SUPYSONIC_DAEMON_ENABLED = "true"
SUPYSONIC_RUN_MODE = "fcgi-port"
SUPYSONIC_DAEMON_ENABLED = "true"
SUPYSONIC_WEBAPP_LOG_LEVEL = "WARNING"
SUPYSONIC_DAEMON_LOG_LEVEL = "INFO"
SUPYSONIC_DAEMON_LOG_LEVEL = "INFO"
}
template {
data= <<EOH
data = <<EOH
{{ with secret "secrets/data/supysonic"}}
SUPYSONIC_DB_URI = "postgres://supysonic:{{ .Data.data.db_password}}@db1.ducamps.win/supysonic"
{{end}}
EOH
destination = "secrets/supysonic.env"
env = true
env = true
}
resources {
memory = 256

22
nomad-job/syncthing.nomad
View File

@ -1,26 +1,26 @@
job "syncthing" {
datacenters = ["homelab"]
type = "service"
type = "service"
meta {
forcedeploy = "0"
}
group "syncthing"{
group "syncthing" {
network {
mode = "host"
port "http" {
to = 8384
}
port "listen"{
port "listen" {
static = 22000
}
port "discovery" {
static = 21027
}
}
vault{
policies= ["access-tables"]
vault {
policies = ["access-tables"]
}
task "syncthing" {
@ -29,12 +29,12 @@ job "syncthing" {
name = "syncthing-web"
port = "http"
tags = [
"homer.enable=true",
"homer.name=Syncthing",
"homer.service=Application",
"homer.logo=http://${NOMAD_ADDR_http}/assets/img/logo-horizontal.svg",
"homer.target=_blank",
"homer.url=http://${NOMAD_ADDR_http}",
"homer.enable=true",
"homer.name=Syncthing",
"homer.service=Application",
"homer.logo=http://${NOMAD_ADDR_http}/assets/img/logo-horizontal.svg",
"homer.target=_blank",
"homer.url=http://${NOMAD_ADDR_http}",
]
}
config {

68
nomad-job/traefik-ingress.nomad
View File

@ -1,34 +1,34 @@
job "traefik-ingress" {
datacenters = ["hetzner"]
type = "service"
type = "service"
meta {
force_deploy= 1
force_deploy = 1
}
group "traefik-ingress" {
network {
mode = "host"
port "http" {
static = 80
static = 80
host_network = "public"
}
port "https" {
static = 443
static = 443
host_network = "public"
}
port "admin" {
static = 9080
static = 9080
host_network = "private"
}
port "ssh" {
static = 2222
static = 2222
host_network = "public"
}
}
vault{
policies=["access-tables"]
vault {
policies = ["access-tables"]
}
task "traefik" {
task "traefik" {
driver = "docker"
service {
name = "traefik"
@ -41,13 +41,13 @@ job "traefik-ingress" {
name = "traefik-admin"
port = "admin"
tags = [
"homer.enable=true",
"homer.name=Traefik admin",
"homer.subtitle=WAN",
"homer.service=Platform",
"homer.logo=https://upload.wikimedia.org/wikipedia/commons/1/1b/Traefik.logo.png",
"homer.target=_blank",
"homer.url=http://${NOMAD_ADDR_admin}",
"homer.enable=true",
"homer.name=Traefik admin",
"homer.subtitle=WAN",
"homer.service=Platform",
"homer.logo=https://upload.wikimedia.org/wikipedia/commons/1/1b/Traefik.logo.png",
"homer.target=_blank",
"homer.url=http://${NOMAD_ADDR_admin}",
]
@ -61,7 +61,7 @@ job "traefik-ingress" {
"admin",
"ssh"
]
volumes =[
volumes = [
"local/traefik.toml:/etc/traefik/traefik.toml",
"/mnt/diskstation/nomad/traefik/acme.json:/acme.json"
]
@ -69,17 +69,17 @@ job "traefik-ingress" {
}
# vault{
#}
env {
}
template{
data=<<EOH
env {
}
template {
data = <<EOH
GANDIV5_API_KEY = "{{with secret "secrets/data/gandi"}}{{.Data.data.API_KEY}}{{end}}"
EOH
destination= "secrets/gandi.env"
env = true
}
template{
data= <<EOH
destination = "secrets/gandi.env"
env = true
}
template {
data = <<EOH
[entryPoints]
[entrypoints.ssh]
@ -118,15 +118,15 @@ job "traefik-ingress" {
EOH
destination = "local/traefik.toml"
env = false
change_mode = "noop"
left_delimiter = "{{{"
destination = "local/traefik.toml"
env = false
change_mode = "noop"
left_delimiter = "{{{"
right_delimiter = "}}}"
}
resources {
memory = 200
}
}
resources {
memory = 200
}
}
}
}

50
nomad-job/traefik-local.nomad
View File

@ -1,28 +1,28 @@
job "traefik-local" {
datacenters = ["homelab"]
type = "service"
type = "service"
group "traefik-local" {
network {
mode = "host"
port "http" {
static = 80
static = 80
}
port "https" {
static = 443
static = 443
}
port "ssh" {
static = 2222
}
port "admin" {
port "admin" {
static = 9080
}
}
vault{
policies=["access-tables"]
vault {
policies = ["access-tables"]
}
task "traefik" {
task "traefik" {
driver = "docker"
service {
name = "traefik-local"
@ -35,13 +35,13 @@ job "traefik-local" {
name = "traefik-local-admin"
port = "admin"
tags = [
"homer.enable=true",
"homer.name=Traefik admin",
"homer.subtitle=LAN",
"homer.service=Platform",
"homer.logo=https://upload.wikimedia.org/wikipedia/commons/1/1b/Traefik.logo.png",
"homer.target=_blank",
"homer.url=http://${NOMAD_ADDR_admin}",
"homer.enable=true",
"homer.name=Traefik admin",
"homer.subtitle=LAN",
"homer.service=Platform",
"homer.logo=https://upload.wikimedia.org/wikipedia/commons/1/1b/Traefik.logo.png",
"homer.target=_blank",
"homer.url=http://${NOMAD_ADDR_admin}",
]
@ -55,7 +55,7 @@ job "traefik-local" {
"admin",
"ssh"
]
volumes =[
volumes = [
"local/traefik.toml:/etc/traefik/traefik.toml",
"/mnt/diskstation/nomad/traefik/acme-local.json:/acme.json"
]
@ -65,16 +65,16 @@ job "traefik-local" {
#}
env {
}
template{
data=<<EOH
template {
data = <<EOH
GANDIV5_API_KEY = "{{with secret "secrets/data/gandi"}}{{.Data.data.API_KEY}}{{end}}"
EOH
destination= "secrets/gandi.env"
env = true
destination = "secrets/gandi.env"
env = true
}
template{
data= <<EOH
template {
data = <<EOH
[entryPoints]
[entryPoints.web]
address = ":80"
@ -115,10 +115,10 @@ job "traefik-local" {
EOH
destination = "local/traefik.toml"
env = false
change_mode = "noop"
left_delimiter = "{{{"
destination = "local/traefik.toml"
env = false
change_mode = "noop"
left_delimiter = "{{{"
right_delimiter = "}}}"
}
resources {

60
nomad-job/tt-rss.nomad
View File

@ -1,22 +1,22 @@
job "tt-rss" {
datacenters = ["homelab"]
type = "service"
type = "service"
constraint {
constraint {
attribute = "${attr.cpu.arch}"
value = "amd64"
}
value = "amd64"
}
group "tt-rss" {
ephemeral_disk {
migrate = true
size = 200
size = 200
sticky = true
}
network {
mode = "host"
port "http"{
port "http" {
to = 80
}
port "appPort" {
@ -30,12 +30,12 @@ job "tt-rss" {
name = "tt-rss"
port = "http"
tags = [
"homer.enable=true",
"homer.name=TT-RSS",
"homer.service=Application",
"homer.logo=https://framalibre.org/sites/default/files/styles/thumbnail/public/leslogos/ic_launcher_1.png",
"homer.target=_blank",
"homer.url=https://www.ducamps.win/tt-rss",
"homer.enable=true",
"homer.name=TT-RSS",
"homer.service=Application",
"homer.logo=https://framalibre.org/sites/default/files/styles/thumbnail/public/leslogos/ic_launcher_1.png",
"homer.target=_blank",
"homer.url=https://www.ducamps.win/tt-rss",
"traefik.enable=true",
"traefik.http.routers.${NOMAD_JOB_NAME}.rule=Host(`www.ducamps.win`)&&PathPrefix(`/tt-rss`)",
@ -50,27 +50,27 @@ job "tt-rss" {
config {
image = "cthulhoo/ttrss-fpm-pgsql-static"
ports = [
"appPort"
"appPort"
]
volumes = [
"${NOMAD_ALLOC_DIR}/data:/var/www/html"
]
}
env {
TTRSS_DB-TYPE = "pgsql"
TTRSS_DB_HOST = "db1.ducamps.win"
TTRSS_DB_NAME = "ttrss"
TTRSS_DB_USER = "ttrss"
TTRSS_DB-TYPE = "pgsql"
TTRSS_DB_HOST = "db1.ducamps.win"
TTRSS_DB_NAME = "ttrss"
TTRSS_DB_USER = "ttrss"
TTRSS_SELF_URL_PATH = "https://www.ducamps.win/tt-rss"
}
template {
data= <<EOH
data = <<EOH
{{ with secret "secrets/data/ttrss"}}
TTRSS_DB_PASS = "{{ .Data.data.DB_PASS }}"
{{end}}
EOH
destination = "secrets/tt-rss.env"
env = true
env = true
}
resources {
@ -78,7 +78,7 @@ job "tt-rss" {
}
}
task "ttrss-updater" {
task "ttrss-updater" {
driver = "docker"
config {
image = "cthulhoo/ttrss-fpm-pgsql-static"
@ -89,20 +89,20 @@ job "tt-rss" {
}
env {
TTRSS_DB-TYPE = "pgsql"
TTRSS_DB_HOST = "db1.ducamps.win"
TTRSS_DB_NAME = "ttrss"
TTRSS_DB_USER = "ttrss"
TTRSS_DB-TYPE = "pgsql"
TTRSS_DB_HOST = "db1.ducamps.win"
TTRSS_DB_NAME = "ttrss"
TTRSS_DB_USER = "ttrss"
TTRSS_SELF_URL_PATH = "https://rss.ducamps.win/tt-rss"
}
template {
data= <<EOH
data = <<EOH
{{ with secret "secrets/data/ttrss"}}
TTRSS_DB_PASS = "{{ .Data.data.DB_PASS }}"
{{end}}
EOH
destination = "secrets/tt-rss.env"
env = true
env = true
}
resources {
@ -113,8 +113,8 @@ job "tt-rss" {
task "ttrss-frontend" {
driver = "docker"
config {
image= "nginx:alpine"
ports= [
image = "nginx:alpine"
ports = [
"http"
]
volumes = [
@ -124,7 +124,7 @@ job "tt-rss" {
}
template {
data = <<EOH
data = <<EOH
worker_processes auto;
pid /var/run/nginx.pid;

38
nomad-job/vaultwarden.nomad
View File

@ -1,20 +1,20 @@
job "vaultwarden" {
datacenters = ["homelab"]
type = "service"
type = "service"
meta {
forcedeploy = "0"
}
group "vaultwarden"{
group "vaultwarden" {
network {
mode = "host"
port "http" {
to = 80
}
}
vault{
policies= ["access-tables"]
vault {
policies = ["access-tables"]
}
task "vaultwarden" {
@ -23,17 +23,17 @@ job "vaultwarden" {
name = "vaultwarden"
port = "http"
tags = [
"homer.enable=true",
"homer.name=VaultWarden",
"homer.service=Application",
"homer.logo=https://yunohost.org/user/images/bitwarden_logo.png",
"homer.target=_blank",
"homer.url=https://${NOMAD_JOB_NAME}.ducamps.win",
"homer.enable=true",
"homer.name=VaultWarden",
"homer.service=Application",
"homer.logo=https://yunohost.org/user/images/bitwarden_logo.png",
"homer.target=_blank",
"homer.url=https://${NOMAD_JOB_NAME}.ducamps.win",
"traefik.enable=true",
"traefik.http.routers.${NOMAD_JOB_NAME}.rule=Host(`vault.ducamps.win`)",
"traefik.http.routers.${NOMAD_JOB_NAME}.tls.domains[0].sans=vault.ducamps.win",
"traefik.http.routers.${NOMAD_JOB_NAME}.tls.certresolver=myresolver",
"traefik.enable=true",
"traefik.http.routers.${NOMAD_JOB_NAME}.rule=Host(`vault.ducamps.win`)",
"traefik.http.routers.${NOMAD_JOB_NAME}.tls.domains[0].sans=vault.ducamps.win",
"traefik.http.routers.${NOMAD_JOB_NAME}.tls.certresolver=myresolver",
]
check {
type = "http"
@ -56,20 +56,20 @@ job "vaultwarden" {
}
env {
DATA_FOLDER = "/data"
WEB_VAULT_ENABLED = "true"
DOMAIN = "https://vault.ducamps.win"
DATA_FOLDER = "/data"
WEB_VAULT_ENABLED = "true"
DOMAIN = "https://vault.ducamps.win"
}
template {
data= <<EOH
data = <<EOH
{{ with secret "secrets/data/vaultwarden"}}
DATABASE_URL=postgresql://vaultwarden:{{ .Data.data.DB_PASSWORD }}@db1.ducamps.win/vaultwarden
{{end}}
EOH
destination = "secrets/vaultwarden.env"
env = true
env = true
}
resources {
memory = 150

46
nomad-job/www.nomad
View File

@ -1,34 +1,34 @@
job "www" {
datacenters = ["hetzner"]
type = "service"
type = "service"
group "www" {
network {
mode = "host"
port "http" {
to = 80
to = 80
host_network = "private"
}
}
service {
name = "www"
tags = [
"homer.enable=true",
"homer.name=Website",
"homer.service=Application",
"homer.icon=fas fa-blog",
"homer.target=_blank",
"homer.url=https://www.ducamps.win",
name = "www"
tags = [
"homer.enable=true",
"homer.name=Website",
"homer.service=Application",
"homer.icon=fas fa-blog",
"homer.target=_blank",
"homer.url=https://www.ducamps.win",
"traefik.enable=true",
"traefik.http.routers.${NOMAD_JOB_NAME}.rule=Host(`${NOMAD_JOB_NAME}.ducamps.win`)",
"traefik.http.routers.${NOMAD_JOB_NAME}.tls.domains[0].sans=${NOMAD_JOB_NAME}.ducamps.win",
"traefik.http.routers.${NOMAD_JOB_NAME}.tls.certresolver=myresolver",
"traefik.enable=true",
"traefik.http.routers.${NOMAD_JOB_NAME}.rule=Host(`${NOMAD_JOB_NAME}.ducamps.win`)",
"traefik.http.routers.${NOMAD_JOB_NAME}.tls.domains[0].sans=${NOMAD_JOB_NAME}.ducamps.win",
"traefik.http.routers.${NOMAD_JOB_NAME}.tls.certresolver=myresolver",
"traefik.http.routers.default.rule=Host(`ducamps.win`)",
"traefik.http.routers.default.tls.domains[0].sans=ducamps.win",
"traefik.http.routers.default.tls.certresolver=myresolver",
]
port = "http"
"traefik.http.routers.default.rule=Host(`ducamps.win`)",
"traefik.http.routers.default.tls.domains[0].sans=ducamps.win",
"traefik.http.routers.default.tls.certresolver=myresolver",
]
port = "http"
}
task "server" {
driver = "docker"
@ -37,14 +37,14 @@ job "www" {
ports = [
"http"
]
volumes =[
volumes = [
"local/nginx.conf:/etc/nginx/nginx.conf",
"/srv/http:/usr/share/nginx/html"
]
}
template{
data= <<EOH
template {
data = <<EOH
worker_processes auto;
pid /var/run/nginx.pid;
events {
@ -73,7 +73,7 @@ http {
}
EOH
destination="local/nginx.conf"
destination = "local/nginx.conf"
}
resources {
memory = 50