From af5886688288c9b1e7bbc07759189d2472349bdd Mon Sep 17 00:00:00 2001
From: vincent <vincent@ducamps.win>
Date: Sun, 29 Sep 2024 17:38:27 +0200
Subject: [PATCH] dns: pdns-admin in dedicated nomad group

---
 nomad-job/system/pdns-auth.nomad | 176 ++++++++++++++++---------------
 1 file changed, 91 insertions(+), 85 deletions(-)

diff --git a/nomad-job/system/pdns-auth.nomad b/nomad-job/system/pdns-auth.nomad
index bd3c399..90b6d65 100644
--- a/nomad-job/system/pdns-auth.nomad
+++ b/nomad-job/system/pdns-auth.nomad
@@ -12,37 +12,34 @@ job "pdns-auth" {
   }
   constraint {
     attribute = "${node.class}"
-    operator = "set_contains"
-    value = "cluster"
+    operator  = "set_contains"
+    value     = "cluster"
+  }
+  vault {
+    policies = ["pdns"]
   }
   group "pdns-auth" {
     network {
       port "dns" {
-        static=5300
+        static = 5300
       }
       port "http" {
         static = 8081
       }
-      port "pdnsadmin"{
-        to = 80
-      }
     }
-  vault {
-    policies = ["pdns"]
-  }
-  task "pdns-auth" {
+    task "pdns-auth" {
 
-    driver = "docker"
-    service {
+      driver = "docker"
+      service {
         name = "pdns-auth"
         port = "dns"
 
       }
       config {
-        image = "docker.service.consul:5000/powerdns/pdns-auth-master:latest"        
+        image        = "docker.service.consul:5000/powerdns/pdns-auth-master:latest"
         network_mode = "host"
-        privileged=true
-        cap_add= ["net_bind_service"]
+        privileged   = true
+        cap_add      = ["net_bind_service"]
         volumes = [
           "/mnt/diskstation/nomad/pdns-auth/var:/var/lib/powerdns/",
           "local/dnsupdate.conf:/etc/powerdns/pdns.d/dnsupdate.conf",
@@ -57,20 +54,20 @@ job "pdns-auth" {
           PDNS_AUTH_API_KEY="{{.Data.data.API_KEY}}"
 {{ end }}
         EOH
-        env = true
+        env  = true
       }
-      template{
+      template {
         destination = "local/dnsupdate.conf"
-        data = <<EOH
+        data        = <<EOH
 dnsupdate=yes
 allow-dnsupdate-from=192.168.1.43/24
 local-address=192.168.1.5
 local-port=53
         EOH
       }
-      template{
+      template {
         destination = "local/pdns.conf"
-        data = <<EOH
+        data        = <<EOH
 launch=gpgsql
 gpgsql-host=active.db.service.consul
 gpgsql-port=5432
@@ -88,88 +85,48 @@ include-dir=/etc/powerdns/pdns.d
         memory = 100
       }
     }
-  task "pnds-admin" {
-    service {
-      name = "pdns-admin"
-      tags = [
-        "homer.enable=true",
-        "homer.name=PDNS-ADMIN",
-        "homer.service=Application",
-        "homer.logo=http://${NOMAD_ADDR_pdnsadmin}/static/img/favicon.png",
-        "homer.target=_blank",
-        "homer.url=http://${NOMAD_ADDR_pdnsadmin}",
 
-      ]
-      port = "pdnsadmin"
-    }
-    driver = "docker"
-    config {
-     image = "docker.service.consul:5000/powerdnsadmin/pda-legacy:latest"        
-     ports= ["pdnsadmin"]  
-      volumes = [
-        "/mnt/diskstation/nomad/pdns-admin/:/data/node_module/",
-      ]
+    task "pdns-recursor" {
+
+      driver = "docker"
+      config {
+        image        = "docker.service.consul:5000/powerdns/pdns-recursor-master:latest"
+        network_mode = "host"
+        volumes = [
+          "local/recursor.conf:/etc/powerdns/recursor.conf",
+        ]
       }
-      template{
-        destination = "secrets/pdns-admin.env"
-        env = true
-        data = <<EOH
-{{ with secret "secrets/data/nomad/pdns"}}
-SECRET_KEY="{{ .Data.data.SECRET_KEY }}"
-GUNICORN_WORKERS=2
-{{ end }}
-{{ with secret "secrets/data/database/pdns"}}
-SQLALCHEMY_DATABASE_URI=postgresql://pdns-admin:{{ .Data.data.pdnsadmin }}@active.db.service.consul/pdns-admin
-{{end}}
-        EOH
-      }
-    resources {
-      cpu    = 50
-      memory = 200
-}
-
-  }
-  task "pdns-recursor" {
-
-    driver = "docker"
-    config {
-     image = "docker.service.consul:5000/powerdns/pdns-recursor-master:latest"        
-    network_mode = "host"
-      volumes = [
-        "local/recursor.conf:/etc/powerdns/recursor.conf",
-      ]
-    }
-    template{
-      destination = "local/recursor.conf"
-      data= <<EOH
+      template {
+        destination = "local/recursor.conf"
+        data        = <<EOH
 config-dir=/etc/powerdns
 dnssec=off
 forward-zones=consul=127.0.0.1:8600,ducamps.eu=192.168.1.5,1.168.192.in-addr.arpa=192.168.1.5
 local-address=192.168.1.6
       EOH
+      }
+      resources {
+        cpu    = 50
+        memory = 50
+      }
     }
-    resources {
-      cpu    = 50
-      memory = 50
-    }
-  }
-  task "keepalived" {
-    driver = "docker"
+    task "keepalived" {
+      driver = "docker"
       lifecycle {
         hook    = "prestart"
         sidecar = true
       }
 
       env {
-        KEEPALIVED_ROUTER_ID     = "52"
-        KEEPALIVED_STATE         = "MASTER"
-        KEEPALIVED_VIRTUAL_IPS   = "#PYTHON2BASH:['192.168.1.5','192.168.1.6']"
+        KEEPALIVED_ROUTER_ID   = "52"
+        KEEPALIVED_STATE       = "MASTER"
+        KEEPALIVED_VIRTUAL_IPS = "#PYTHON2BASH:['192.168.1.5','192.168.1.6']"
       }
-      template{
+      template {
         destination = "local/env.yaml"
         change_mode = "restart"
-        env= true
-        data = <<EOH
+        env         = true
+        data        = <<EOH
         KEEPALIVED_INTERFACE= {{ sockaddr "GetPrivateInterfaces | include \"network\" \"192.168.1.0/24\" | attr \"name\"" }}
         EOH
       }
@@ -188,4 +145,53 @@ local-address=192.168.1.6
       }
     }
   }
+  group "pdns-admin" {
+    network {
+      port "pdnsadmin" {
+        to = 80
+      }
+    }
+    task "pnds-admin" {
+      service {
+        name = "pdns-admin"
+        tags = [
+          "homer.enable=true",
+          "homer.name=PDNS-ADMIN",
+          "homer.service=Application",
+          "homer.logo=http://${NOMAD_ADDR_pdnsadmin}/static/img/favicon.png",
+          "homer.target=_blank",
+          "homer.url=http://${NOMAD_ADDR_pdnsadmin}",
+
+        ]
+        port = "pdnsadmin"
+      }
+      driver = "docker"
+      config {
+        image = "docker.service.consul:5000/powerdnsadmin/pda-legacy:latest"
+        ports = ["pdnsadmin"]
+        volumes = [
+          "/mnt/diskstation/nomad/pdns-admin/:/data/node_module/",
+        ]
+      }
+      template {
+        destination = "secrets/pdns-admin.env"
+        env         = true
+        data        = <<EOH
+{{ with secret "secrets/data/nomad/pdns"}}
+SECRET_KEY="{{ .Data.data.SECRET_KEY }}"
+GUNICORN_WORKERS=2
+{{ end }}
+{{ with secret "secrets/data/database/pdns"}}
+SQLALCHEMY_DATABASE_URI=postgresql://pdns-admin:{{ .Data.data.pdnsadmin }}@active.db.service.consul/pdns-admin
+{{end}}
+        EOH
+      }
+      resources {
+        cpu    = 50
+        memory = 200
+      }
+
+    }
+
+  }
 }