Compare commits
1 Commits
Author | SHA1 | Date | |
---|---|---|---|
|
2161f22ef8 |
@ -4,7 +4,7 @@ systemd_mounts:
|
||||
mount: /mnt/diskstation/nomad
|
||||
type: nfs
|
||||
options:
|
||||
- "vers=4"
|
||||
- " "
|
||||
automount: "{{ env_automount }}"
|
||||
enabled: true
|
||||
hetzner_storage:
|
||||
|
@ -1,7 +1,7 @@
|
||||
docker_daemon_config:
|
||||
dns:
|
||||
- 172.17.0.1
|
||||
- 192.168.1.6
|
||||
- 192.168.1.5
|
||||
mtu: 1420
|
||||
insecure-registries:
|
||||
- 192.168.1.0/24
|
||||
|
1
ansible/group_vars/all/k3s
Normal file
1
ansible/group_vars/all/k3s
Normal file
@ -0,0 +1 @@
|
||||
k3s_cluster_group: homelab
|
@ -4,7 +4,7 @@ systemd_mounts:
|
||||
mount: /mnt/diskstation/photo
|
||||
type: nfs
|
||||
options:
|
||||
- "vers=4"
|
||||
- " "
|
||||
automount: "{{ env_automount }}"
|
||||
enabled: true
|
||||
diskstation_music:
|
||||
@ -12,7 +12,7 @@ systemd_mounts:
|
||||
mount: /mnt/diskstation/music
|
||||
type: nfs
|
||||
options:
|
||||
- "vers=4"
|
||||
- " "
|
||||
automount: "{{ env_automount }}"
|
||||
enabled: true
|
||||
diskstation_media:
|
||||
@ -20,7 +20,7 @@ systemd_mounts:
|
||||
mount: /mnt/diskstation/media
|
||||
type: nfs
|
||||
options:
|
||||
- "vers=4"
|
||||
- " "
|
||||
automount: "{{ env_automount }}"
|
||||
enabled: true
|
||||
|
||||
@ -29,7 +29,7 @@ systemd_mounts:
|
||||
mount: /mnt/diskstation/ebook
|
||||
type: nfs
|
||||
options:
|
||||
- "vers=4"
|
||||
- " "
|
||||
automount: "{{ env_automount }}"
|
||||
enabled: true
|
||||
diskstation_nomad:
|
||||
@ -45,6 +45,6 @@ systemd_mounts:
|
||||
mount: /mnt/diskstation/download
|
||||
type: nfs
|
||||
options:
|
||||
- "vers=4"
|
||||
- " "
|
||||
automount: "{{ env_automount }}"
|
||||
enabled: true
|
||||
|
@ -1,2 +1,3 @@
|
||||
nomad_datacenter: homelab
|
||||
k3s_consul_service: true
|
||||
system_wol_enable: True
|
||||
|
@ -7,7 +7,7 @@ nomad_client_meta:
|
||||
- name: "env"
|
||||
value: "production"
|
||||
vault_unseal_keys_dir_output: "~/vaultUnseal/production"
|
||||
env_default_nfs_path: ""
|
||||
env_default_nfs_path: "/exports"
|
||||
env_media_nfs_path: "/volume1"
|
||||
env_automount: true
|
||||
nas_ip: "192.168.1.43"
|
||||
|
@ -3,7 +3,6 @@ default_interface: "enp1s0"
|
||||
consul_iface: "{{ default_interface}}"
|
||||
vault_iface: "{{ default_interface}}"
|
||||
nfs_iface: "{{ default_interface}}"
|
||||
nomad_client_cpu_total_compute: 8000
|
||||
wireguard_address: "10.0.0.2/24"
|
||||
wireguard_byhost_allowed_ips:
|
||||
merlin: 10.0.0.2,192.168.1.40
|
||||
|
@ -1,10 +1,4 @@
|
||||
---
|
||||
- name: Consul install
|
||||
hosts: all
|
||||
roles:
|
||||
- role: ansible-consul
|
||||
become: true
|
||||
|
||||
- name: Vault install
|
||||
hosts: homelab
|
||||
roles:
|
||||
@ -46,8 +40,6 @@
|
||||
|
||||
- name: nomad
|
||||
hosts: all
|
||||
vars:
|
||||
unseal_keys_dir_output: ~/vaultunseal
|
||||
roles:
|
||||
- role: ansible-nomad
|
||||
become: true
|
||||
|
8
ansible/playbooks/consul.yml
Normal file
8
ansible/playbooks/consul.yml
Normal file
@ -0,0 +1,8 @@
|
||||
---
|
||||
- name: Consul install
|
||||
hosts: all
|
||||
roles:
|
||||
- role: ansible-consul
|
||||
become: true
|
||||
|
||||
|
5
ansible/playbooks/kube.yml
Normal file
5
ansible/playbooks/kube.yml
Normal file
@ -0,0 +1,5 @@
|
||||
---
|
||||
- name: k3s
|
||||
hosts: all
|
||||
roles:
|
||||
- role: ansible-k3s
|
@ -45,5 +45,7 @@ roles:
|
||||
- src: git@git.ducamps.eu:2222/ansible-roles/ansible-role-pureftpd.git
|
||||
scm: git
|
||||
- src: https://github.com/PowerDNS/pdns_recursor-ansible.git
|
||||
- src: ssh://git@git.ducamps.eu:2222/ansible-roles/ansible-k3s.git
|
||||
scm: git
|
||||
collections:
|
||||
- name: vladgh.samba
|
||||
|
@ -2,7 +2,9 @@
|
||||
- import_playbook: playbooks/server.yml
|
||||
- import_playbook: playbooks/dhcpd.yml
|
||||
- import_playbook: playbooks/dns.yml
|
||||
- import_playbook: playbooks/HashicorpStack.yml
|
||||
- import_playbook: playbooks/consul.yml
|
||||
- import_playbook: playbooks/kube.yml
|
||||
#- import_playbook: playbooks/HashicorpStack.yml
|
||||
- import_playbook: playbooks/nas.yml
|
||||
- import_playbook: playbooks/autofs.yml
|
||||
- import_playbook: playbooks/sssd.yml
|
||||
|
@ -96,8 +96,7 @@ job "immich" {
|
||||
env = true
|
||||
}
|
||||
resources {
|
||||
memory = 600
|
||||
memory_max = 1800
|
||||
memory = 500
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -111,7 +111,6 @@ job "jellyfin" {
|
||||
resources {
|
||||
memory = 2000
|
||||
memory_max = 4000
|
||||
cpu = 3000
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -1 +0,0 @@
|
||||
../makefile
|
@ -81,7 +81,6 @@ job "mealie" {
|
||||
template {
|
||||
data = <<EOH
|
||||
{{ with secret "secrets/data/database/mealie"}}POSTGRES_PASSWORD= "{{ .Data.data.password }}" {{end}}
|
||||
{{ with secret "secrets/data/authelia/mealie"}}OIDC_CLIENT_SECRET= "{{ .Data.data.password }}" {{end}}
|
||||
EOH
|
||||
destination = "secrets/var.env"
|
||||
env = true
|
||||
|
@ -38,6 +38,7 @@ job "paperless-ng" {
|
||||
}
|
||||
resources {
|
||||
memory = 50
|
||||
cpu = 50
|
||||
}
|
||||
}
|
||||
task "paperless-ng" {
|
||||
@ -51,7 +52,6 @@ job "paperless-ng" {
|
||||
"traefik.http.routers.${NOMAD_JOB_NAME}.tls.domains[0].sans=${NOMAD_JOB_NAME}.ducamps.eu",
|
||||
"traefik.http.routers.${NOMAD_JOB_NAME}.tls.certresolver=myresolver",
|
||||
"traefik.http.routers.${NOMAD_JOB_NAME}.entrypoints=web,websecure",
|
||||
"traefik.http.routers.${NOMAD_JOB_NAME}.middlewares=authelia",
|
||||
"homer.enable=true",
|
||||
"homer.name=Paperless",
|
||||
"homer.service=Application",
|
||||
@ -87,9 +87,6 @@ job "paperless-ng" {
|
||||
PAPERLESS_CONSUMER_POLLING = "60"
|
||||
PAPERLESS_URL = "https://${NOMAD_JOB_NAME}.ducamps.eu"
|
||||
PAPERLESS_ALLOWED_HOSTS = "192.168.1.42,192.168.1.40"
|
||||
PAPERLESS_ENABLE_HTTP_REMOTE_USER = "true"
|
||||
PAPERLESS_HTTP_REMOTE_USER_HEADER_NAME = "HTTP_REMOTE_USER"
|
||||
PAPERLESS_LOGOUT_REDIRECT_URL= "https://auth.ducamps.eu/logout"
|
||||
}
|
||||
|
||||
template {
|
||||
@ -102,7 +99,7 @@ job "paperless-ng" {
|
||||
resources {
|
||||
memory = 950
|
||||
memory_max = 1500
|
||||
cpu = 2000
|
||||
cpu = 100
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -23,7 +23,7 @@ job "torrent" {
|
||||
}
|
||||
}
|
||||
task "bittorent" {
|
||||
driver = "docker"
|
||||
driver = "podman"
|
||||
service {
|
||||
name = "bittorent"
|
||||
port = "http"
|
||||
@ -43,11 +43,11 @@ job "torrent" {
|
||||
"traefik.http.routers.${NOMAD_JOB_NAME}.middlewares=authelia-basic",
|
||||
]
|
||||
}
|
||||
user = "root"
|
||||
config {
|
||||
ulimit {
|
||||
nofile = "8192:8192"
|
||||
}
|
||||
|
||||
image = "docker.service.consul:5000/crazymax/rtorrent-rutorrent:edge"
|
||||
privileged = "true"
|
||||
ports = [
|
||||
"http",
|
||||
"torrent",
|
||||
|
@ -1,64 +0,0 @@
|
||||
|
||||
job "rutorrentlocal" {
|
||||
datacenters = ["homelab"]
|
||||
priority = 80
|
||||
type = "service"
|
||||
meta {
|
||||
forcedeploy = "0"
|
||||
}
|
||||
constraint {
|
||||
attribute = "${node.unique.name}"
|
||||
operator = "set_contains"
|
||||
value = "oberon"
|
||||
}
|
||||
group "bittorent" {
|
||||
network {
|
||||
mode = "host"
|
||||
port "http" {
|
||||
to = 8080
|
||||
}
|
||||
port "torrent" {
|
||||
static = 6881
|
||||
}
|
||||
port "ecoute" {
|
||||
static = 50000
|
||||
}
|
||||
}
|
||||
task "bittorent" {
|
||||
driver = "podman"
|
||||
service {
|
||||
name = "bittorentlocal"
|
||||
port = "http"
|
||||
address_mode= "host"
|
||||
tags = [
|
||||
]
|
||||
}
|
||||
user = "root"
|
||||
config {
|
||||
|
||||
image = "docker.service.consul:5000/crazymax/rtorrent-rutorrent:edge"
|
||||
ports = [
|
||||
"http",
|
||||
"torrent",
|
||||
"ecoute"
|
||||
]
|
||||
volumes = [
|
||||
"/exports/nomad/rutorrent/data:/data",
|
||||
"/exports/nomad/rutorrent/downloads:/downloads"
|
||||
]
|
||||
|
||||
}
|
||||
env {
|
||||
PUID = 100001
|
||||
PGID = 10
|
||||
UMASK = 002
|
||||
WEBUI_PORT = "8080"
|
||||
}
|
||||
|
||||
resources {
|
||||
memory = 650
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
}
|
@ -83,6 +83,7 @@ job "tt-rss" {
|
||||
env = true
|
||||
}
|
||||
resources {
|
||||
cpu = 50
|
||||
memory = 150
|
||||
}
|
||||
}
|
||||
@ -115,6 +116,7 @@ job "tt-rss" {
|
||||
|
||||
}
|
||||
resources {
|
||||
cpu = 50
|
||||
memory = 150
|
||||
}
|
||||
}
|
||||
@ -199,6 +201,7 @@ job "tt-rss" {
|
||||
}
|
||||
|
||||
resources {
|
||||
cpu = 50
|
||||
memory = 50
|
||||
}
|
||||
}
|
||||
|
@ -74,7 +74,6 @@ job "batch-seedboxsync" {
|
||||
}
|
||||
resources {
|
||||
memory = 500
|
||||
memory_max = 1000
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -35,7 +35,7 @@ job "torrent_automation" {
|
||||
|
||||
}
|
||||
config {
|
||||
image = "alexfozor/flaresolverr:pr-1300-experimental"
|
||||
image = "ghcr.io/flaresolverr/flaresolverr:latest"
|
||||
ports = ["flaresolverr"]
|
||||
}
|
||||
env {
|
||||
|
@ -122,11 +122,10 @@ identity_providers:
|
||||
- 'https://www.ducamps.eu/tt-rss'
|
||||
userinfo_signed_response_alg: none
|
||||
authorization_policy: 'one_factor'
|
||||
pre_configured_consent_duration: 3M
|
||||
pre_configured_consent_duration: 15d
|
||||
- client_id: 'mealie'
|
||||
client_name: 'mealie'
|
||||
client_secret: {{ with secret "secrets/data/authelia/mealie"}} {{ .Data.data.hash }} {{end}}
|
||||
public: false
|
||||
public: true
|
||||
require_pkce: true
|
||||
pkce_challenge_method: 'S256'
|
||||
scopes:
|
||||
@ -138,7 +137,7 @@ identity_providers:
|
||||
- 'https://mealie.ducamps.eu/login'
|
||||
userinfo_signed_response_alg: none
|
||||
authorization_policy: 'one_factor'
|
||||
pre_configured_consent_duration: 3M
|
||||
token_endpoint_auth_method: 'none'
|
||||
- client_id: 'immich'
|
||||
client_name: 'immich'
|
||||
client_secret: {{ with secret "secrets/data/authelia/immich"}} {{ .Data.data.hash }} {{end}}
|
||||
@ -153,7 +152,6 @@ identity_providers:
|
||||
- 'profile'
|
||||
- 'email'
|
||||
userinfo_signed_response_alg: 'none'
|
||||
pre_configured_consent_duration: 3M
|
||||
- client_id: 'grafana'
|
||||
client_name: 'Grafana'
|
||||
client_secret:{{ with secret "secrets/data/authelia/grafana"}} {{ .Data.data.hash }} {{end}}
|
||||
@ -170,7 +168,6 @@ identity_providers:
|
||||
- 'email'
|
||||
userinfo_signed_response_alg: 'none'
|
||||
token_endpoint_auth_method: 'client_secret_basic'
|
||||
pre_configured_consent_duration: 3M
|
||||
- client_id: 'vikunja'
|
||||
client_name: 'vikunja'
|
||||
client_secret:{{ with secret "secrets/data/authelia/vikunja"}} {{ .Data.data.hash }} {{end}}
|
||||
@ -183,22 +180,7 @@ identity_providers:
|
||||
- 'profile'
|
||||
- 'email'
|
||||
userinfo_signed_response_alg: 'none'
|
||||
token_endpoint_auth_method: 'client_secret_basic'
|
||||
pre_configured_consent_duration: 3M
|
||||
- client_id: 'gitea'
|
||||
client_name: 'gitea'
|
||||
client_secret:{{ with secret "secrets/data/authelia/gitea"}} {{ .Data.data.hash }} {{end}}
|
||||
public: false
|
||||
authorization_policy: 'one_factor'
|
||||
redirect_uris:
|
||||
- 'https://git.ducamps.eu/user/oauth2/authelia/callback'
|
||||
scopes:
|
||||
- 'openid'
|
||||
- 'profile'
|
||||
- 'email'
|
||||
userinfo_signed_response_alg: 'none'
|
||||
token_endpoint_auth_method: 'client_secret_basic'
|
||||
pre_configured_consent_duration: 3M
|
||||
|
||||
log:
|
||||
level: 'trace'
|
||||
|
@ -45,6 +45,7 @@ job "dashboard" {
|
||||
}
|
||||
|
||||
resources {
|
||||
cpu = 50
|
||||
memory = 20
|
||||
}
|
||||
}
|
||||
@ -144,6 +145,7 @@ services:
|
||||
|
||||
}
|
||||
resources {
|
||||
cpu = 50
|
||||
memory = 30
|
||||
}
|
||||
}
|
||||
|
@ -81,11 +81,7 @@ job "git" {
|
||||
GITEA__database__HOST = "active.db.service.consul"
|
||||
GITEA__database__NAME = "gitea"
|
||||
GITEA__database__USER = "gitea"
|
||||
GITEA__service__DISABLE_REGISTRATION = "false"
|
||||
GITEA__service__ALLOW_ONLY_EXTERNAL_REGISTRATION = "true"
|
||||
GITEA__service__SHOW_REGISTRATION_BUTTON = "false"
|
||||
GITEA__openid__ENABLE_OPENID_SIGNIN = "false"
|
||||
GITEA__openid__ENABLE_OPENID_SIGNUP = "true"
|
||||
GITEA__service__DISABLE_REGISTRATION = "true"
|
||||
GITEA__repository__ROOT = "/data/gitea-repositories"
|
||||
GITEA__server__APP_DATA_PATH = "/data"
|
||||
GITEA__server__LFS_CONTENT_PATH = "/data/lfs"
|
||||
|
@ -1 +0,0 @@
|
||||
../makefile
|
@ -29,7 +29,6 @@ job "vector" {
|
||||
}
|
||||
# resource limits are a good idea because you don't want your log collection to consume all resources available
|
||||
resources {
|
||||
cpu = 500 # 500 MHz
|
||||
memory = 256 # 256MB
|
||||
}
|
||||
# template with Vector's configuration
|
||||
|
@ -1 +0,0 @@
|
||||
../makefile
|
@ -12,34 +12,37 @@ job "pdns-auth" {
|
||||
}
|
||||
constraint {
|
||||
attribute = "${node.class}"
|
||||
operator = "set_contains"
|
||||
value = "cluster"
|
||||
}
|
||||
vault {
|
||||
policies = ["pdns"]
|
||||
operator = "set_contains"
|
||||
value = "cluster"
|
||||
}
|
||||
group "pdns-auth" {
|
||||
network {
|
||||
port "dns" {
|
||||
static = 5300
|
||||
static=5300
|
||||
}
|
||||
port "http" {
|
||||
static = 8081
|
||||
}
|
||||
port "pdnsadmin"{
|
||||
to = 80
|
||||
}
|
||||
}
|
||||
task "pdns-auth" {
|
||||
vault {
|
||||
policies = ["pdns"]
|
||||
}
|
||||
task "pdns-auth" {
|
||||
|
||||
driver = "docker"
|
||||
service {
|
||||
driver = "docker"
|
||||
service {
|
||||
name = "pdns-auth"
|
||||
port = "dns"
|
||||
|
||||
}
|
||||
config {
|
||||
image = "docker.service.consul:5000/powerdns/pdns-auth-master:latest"
|
||||
image = "docker.service.consul:5000/powerdns/pdns-auth-master:latest"
|
||||
network_mode = "host"
|
||||
privileged = true
|
||||
cap_add = ["net_bind_service"]
|
||||
privileged=true
|
||||
cap_add= ["net_bind_service"]
|
||||
volumes = [
|
||||
"/mnt/diskstation/nomad/pdns-auth/var:/var/lib/powerdns/",
|
||||
"local/dnsupdate.conf:/etc/powerdns/pdns.d/dnsupdate.conf",
|
||||
@ -54,20 +57,20 @@ job "pdns-auth" {
|
||||
PDNS_AUTH_API_KEY="{{.Data.data.API_KEY}}"
|
||||
{{ end }}
|
||||
EOH
|
||||
env = true
|
||||
env = true
|
||||
}
|
||||
template {
|
||||
template{
|
||||
destination = "local/dnsupdate.conf"
|
||||
data = <<EOH
|
||||
data = <<EOH
|
||||
dnsupdate=yes
|
||||
allow-dnsupdate-from=192.168.1.43/24
|
||||
local-address=192.168.1.5
|
||||
local-port=53
|
||||
EOH
|
||||
}
|
||||
template {
|
||||
template{
|
||||
destination = "local/pdns.conf"
|
||||
data = <<EOH
|
||||
data = <<EOH
|
||||
launch=gpgsql
|
||||
gpgsql-host=active.db.service.consul
|
||||
gpgsql-port=5432
|
||||
@ -81,20 +84,61 @@ include-dir=/etc/powerdns/pdns.d
|
||||
EOH
|
||||
}
|
||||
resources {
|
||||
cpu = 50
|
||||
memory = 100
|
||||
}
|
||||
}
|
||||
task "pnds-admin" {
|
||||
service {
|
||||
name = "pdns-admin"
|
||||
tags = [
|
||||
"homer.enable=true",
|
||||
"homer.name=PDNS-ADMIN",
|
||||
"homer.service=Application",
|
||||
"homer.logo=http://${NOMAD_ADDR_pdnsadmin}/static/img/favicon.png",
|
||||
"homer.target=_blank",
|
||||
"homer.url=http://${NOMAD_ADDR_pdnsadmin}",
|
||||
|
||||
task "pdns-recursor" {
|
||||
|
||||
driver = "docker"
|
||||
config {
|
||||
image = "docker.service.consul:5000/powerdns/pdns-recursor-master:latest"
|
||||
network_mode = "host"
|
||||
volumes = [
|
||||
"local/recursor.conf:/etc/powerdns/recursor.conf",
|
||||
]
|
||||
]
|
||||
port = "pdnsadmin"
|
||||
}
|
||||
driver = "docker"
|
||||
config {
|
||||
image = "docker.service.consul:5000/powerdnsadmin/pda-legacy:latest"
|
||||
ports= ["pdnsadmin"]
|
||||
volumes = [
|
||||
"/mnt/diskstation/nomad/pdns-admin/:/data/node_module/",
|
||||
]
|
||||
}
|
||||
template{
|
||||
destination = "secrets/pdns-admin.env"
|
||||
env = true
|
||||
data = <<EOH
|
||||
{{ with secret "secrets/data/nomad/pdns"}}
|
||||
SECRET_KEY="{{ .Data.data.SECRET_KEY }}"
|
||||
GUNICORN_WORKERS=2
|
||||
{{ end }}
|
||||
{{ with secret "secrets/data/database/pdns"}}
|
||||
SQLALCHEMY_DATABASE_URI=postgresql://pdns-admin:{{ .Data.data.pdnsadmin }}@active.db.service.consul/pdns-admin
|
||||
{{end}}
|
||||
EOH
|
||||
}
|
||||
resources {
|
||||
cpu = 50
|
||||
memory = 200
|
||||
}
|
||||
|
||||
}
|
||||
task "pdns-recursor" {
|
||||
|
||||
driver = "docker"
|
||||
config {
|
||||
image = "docker.service.consul:5000/powerdns/pdns-recursor-master:latest"
|
||||
network_mode = "host"
|
||||
volumes = [
|
||||
"local/recursor.conf:/etc/powerdns/recursor.conf",
|
||||
]
|
||||
}
|
||||
template{
|
||||
destination = "local/recursor.conf"
|
||||
data= <<EOH
|
||||
@ -103,29 +147,29 @@ dnssec=off
|
||||
forward-zones=consul=127.0.0.1:8600,ducamps.eu=192.168.1.5,1.168.192.in-addr.arpa=192.168.1.5
|
||||
local-address=192.168.1.6
|
||||
EOH
|
||||
}
|
||||
resources {
|
||||
cpu = 50
|
||||
memory = 50
|
||||
}
|
||||
}
|
||||
task "keepalived" {
|
||||
driver = "docker"
|
||||
resources {
|
||||
cpu = 50
|
||||
memory = 50
|
||||
}
|
||||
}
|
||||
task "keepalived" {
|
||||
driver = "docker"
|
||||
lifecycle {
|
||||
hook = "prestart"
|
||||
sidecar = true
|
||||
}
|
||||
|
||||
env {
|
||||
KEEPALIVED_ROUTER_ID = "52"
|
||||
KEEPALIVED_STATE = "MASTER"
|
||||
KEEPALIVED_VIRTUAL_IPS = "#PYTHON2BASH:['192.168.1.5','192.168.1.6']"
|
||||
KEEPALIVED_ROUTER_ID = "52"
|
||||
KEEPALIVED_STATE = "MASTER"
|
||||
KEEPALIVED_VIRTUAL_IPS = "#PYTHON2BASH:['192.168.1.5','192.168.1.6']"
|
||||
}
|
||||
template {
|
||||
template{
|
||||
destination = "local/env.yaml"
|
||||
change_mode = "restart"
|
||||
env = true
|
||||
data = <<EOH
|
||||
env= true
|
||||
data = <<EOH
|
||||
KEEPALIVED_INTERFACE= {{ sockaddr "GetPrivateInterfaces | include \"network\" \"192.168.1.0/24\" | attr \"name\"" }}
|
||||
EOH
|
||||
}
|
||||
@ -144,53 +188,4 @@ local-address=192.168.1.6
|
||||
}
|
||||
}
|
||||
}
|
||||
group "pdns-admin" {
|
||||
network {
|
||||
port "pdnsadmin" {
|
||||
to = 80
|
||||
}
|
||||
}
|
||||
task "pnds-admin" {
|
||||
service {
|
||||
name = "pdns-admin"
|
||||
tags = [
|
||||
"homer.enable=true",
|
||||
"homer.name=PDNS-ADMIN",
|
||||
"homer.service=Application",
|
||||
"homer.logo=http://${NOMAD_ADDR_pdnsadmin}/static/img/favicon.png",
|
||||
"homer.target=_blank",
|
||||
"homer.url=http://${NOMAD_ADDR_pdnsadmin}",
|
||||
|
||||
]
|
||||
port = "pdnsadmin"
|
||||
}
|
||||
driver = "docker"
|
||||
config {
|
||||
image = "docker.service.consul:5000/powerdnsadmin/pda-legacy:latest"
|
||||
ports = ["pdnsadmin"]
|
||||
volumes = [
|
||||
"/mnt/diskstation/nomad/pdns-admin/:/data/node_module/",
|
||||
]
|
||||
}
|
||||
template {
|
||||
destination = "secrets/pdns-admin.env"
|
||||
env = true
|
||||
data = <<EOH
|
||||
{{ with secret "secrets/data/nomad/pdns"}}
|
||||
SECRET_KEY="{{ .Data.data.SECRET_KEY }}"
|
||||
GUNICORN_WORKERS=2
|
||||
{{ end }}
|
||||
{{ with secret "secrets/data/database/pdns"}}
|
||||
SQLALCHEMY_DATABASE_URI=postgresql://pdns-admin:{{ .Data.data.pdnsadmin }}@active.db.service.consul/pdns-admin
|
||||
{{end}}
|
||||
EOH
|
||||
}
|
||||
resources {
|
||||
cpu = 50
|
||||
memory = 200
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
|
@ -90,7 +90,6 @@ local-ttl=2
|
||||
}
|
||||
resources {
|
||||
memory = 100
|
||||
memory_max =200
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -90,7 +90,7 @@ version: '0.1'
|
||||
}
|
||||
resources {
|
||||
memory = 150
|
||||
memory_max = 600
|
||||
memory_max = 400
|
||||
}
|
||||
}
|
||||
task "docker-ghcr" {
|
||||
@ -133,7 +133,7 @@ version: '0.1'
|
||||
}
|
||||
resources {
|
||||
memory = 150
|
||||
memory_max = 600
|
||||
memory_max = 400
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -73,8 +73,7 @@ def main() -> None:
|
||||
"authelia/immich",
|
||||
"authelia/mealie",
|
||||
"authelia/grafana",
|
||||
"authelia/vikunja",
|
||||
"authelia/gitea"
|
||||
"authelia/vikunja"
|
||||
]
|
||||
|
||||
token=os.getenv('VAULT_TOKEN',"")
|
||||
|
Loading…
Reference in New Issue
Block a user