cluster/infrastructure/ingress/nomad.hcl

129 lines
2.4 KiB
HCL
Raw Normal View History

job "ingress" {
datacenters = [ "homelab-1" ]
type = "service"
constraint {
attribute = "${attr.unique.hostname}"
value = "blowhole"
}
group "ingress" {
count = 1
network {
port "http" {
static = "8080"
to = "80"
}
}
service {
name = "ingress"
port = "http"
}
task "nginx" {
driver = "docker"
config {
image = "nixng-ingress:local"
ports = ["http"]
}
template {
data = <<EOF
upstream gitea {
{{ range service "gitea" }}
server {{ .Address }}:{{ .Port }};
{{ else }}server 127.0.0.1:65535; # force a 502
{{ end }}
}
upstream hydra {
{{ range service "hydra" }}
server {{ .Address }}:{{ .Port }};
{{ else }}server 127.0.0.1:65535; # force a 502
{{ end }}
}
upstream nextcloud {
{{ range service "nextcloud" }}
server {{ .Address }}:{{ .Port }};
{{ else }}server 127.0.0.1:65535; # force a 502
{{ end }}
}
upstream website {
{{ range service "website" }}
server {{ .Address }}:{{ .Port }};
{{ else }}server 127.0.0.1:65535; # force a 502
{{ end }}
}
server {
listen 80;
server_name _;
return 404;
}
server {
listen 80;
server_name gitea.redalder.org;
add_header X-Frame-Options "SAMEORIGIN";
add_header Content-Security-Policy "default-src 'self' http: https: data: blob: 'unsafe-inline'" always;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://gitea;
}
}
server {
listen 80;
server_name hydra.redalder.org;
add_header X-Frame-Options "SAMEORIGIN";
add_header Content-Security-Policy "default-src 'self' http: https: data: blob: 'unsafe-inline'" always;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://hydra;
}
}
server {
listen 80;
server_name redalder.org;
add_header X-Frame-Options "SAMEORIGIN";
add_header Content-Security-Policy "default-src 'self' http: https: data: blob: 'unsafe-inline'" always;
location /nextcloud/ {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://nextcloud/;
}
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://website;
}
}
EOF
destination = "local/upstreams.conf"
change_mode = "signal"
change_signal = "SIGHUP"
}
}
}
}