marc/samfelag
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Thingvellir as nomad server

Browse Source
This commit is contained in:
marc
2024-02-16 18:21:24 +01:00
parent 3c23709394
commit 87a4d79c71
27 changed files with 1253 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

100
data/nomad/caddy.nomad Normal file
View File

@@ -0,0 +1,100 @@
job "caddy" {
region = "global"
datacenters = ["samfelag"]
type = "service"
group "caddy" {
count = 1
volume "caddyfile" {
type = "host"
read_only = false
source = "caddyfile"
}
volume "caddy-data" {
type = "host"
read_only = false
source = "caddy-data"
}
restart {
attempts = 2
interval = "2m"
delay = "1m"
mode = "fail"
}
network {
port "http" {
static = 80
to = 80
host_network = "public"
}
port "https" {
static = 443
to = 443
host_network = "public"
}
port "config" {
static = 2019
to = 2019
}
dns {
servers = ["100.80.195.56"]
}
}
###
# CADDY
###
task "caddy" {
driver = "docker"
volume_mount {
volume = "caddyfile"
destination = "/etc/caddy/Caddyfile"
read_only = false
}
volume_mount {
volume = "caddy-data"
destination = "/data"
read_only = false
}
env {
}
config {
image = "caddy:2.3.0-alpine"
ports = ["http", "https", "config"]
volumes = [
"/mnt/vatnajokull/lajuntament-web:/sites/lajuntament-web",
"/mnt/vatnajokull/folkugat-web:/sites/folkugat-web",
]
}
resources {
cpu = 500
memory = 128
}
service {
name = "caddy"
check {
type = "tcp"
port = "http"
interval = "30s"
timeout = "2s"
}
}
}
}
}

112
data/nomad/dns.nomad Normal file
View File

@@ -0,0 +1,112 @@
job "dns" {
region = "global"
datacenters = ["samfelag"]
type = "service"
group "dns" {
count = 1
restart {
attempts = 10
delay = "15s"
}
# VOLUMES
## pihole
volume "pihole" {
type = "host"
read_only = false
source = "dns-pihole"
}
volume "dnsmasq" {
type = "host"
read_only = false
source = "dns-dnsmasq"
}
## unbound
volume "unbound" {
type = "host"
read_only = false
source = "dns-unbound"
}
# NETWORK
network {
port "dns" {
static = 53
}
port "http" {
to = 80
}
port "unbound" {
static = 5533
}
}
# TASKS
task "pihole" {
driver = "docker"
volume_mount {
volume = "pihole"
destination = "/etc/pihole"
read_only = false
}
volume_mount {
volume = "dnsmasq"
destination = "/etc/dnsmasq.d"
read_only = false
}
env {
TZ = "Europe/Amsterdam"
WEBPASSWORD = "elbonfeix"
ServerIP = "100.80.195.56"
}
config {
image = "pihole/pihole:v5.7"
ports = ["dns", "http"]
}
resources {
cpu = 100
memory = 32
}
service {
name = "pihole-gui"
port = "http"
}
}
task "unbound" {
driver = "docker"
volume_mount {
volume = "unbound"
destination = "/opt/unbound/etc/unbound/"
read_only = false
}
config {
image = "mvance/unbound:latest"
ports = ["unbound"]
}
resources {
cpu = 50
memory = 32
}
}
}
}

71
data/nomad/gitea.nomad Normal file
View File

@@ -0,0 +1,71 @@
job "gitea" {
region = "global"
datacenters = ["samfelag"]
type = "service"
group "gitea" {
count = 1
restart {
attempts = 5
delay = "1m"
}
network {
port "http" {
to = 3000
}
port "ssh" {
static = 2222
to = 22
host_network = "public"
}
}
task "gitea" {
driver = "docker"
env {
USER_UID = "1001"
USER_GID = "1001"
}
config {
image = "gitea/gitea:latest"
ports = ["http", "ssh"]
volumes = ["/mnt/vatnajokull/nomad_volumes/gitea/data:/data"]
}
resources {
cpu = 1000
memory = 256
}
service {
name = "gitea"
port = "http"
check {
type = "tcp"
port = "http"
interval = "30s"
timeout = "2s"
}
}
service {
name = "gitea-ssh"
port = "ssh"
check {
type = "tcp"
port = "ssh"
interval = "30s"
timeout = "2s"
}
}
}
}
}

106
data/nomad/lwt.nomad Normal file
View File

@@ -0,0 +1,106 @@
job "lwt" {
region = "global"
datacenters = ["samfelag"]
type = "service"
group "lwt" {
count = 1
restart {
attempts = 10
delay = "30s"
}
# VOLUMES
volume "lwt-mariadb" {
type = "host"
read_only = false
source = "lwt-mariadb"
}
volume "lwt" {
type = "host"
read_only = false
source = "lwt"
}
# NETWORK
network {
port "lwt" {
to = 80
}
port "mariadb" {
static = 33306
to = 3306
}
}
# TASKS
task "mariadb" {
driver = "docker"
user = 1001
volume_mount {
volume = "lwt-mariadb"
destination = "/var/lib/mysql"
read_only = false
}
env {
MYSQL_ALLOW_EMPTY_PASSWORD = "no"
MYSQL_ROOT_PASSWORD = "root"
}
config {
image = "mariadb:10.7"
ports = ["mariadb"]
}
resources {
cpu = 100
memory = 128
}
}
task "lwt" {
driver = "docker"
config {
image = "ghcr.io/hugofara/lwt:master"
ports = ["lwt"]
}
volume_mount {
volume = "lwt"
destination = "/var/www/html/media"
read_only = false
}
env {
DB_HOST = "${attr.unique.network.ip-address}:33306" # "100.91.225.117"
}
resources {
cpu = 100
memory = 128
}
service {
name = "lwt"
port = "lwt"
check {
type = "tcp"
port = "lwt"
interval = "30s"
timeout = "10s"
}
}
}
}
}

71
data/nomad/minecraft.nomad Normal file
View File

@@ -0,0 +1,71 @@
job "minecraft" {
region = "global"
datacenters = ["samfelag"]
type = "service"
group "minecraft" {
count = 1
volume "minecraft" {
type = "host"
read_only = false
source = "minecraft"
}
restart {
attempts = 2
interval = "2m"
delay = "1m"
mode = "fail"
}
network {
port "server" {
static = 25565
to = 25565
host_network = "minecraft"
}
}
###
# MINECRAFT SERVER
###
task "minecraft" {
driver = "docker"
volume_mount {
volume = "minecraft"
destination = "/data"
read_only = false
}
env {
EULA = "TRUE"
TZ = "Europe/Madrid"
}
config {
image = "itzg/minecraft-server"
ports = ["server"]
}
resources {
cpu = 2800
memory = 1900
}
service {
name = "minecraft"
check {
type = "tcp"
port = "server"
interval = "30s"
timeout = "2s"
}
}
}
}
}

133
data/nomad/moimoin.nomad Normal file
View File

@@ -0,0 +1,133 @@
job "moimoin" {
region = "global"
datacenters = ["samfelag"]
type = "service"
group "moimoin" {
count = 1
restart {
attempts = 10
delay = "30s"
}
# VOLUMES
volume "mysql" {
type = "host"
read_only = false
source = "moimoin"
}
# NETWORK
network {
port "moimoin-front" {
to = 5000
}
port "moimoin-back" {
to = 3000
}
port "mysql" {
static = 33306
to = 3306
}
}
# TASKS
task "mysql" {
driver = "docker"
user = 1001
volume_mount {
volume = "mysql"
destination = "/var/lib/mysql"
read_only = false
}
env {
MYSQL_DATABASE = "xat-osr"
MYSQL_ROOT_PASSWORD = "estrell4galicia"
}
config {
image = "arm64v8/mysql:latest"
ports = ["mysql"]
}
resources {
cpu = 500
memory = 512
}
}
task "moimoin-back" {
driver = "docker"
config {
image = "marc.sastre.cat/moimoin-back:latest"
ports = ["moimoin-back"]
}
env {
MYSQL_HOST = "${attr.unique.network.ip-address}" # "100.91.225.117"
MYSQL_PORT = "33306"
MYSQL_USER = "root"
MYSQL_PASSWORD = "estrell4galicia"
MYSQL_NAME = "xat-osr"
CHAT_ADMIN_PSWD = "cervesaEspecial"
CLIENT_HOST = "marc.sastre.cat/moimoin"
}
resources {
cpu = 100
memory = 128
}
service {
name = "moimoin-back"
port = "moimoin-back"
check {
type = "tcp"
port = "moimoin-back"
interval = "30s"
timeout = "10s"
}
}
}
task "moimoin-front" {
driver = "docker"
config {
image = "marc.sastre.cat/moimoin-front:latest"
ports = ["moimoin-front"]
}
env {
CLIENT_PORT = "5000"
}
resources {
cpu = 100
memory = 128
}
service {
name = "moimoin-front"
port = "moimoin-front"
check {
type = "tcp"
port = "moimoin-front"
interval = "30s"
timeout = "10s"
}
}
}
}
}

188
data/nomad/nextcloud.nomad Normal file
View File

@@ -0,0 +1,188 @@
job "nextcloud" {
region = "global"
datacenters = ["samfelag"]
type = "service"
group "nextcloud" {
count = 1
restart {
attempts = 5
delay = "1m"
}
# Network
network {
port "nextcloud" {
static = 8080
to = 80
}
port "mariadb" {
static = 3306
to = 3306
}
# port "collabora" {
# to = 9980
# }
}
# Volumes
volume "nextcloud" {
type = "host"
read_only = false
source = "nextcloud"
}
volume "mariadb" {
type = "host"
read_only = false
source = "mariadb"
}
# volume "collabora" {
# type = "host"
# read_only = false
# source = "collabora"
# }
###
# NEXTCLOUD
###
task "nextcloud" {
driver = "docker"
user = 1001
env {
MYSQL_PASSWORD = "hxKOD13MUh"
MYSQL_DATABASE = "nextcloud"
MYSQL_USER = "nextcloud"
MYSQL_HOST = "${NOMAD_ADDR_mariadb}"
NEXTCLOUD_TRUSTED_DOMAINS = "nextcloud.samfelag.xyz"
OVERWRITEPROTOCOL = "https"
}
volume_mount {
volume = "nextcloud"
destination = "/var/www/html"
read_only = false
}
config {
image = "nextcloud:latest"
ports = ["nextcloud"]
}
resources {
cpu = 2000
memory = 512
}
service {
name = "nextcloud"
port = "nextcloud"
check {
type = "tcp"
port = "nextcloud"
interval = "30s"
timeout = "2s"
}
}
}
###
# MARIADB
###
task "mariadb" {
driver = "docker"
user = 1001
env {
MYSQL_ROOT_PASSWORD = "hxKOD13MUh"
MYSQL_ROOT_HOST = "${NOMAD_IP_mariadb}"
MYSQL_PASSWORD = "hxKOD13MUh"
MYSQL_DATABASE = "nextcloud"
MYSQL_USER = "nextcloud"
}
volume_mount {
volume = "mariadb"
destination = "/var/lib/mysql"
read_only = false
}
config {
image = "mariadb:10.5"
ports = ["mariadb"]
}
resources {
cpu = 1000
memory = 256
}
service {
name = "mariadb"
tags = ["mariadb"]
port = "mariadb"
check {
type = "tcp"
port = "mariadb"
interval = "30s"
timeout = "2s"
}
}
}
###
# COLLABORA
###
# task "collabora" {
# driver = "docker"
# env {
# aliasgroup1 = "https://nextcloud.lajuntament.space:443"
# username = "lajuntament"
# password = "eLn1lIm4rc"
# }
# volume_mount {
# volume = "collabora"
# destination = "/etc/loolwsd"
# read_only = false
# }
# config {
# image = "collabora/code:latest"
# ports = ["collabora"]
# }
# resources {
# cpu = 2000
# memory = 1024
# }
# service {
# name = "collabora"
# port = "collabora"
# check {
# type = "tcp"
# port = "collabora"
# interval = "30s"
# timeout = "2s"
# }
# }
# }
}
}

67
data/nomad/old/collabora.nomad Normal file
View File

@@ -0,0 +1,67 @@
job "collabora" {
region = "global"
datacenters = ["samfelag"]
type = "service"
group "collabora" {
count = 1
restart {
attempts = 5
delay = "1m"
}
network {
port "http" {
to = 9980
}
}
volume "collabora" {
type = "host"
read_only = false
source = "collabora"
}
task "collabora" {
driver = "docker"
env {
domain = "nextcloud\\.lajuntament\\.space"
username = "lajuntament"
password = "eLn1lIm4rc"
extra_params = "--o:ssl.enable=false"
}
volume_mount {
volume = "collabora"
destination = "/etc/loolwsd"
read_only = false
}
config {
image = "collabora/code:latest"
ports = ["http"]
}
resources {
cpu = 1500
memory = 1024
}
service {
name = "collabora"
port = "http"
check {
type = "tcp"
port = "http"
interval = "30s"
timeout = "2s"
}
}
}
}
}

73
data/nomad/old/pihole.nomad Normal file
View File

@@ -0,0 +1,73 @@
job "pihole" {
region = "global"
datacenters = ["samfelag"]
type = "service"
group "pihole" {
count = 1
volume "pihole" {
type = "host"
read_only = false
source = "dns-pihole"
}
volume "dnsmasq" {
type = "host"
read_only = false
source = "dns-dnsmasq"
}
restart {
attempts = 5
delay = "15s"
}
network {
port "dns" {
static = 53
}
port "http" {
to = 80
}
}
task "pihole" {
driver = "docker"
volume_mount {
volume = "pihole"
destination = "/etc/pihole"
read_only = false
}
volume_mount {
volume = "dnsmasq"
destination = "/etc/dnsmasq.d"
read_only = false
}
env {
TZ = "Europe/Amsterdam"
WEBPASSWORD = "elbonfeix"
ServerIP = "100.107.148.47"
}
config {
image = "pihole/pihole:v5.7"
ports = ["dns", "http"]
}
resources {
cpu = 100
memory = 64
}
service {
name = "pihole-gui"
port = "http"
}
}
}
}

47
data/nomad/old/unbound.nomad Normal file
View File

@@ -0,0 +1,47 @@
job "unbound" {
region = "global"
datacenters = ["samfelag"]
type = "service"
group "unbound" {
count = 1
volume "unbound" {
type = "host"
read_only = false
source = "dns-unbound"
}
restart {
attempts = 5
delay = "15s"
}
network {
port "dns" {
static = 5533
}
}
task "unbound" {
driver = "docker"
volume_mount {
volume = "unbound"
destination = "/opt/unbound/etc/unbound/"
read_only = false
}
config {
image = "mvance/unbound:latest"
ports = ["dns"]
}
resources {
cpu = 50
memory = 64
}
}
}
}

52
data/nomad/organice.nomad Normal file
View File

@@ -0,0 +1,52 @@
job "organice" {
region = "global"
datacenters = ["samfelag"]
type = "service"
group "organice" {
count = 1
restart {
attempts = 5
delay = "1m"
}
network {
port "http" {
to = 5000
}
}
task "organice" {
driver = "docker"
env {
ORGANICE_WEBDAV_URL = "https://nextcloud.lajuntament.space/remote.php/dav/files/marc/"
}
config {
image = "twohundredok/organice:latest"
ports = ["http"]
}
resources {
cpu = 100
memory = 128
}
service {
name = "organice"
port = "http"
check {
type = "tcp"
port = "http"
interval = "30s"
timeout = "2s"
}
}
}
}
}

70
data/nomad/pasta.nomad Normal file
View File

@@ -0,0 +1,70 @@
job "pasta" {
region = "global"
datacenters = ["samfelag"]
type = "service"
group "pasta" {
count = 1
restart {
attempts = 5
delay = "15s"
}
network {
port "backend" {
to = 3000
}
port "client" {
to = 80
}
}
# PASTA SERVER
task "pasta-server" {
driver = "docker"
env {
PASTA_PORT = "3000"
PASTA_DIR = "/pasta"
}
config {
image = "marc.sastre.cat/pasta-server"
ports = ["backend"]
volumes = ["/mnt/vatnajokull/nomad_volumes/pasta:/pasta"]
}
resources {
cpu = 100
memory = 256
}
service {
name = "pasta-server"
port = "backend"
}
}
# PASTA CLIENT
task "pasta-client" {
driver = "docker"
config {
image = "marc.sastre.cat/pasta-client"
ports = ["client"]
}
resources {
cpu = 50
memory = 32
}
service {
name = "pasta-client"
port = "client"
}
}
}
}

41
data/nomad/presencia.nomad Normal file
View File

@@ -0,0 +1,41 @@
job "presencia" {
region = "global"
datacenters = ["samfelag"]
type = "service"
group "presencia" {
count = 1
restart {
attempts = 5
delay = "15s"
}
network {
port "http" {
to = 5000
}
}
# PRESENCIA APP
task "presencia" {
driver = "docker"
config {
image = "marc.sastre.cat/presencia"
ports = ["http"]
}
resources {
cpu = 50
memory = 64
}
service {
name = "presencia"
port = "http"
}
}
}
}

52
data/nomad/registry.nomad Normal file
View File

@@ -0,0 +1,52 @@
job "registry" {
region = "global"
datacenters = ["samfelag"]
type = "service"
group "registry" {
count = 1
restart {
attempts = 5
delay = "1m"
}
network {
port "http" {
to = 5000
}
}
task "registry" {
driver = "docker"
env {
REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY = "/data"
}
config {
image = "registry:2"
ports = ["http"]
volumes = ["/mnt/vatnajokull/nomad_volumes/registry:/data"]
}
resources {
cpu = 100
memory = 256
}
service {
name = "registry"
port = "http"
check {
type = "tcp"
port = "http"
interval = "30s"
timeout = "2s"
}
}
}
}
}

52
data/nomad/webhooks.nomad Normal file
View File

@@ -0,0 +1,52 @@
job "webhooks" {
region = "global"
datacenters = ["samfelag"]
type = "service"
group "webhooks" {
count = 1
restart {
attempts = 5
delay = "1m"
}
network {
port "http" {
to = 6000
}
}
task "webhooks" {
driver = "docker"
env {
CONFIG_FILE = "/app/data/config.json"
}
config {
image = "marc.sastre.cat/webhooks:latest"
ports = ["http"]
volumes = ["/mnt/vatnajokull/nomad_volumes/webhooks:/app/data"]
}
resources {
cpu = 100
memory = 128
}
service {
name = "webhooks"
port = "http"
check {
type = "tcp"
port = "http"
interval = "30s"
timeout = "2s"
}
}
}
}
}

6
modules/server/nomad.nix
View File

@@ -47,11 +47,11 @@ in
};
};
# --- Secrets ---------------------------------
age.secrets = {
"nomad.d/consul-token.json" = {
file = ../../secrets/nomad.d/consul-token.json.age;
file = if cfg.server
then ../../secrets/nomad.d/consul-token-server.json.age
else ../../secrets/nomad.d/consul-token-client.json.age;
mode = "644";
};
};

BIN
secrets/consul.d/agent-token-reykjavik.json.age
View File

Binary file not shown.

BIN
secrets/consul.d/agent-token-thingvellir.json.age
View File

Binary file not shown.

10
secrets/consul.d/consul-agent-ca-key.pem.age
View File

@@ -1,6 +1,6 @@
age-encryption.org/v1
-> ssh-ed25519 GWuf0Q MD7uGzKIk90mRQJVI/HKk9MMbI3HwkwwKEoLc/R8qyQ
m2K5DUI+O+ufDWl1faCwR+9nA8vxAQW5pptwgEhzMJI
--- JkkPxFdtVCa3MQqLCpJ7GBajuyQAyHjwr6fbCV81qdA
6JèüJ´Ïå7DÔYb¥@—¨3z´9WnÅC ‰R4Hò-´ÄÒš {Fo -ºZ£J
J¡âšDaœ´Ž~ßÊDLy¡\rºE¯GAÀœ„bªfj`£!Sfi+÷w4†£f¨•Aâ<>çç1yìè¸ûÚe»2`¢öL>Â%ƒé€'oóÞÂ"'é”hÔµä;3Z‰å§H•ëìPaÐ ó@´×ΊO¶0[¸¯¢ŠVIî|5þºcƒåÖSªÈ—ßó#Ú3U2|,+Z«2BºaªX*—Þ q¬¢Rg¨ðl£ÏãûP‡z†5„D*#È×m¿
-> ssh-ed25519 GWuf0Q UGRQaYwj+drn/22AfMDMKsoO0APyZA0Q7KychsCafUs
STKHeUzgmNHQBzoAxzA37QNTHWiFFu+CqwPw8pKfRd0
--- VHt9chFlFpduvg0IMozIiFr3cfTBtxke2TeZBaZakEg
ÁÆçVç 'SÂA<C382>×L|5IÖŠ—T&“³ÂuÊÎTiì©â”Sò õøKY©Aª¥‰!Jws[ƒ®@ùÂdÙ©"ä%êXo.J-°Oªˆý¿Waj<61>¹BQë›ø{è<>λÇùg•æ ßðäýéVžD>”Òî)º°wÃŽ[BF¶Ûô÷øÆ|ÿo­<>ßéèу¹±ù”m6b³ERs„?¬ëŸ“!|b‡anß6ù>;²KòÑNîC™'<27>Ûð)gKå"C4
)f…#~rÂiªFË@deÐn8<>9ùð ¼ÀuMç´ÁTŠÄ5tðÜûD<_zp:¦

BIN
secrets/consul.d/consul-agent-ca.pem.age
View File

Binary file not shown.

BIN
secrets/consul.d/gossip.json.age
View File

Binary file not shown.

BIN
secrets/consul.d/samfelag-server-thingvellir-key.pem.age
View File

Binary file not shown.

BIN
secrets/consul.d/samfelag-server-thingvellir.pem.age
View File

Binary file not shown.

BIN
secrets/nomad.d/consul-token-client.json.age Normal file
View File

Binary file not shown.

8
secrets/nomad.d/consul-token-server.json.age Normal file
View File

@@ -0,0 +1,8 @@
age-encryption.org/v1
-> ssh-ed25519 GWuf0Q 4t1WD76CN3hhc3073abxAsobKWKDX+yemaIxHy8PiDk
9O2cAi7MJVqGiTNnOIez4MACEYMB3/YyLSz4Z4YWe2c
-> ssh-ed25519 kNjiNQ WaXpqZbqRuLo9q241VclrLfHOQ94VRB8D0RY2es8KBM
P6iayA+emjHOEg59EzXU32RCRKZaGS0j7d3wk4Is6tQ
--- QsnjyrQe2d1K59Q/i3/NIXaK87rsDf4neQS5sKJ6yeY
±&8"Ú¨?4 ™?¬
$É!þÈÄëYíêjuÌ*8Éc¿DÖC°Á!"<22>

9
secrets/nomad.d/consul-token.json.age
View File

@@ -1,9 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 GWuf0Q /XcgfDBTfuPwmHppIuebKrUG7kwyWvwvV9s4Uz8F5Vc
T9a+SfUQljNue/MuLGYM88RdeL//HFHVi73h1HIxKR8
-> ssh-ed25519 zhVGHw TzasXNF1RyeJm0AJh+bKo0+8jJUeTdL38/YpfX96cDU
hHgwS5htLLV9gXBlUtyszaLQtDB5dGUc3qmWSOmSt1E
-> ssh-ed25519 kNjiNQ a3ZzkIGDlAMvEUTXikMteCe969a/qxKog1KdLCmYxBY
F+sGFzXnv5SYjvI79xf0yw5Qx6azIdt9EAd6A0Fc5wg
--- EB4QDFEC5bbpBEUq5r1lvlnk2g5yV4wrTAIOM30F50Q
;ö†ÜîCs?ûQ•\sq£rªb;ïBXûn×IÏÌ%æX´qxÛÙè

3
secrets/secrets.nix
View File

@@ -30,5 +30,6 @@ in
"consul.d/agent-token-thingvellir.json.age".publicKeys = thingvellir;
# -- Nomad -------------------------------
"nomad.d/consul-token.json.age".publicKeys = samfelag-hosts;
"nomad.d/consul-token-client.json.age".publicKeys = samfelag-hosts;
"nomad.d/consul-token-server.json.age".publicKeys = thingvellir;
}