magic_rb/cluster
1
0
Fork 0
mirror of https://git.sr.ht/~magic_rb/cluster synced 2024-11-21 15:54:21 +01:00
Code Issues Packages Projects Releases Wiki Activity

General clean up and a switch back to Docker

Browse source 
Signed-off-by: main <magic_rb@redalder.org>
This commit is contained in:
main 2022-10-27 11:26:19 +02:00
parent b6dc065c5d
commit 1b51d5ae56
16 changed files with 140 additions and 277 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

57
nomad/regions/homelab-1/baikal.tf
View file

@ -1,57 +0,0 @@
resource "nomad_volume" "baikal-specific" {
type = "csi"
plugin_id = "nfs"
volume_id = "baikal-specific"
name = "baikal-specific"
external_id = "baikal-specific"
capability {
access_mode = "single-node-writer"
attachment_mode = "file-system"
}
context = {
server = "blowhole.hosts.in.redalder.org"
share = "/var/nfs/baikal/specific"
}
mount_options {
fs_type = "nfs"
mount_flags = [ "nolock", "hard" ]
}
}
resource "nomad_volume" "baikal-config" {
type = "csi"
plugin_id = "nfs"
volume_id = "baikal-config"
name = "baikal-config"
external_id = "baikal-config"
capability {
access_mode = "single-node-writer"
attachment_mode = "file-system"
}
context = {
server = "blowhole.hosts.in.redalder.org"
share = "/var/nfs/baikal/config"
}
mount_options {
fs_type = "nfs"
mount_flags = [ "nolock", "hard" ]
}
}
resource "nomad_job" "baikal" {
jobspec = file("${path.module}/job/baikal.hcl")
hcl2 {
enabled = true
vars = {
flake_ref = "${var.flake_host}?rev=${var.flake_rev}&ref=${var.flake_ref}"
flake_sha = var.flake_sha
}
}
}

18
nomad/regions/homelab-1/email.tf
View file

@ -1,7 +1,7 @@
resource "vault_policy" "dovecot-policy" { resource "vault_policy" "dovecot-policy" {
name = "dovecot-policy" name = "dovecot-policy"
policy = <<EOF policy = <<EOF
path "kv/data/getmail" { path "kv/data/dovecot" {
capabilities = ["read"] capabilities = ["read"]
} }
EOF EOF
@ -10,7 +10,7 @@ EOF
resource "vault_policy" "getmail-policy" { resource "vault_policy" "getmail-policy" {
name = "getmail-policy" name = "getmail-policy"
policy = <<EOF policy = <<EOF
path "kv/data/dovecot" { path "kv/data/getmail" {
capabilities = ["read"] capabilities = ["read"]
} }
EOF EOF
@ -18,30 +18,32 @@ EOF
resource "nomad_volume" "dovecot_maildir" { resource "nomad_volume" "dovecot_maildir" {
type = "csi" type = "csi"
plugin_id = "nfs" plugin_id = "org.democratic-csi.nfs"
volume_id = "dovecot_maildir" volume_id = "dovecot_maildir"
name = "dovecot_maildir" name = "dovecot_maildir"
external_id = "dovecot_maildir" external_id = "dovecot_maildir"
capability { capability {
access_mode = "single-node-writer" access_mode = "multi-node-multi-writer"
attachment_mode = "file-system" attachment_mode = "file-system"
} }
context = { context = {
server = "blowhole.hosts.in.redalder.org" server = "blowhole.hosts.in.redalder.org"
share = "/var/nfs/dovecot/maildir" share = "/var/nfs/dovecot/maildir"
node_attach_driver = "nfs"
provisioner_driver = "node-manual"
} }
mount_options { mount_options {
fs_type = "nfs" fs_type = "nfs"
mount_flags = [ "nolock", "hard" ] mount_flags = [ "nfsvers=3", "hard", "async" ]
} }
} }
resource "nomad_volume" "getmail_getmail-d" { resource "nomad_volume" "getmail_getmail-d" {
type = "csi" type = "csi"
plugin_id = "nfs" plugin_id = "org.democratic-csi.nfs"
volume_id = "getmail_getmail-d" volume_id = "getmail_getmail-d"
name = "getmail_getmail-d" name = "getmail_getmail-d"
external_id = "getmail_getmail-d" external_id = "getmail_getmail-d"
@ -54,11 +56,13 @@ resource "nomad_volume" "getmail_getmail-d" {
context = { context = {
server = "blowhole.hosts.in.redalder.org" server = "blowhole.hosts.in.redalder.org"
share = "/var/nfs/getmail/getmail.d" share = "/var/nfs/getmail/getmail.d"
node_attach_driver = "nfs"
provisioner_driver = "node-manual"
} }
mount_options { mount_options {
fs_type = "nfs" fs_type = "nfs"
mount_flags = [ "nolock", "hard" ] mount_flags = [ "nfsvers=3", "hard", "async" ]
} }
} }

12
nomad/regions/homelab-1/gitea.tf
View file

@ -1,6 +1,6 @@
resource "nomad_volume" "gitea-db" { resource "nomad_volume" "gitea-db" {
type = "csi" type = "csi"
plugin_id = "nfs" plugin_id = "org.democratic-csi.nfs"
volume_id = "gitea-db" volume_id = "gitea-db"
name = "gitea-db" name = "gitea-db"
external_id = "gitea-db" external_id = "gitea-db"
@ -13,17 +13,19 @@ resource "nomad_volume" "gitea-db" {
context = { context = {
server = "blowhole.hosts.in.redalder.org" server = "blowhole.hosts.in.redalder.org"
share = "/var/nfs/gitea-db" share = "/var/nfs/gitea-db"
node_attach_driver = "nfs"
provisioner_driver = "node-manual"
} }
mount_options { mount_options {
fs_type = "nfs" fs_type = "nfs"
mount_flags = [ "nolock", "hard" ] mount_flags = [ "nfsvers=3", "nolock", "async" ]
} }
} }
resource "nomad_volume" "gitea-data" { resource "nomad_volume" "gitea-data" {
type = "csi" type = "csi"
plugin_id = "nfs" plugin_id = "org.democratic-csi.nfs"
volume_id = "gitea-data" volume_id = "gitea-data"
name = "gitea-data" name = "gitea-data"
external_id = "gitea-data" external_id = "gitea-data"
@ -36,11 +38,13 @@ resource "nomad_volume" "gitea-data" {
context = { context = {
server = "blowhole.hosts.in.redalder.org" server = "blowhole.hosts.in.redalder.org"
share = "/var/nfs/gitea-data" share = "/var/nfs/gitea-data"
node_attach_driver = "nfs"
provisioner_driver = "node-manual"
} }
mount_options { mount_options {
fs_type = "nfs" fs_type = "nfs"
mount_flags = [ "nolock", "hard" ] mount_flags = [ "nfsvers=3", "nolock", "async" ]
} }
} }

25
nomad/regions/homelab-1/home-assistant.tf
View file

@ -23,6 +23,31 @@ resource "nomad_volume" "home-assistant_hass" {
} }
} }
resource "nomad_volume" "home-assistant_db" {
type = "csi"
plugin_id = "org.democratic-csi.nfs"
volume_id = "home-assistant_db"
name = "home-assistant_db"
external_id = "home-assistant_db"
capability {
access_mode = "single-node-writer"
attachment_mode = "file-system"
}
context = {
server = "blowhole.hosts.in.redalder.org"
share = "/var/nfs/home-assistant_db"
node_attach_driver = "nfs"
provisioner_driver = "node-manual"
}
mount_options {
fs_type = "nfs"
mount_flags = [ "nfsvers=3", "hard", "async" ]
}
}
resource "nomad_volume" "home-assistant_zigbee2mqtt" { resource "nomad_volume" "home-assistant_zigbee2mqtt" {
type = "csi" type = "csi"
plugin_id = "org.democratic-csi.nfs" plugin_id = "org.democratic-csi.nfs"

96
nomad/regions/homelab-1/job/baikal.hcl
View file

@ -1,96 +0,0 @@
variable "flake_ref" {
type = string
}
variable "flake_sha" {
type = string
}
job "baikal" {
datacenters = [ "homelab-1" ]
type = "service"
group "baikal" {
count = 1
volume "baikal-specific" {
type = "csi"
source = "baikal-specific"
read_only = false
attachment_mode = "file-system"
access_mode = "single-node-writer"
}
volume "baikal-config" {
type = "csi"
source = "baikal-config"
read_only = false
attachment_mode = "file-system"
access_mode = "single-node-writer"
}
network {
mode = "bridge"
}
service {
name = "baikal"
port = "80"
## Syncthing with auth returns 402: Unauthorized and Nomad interprets it as
## service failure.
# check {
# type = "http"
# address_mode = "alloc"
# path = "/"
# port = "8384"
# interval = "10s"
# timeout = "10s"
# }
connect {
sidecar_service {}
sidecar_task {
resources {
cpu = 75
memory = 48
}
config {
memory_hard_limit = 96
}
}
}
}
task "baikal" {
driver = "containerd-driver"
config {
flake_ref = "${var.flake_ref}#nixngSystems.baikal.config.system.build.toplevel"
flake_sha = var.flake_sha
entrypoint = [ "init" ]
}
resources {
cpu = 128
memory = 128
}
volume_mount {
volume = "baikal-specific"
destination = "/var/baikal/specific"
read_only = false
}
volume_mount {
volume = "baikal-config"
destination = "/var/baikal/config"
read_only = false
}
}
}
}

6
nomad/regions/homelab-1/job/camptules.hcl
View file

@ -18,11 +18,11 @@ job "camptules" {
} }
task "camptules" { task "camptules" {
driver = "containerd-driver" driver = "docker"
config { config {
flake_ref = "${var.flake_ref}#nixngSystems.camptules.config.system.build.toplevel" nix_flake_ref = "${var.flake_ref}#nixngSystems.camptules.config.system.build.toplevel"
flake_sha = var.flake_sha nix_flake_sha = var.flake_sha
entrypoint = [ "init" ] entrypoint = [ "init" ]
} }

18
nomad/regions/homelab-1/job/conduit.hcl
View file

@ -59,7 +59,7 @@ job "matrix" {
} }
task "mautrix-facebook" { task "mautrix-facebook" {
driver = "containerd-driver" driver = "docker"
volume_mount { volume_mount {
volume = "matrix-mautrix-facebook" volume = "matrix-mautrix-facebook"
@ -74,8 +74,8 @@ job "matrix" {
} }
config { config {
flake_ref = "${var.flake_ref}#nixngSystems.mautrix-facebook.config.system.build.toplevel" nix_flake_ref = "${var.flake_ref}#nixngSystems.mautrix-facebook.config.system.build.toplevel"
flake_sha = var.flake_sha nix_flake_sha = var.flake_sha
entrypoint = [ "init" ] entrypoint = [ "init" ]
} }
@ -132,7 +132,7 @@ EOF
} }
task "heisenbridge" { task "heisenbridge" {
driver = "containerd-driver" driver = "docker"
volume_mount { volume_mount {
volume = "matrix-registrations" volume = "matrix-registrations"
@ -141,8 +141,8 @@ EOF
} }
config { config {
flake_ref = "${var.flake_ref}#nixngSystems.heisenbridge.config.system.build.toplevel" nix_flake_ref = "${var.flake_ref}#nixngSystems.heisenbridge.config.system.build.toplevel"
flake_sha = var.flake_sha nix_flake_sha = var.flake_sha
entrypoint = [ "init" ] entrypoint = [ "init" ]
} }
@ -214,7 +214,7 @@ EOF
} }
task "synapse" { task "synapse" {
driver = "containerd-driver" driver = "docker"
volume_mount { volume_mount {
volume = "matrix-synapse" volume = "matrix-synapse"
@ -229,8 +229,8 @@ EOF
} }
config { config {
flake_ref = "${var.flake_ref}#nixngSystems.conduit.config.system.build.toplevel" nix_flake_ref = "${var.flake_ref}#nixngSystems.conduit.config.system.build.toplevel"
flake_sha = var.flake_sha nix_flake_sha = var.flake_sha
entrypoint = [ "init" ] entrypoint = [ "init" ]
} }

12
nomad/regions/homelab-1/job/email.hcl
View file

@ -63,7 +63,7 @@ job "email" {
} }
task "app" { task "app" {
driver = "containerd-driver" driver = "docker"
volume_mount { volume_mount {
volume = "dovecot_maildir" volume = "dovecot_maildir"
@ -78,8 +78,8 @@ job "email" {
} }
config { config {
flake_ref = "${var.flake_ref}#nixngSystems.getmail.config.system.build.toplevel" nix_flake_ref = "${var.flake_ref}#nixngSystems.getmail.config.system.build.toplevel"
flake_sha = var.flake_sha nix_flake_sha = var.flake_sha
entrypoint = [ "init" ] entrypoint = [ "init" ]
} }
@ -133,7 +133,7 @@ job "email" {
} }
task "app" { task "app" {
driver = "containerd-driver" driver = "docker"
volume_mount { volume_mount {
volume = "dovecot_maildir" volume = "dovecot_maildir"
@ -142,8 +142,8 @@ job "email" {
} }
config { config {
flake_ref = "${var.flake_ref}#nixngSystems.dovecot.config.system.build.toplevel" nix_flake_ref = "${var.flake_ref}#nixngSystems.dovecot.config.system.build.toplevel"
flake_sha = var.flake_sha nix_flake_sha = var.flake_sha
entrypoint = [ "init" ] entrypoint = [ "init" ]
} }

6
nomad/regions/homelab-1/job/gitea.hcl
View file

@ -64,7 +64,7 @@ job "gitea" {
} }
task "app" { task "app" {
driver = "containerd-driver" driver = "docker"
volume_mount { volume_mount {
volume = "gitea-data" volume = "gitea-data"
@ -79,8 +79,8 @@ job "gitea" {
} }
config { config {
flake_ref = "${var.flake_ref}#nixngSystems.gitea.config.system.build.toplevel" nix_flake_ref = "${var.flake_ref}#nixngSystems.gitea.config.system.build.toplevel"
flake_sha = var.flake_sha nix_flake_sha = var.flake_sha
entrypoint = [ "init" ] entrypoint = [ "init" ]
# mounts = [ # mounts = [

66
nomad/regions/homelab-1/job/home-assistant.hcl
View file

@ -59,19 +59,22 @@ job "home-assistant" {
} }
task "zigbee2mqtt" { task "zigbee2mqtt" {
driver = "containerd-driver" driver = "docker"
vault { vault {
policies = ["zigbee2mqtt-policy"] policies = ["zigbee2mqtt-policy"]
} }
config { config {
flake_ref = "${var.flake_ref}#nixngSystems.zigbee2mqtt.config.system.build.toplevel" nix_flake_ref = "${var.flake_ref}#nixngSystems.zigbee2mqtt.config.system.build.toplevel"
flake_sha = var.flake_sha nix_flake_sha = var.flake_sha
entrypoint = [ "init" ] entrypoint = [ "init" ]
devices = [ devices = [
"/dev/ttyUSB0" #"serial/by-id/usb-ITead_Sonoff_Zigbee_3.0_USB_Dongle_Plus_4c004e9c53c9eb118a9f8b4f1d69213e-if00-port0" {
host_path = "/dev/ttyUSB0" #"serial/by-id/usb-ITead_Sonoff_Zigbee_3.0_USB_Dongle_Plus_4c004e9c53c9eb118a9f8b4f1d69213e-if00-port0"
container_path = "/dev/ttyUSB0"
}
] ]
} }
@ -135,15 +138,15 @@ EOF
} }
task "mosquitto" { task "mosquitto" {
driver = "containerd-driver" driver = "docker"
vault { vault {
policies = ["mosquitto-policy"] policies = ["mosquitto-policy"]
} }
config { config {
flake_ref = "${var.flake_ref}#nixngSystems.mosquitto.config.system.build.toplevel" nix_flake_ref = "${var.flake_ref}#nixngSystems.mosquitto.config.system.build.toplevel"
flake_sha = var.flake_sha nix_flake_sha = var.flake_sha
entrypoint = [ "init" ] entrypoint = [ "init" ]
} }
@ -197,6 +200,15 @@ EOF
access_mode = "single-node-writer" access_mode = "single-node-writer"
} }
volume "home-assistant_db" {
type = "csi"
source = "home-assistant_db"
read_only = false
attachment_mode = "file-system"
access_mode = "single-node-writer"
}
service { service {
name = "home-assistant" name = "home-assistant"
port = "8123" port = "8123"
@ -214,16 +226,49 @@ EOF
} }
} }
task "postgresql" {
driver = "docker"
volume_mount {
volume = "home-assistant_db"
destination = "/var/lib/postgresql"
read_only = false
}
config {
nix_flake_ref = "${var.flake_ref}#nixngSystems.home-assistant.postgresql.config.system.build.toplevel"
nix_flake_sha = var.flake_sha
entrypoint = [ "init" ]
}
resources {
cpu = 500
memory = 128
memory_max = 256
}
template {
data = <<EOF
alter user hass with encrypted password '{{ with secret "kv/data/home-assistant" }}{{ .Data.data.pgpass }}{{ end }}';
EOF
destination = "secrets/init.sql"
}
vault {
policies = ["home-assistant-policy"]
}
}
task "home-assistant" { task "home-assistant" {
driver = "containerd-driver" driver = "docker"
vault { vault {
policies = ["home-assistant-policy"] policies = ["home-assistant-policy"]
} }
config { config {
flake_ref = "${var.flake_ref}#nixngSystems.home-assistant.config.system.build.toplevel" nix_flake_ref = "${var.flake_ref}#nixngSystems.home-assistant.hass.config.system.build.toplevel"
flake_sha = var.flake_sha nix_flake_sha = var.flake_sha
entrypoint = [ "init" ] entrypoint = [ "init" ]
} }
@ -242,6 +287,7 @@ EOF
template { template {
data = <<EOF data = <<EOF
{{ with secret "kv/data/home-assistant" }} {{ with secret "kv/data/home-assistant" }}
PSQL_PASSWORD={{ .Data.data.pgpass }}
LATITUDE={{ .Data.data.latitude }} LATITUDE={{ .Data.data.latitude }}
LONGTITUDE={{ .Data.data.longtitude }} LONGTITUDE={{ .Data.data.longtitude }}
ELEVATION={{ .Data.data.elevation }} ELEVATION={{ .Data.data.elevation }}

17
nomad/regions/homelab-1/job/hydra.hcl
View file

@ -73,7 +73,7 @@ job "hydra" {
} }
task "hydra" { task "hydra" {
driver = "containerd-driver" driver = "docker"
volume_mount { volume_mount {
volume = "hydra-data" volume = "hydra-data"
@ -88,12 +88,15 @@ job "hydra" {
} }
config { config {
flake_ref = "${var.flake_ref}#nixngSystems.hydra.config.system.build.toplevel" nix_flake_ref = "${var.flake_ref}#nixngSystems.hydra.config.system.build.toplevel"
flake_sha = var.flake_sha nix_flake_sha = var.flake_sha
entrypoint = [ "init" ] entrypoint = [ "init" ]
devices = [ devices = [
"/dev/fuse" {
host_path = "/dev/fuse"
container_path = "/dev/fuse"
}
] ]
privileged = true privileged = true
} }
@ -149,7 +152,7 @@ EOF
} }
task "postgresql" { task "postgresql" {
driver = "containerd-driver" driver = "docker"
volume_mount { volume_mount {
volume = "hydra-db" volume = "hydra-db"
@ -158,8 +161,8 @@ EOF
} }
config { config {
flake_ref = "${var.flake_ref}#nixngSystems.hydraPostgresql.config.system.build.toplevel" nix_flake_ref = "${var.flake_ref}#nixngSystems.hydraPostgresql.config.system.build.toplevel"
flake_sha = var.flake_sha nix_flake_sha = var.flake_sha
entrypoint = [ "init" ] entrypoint = [ "init" ]
} }

7
nomad/regions/homelab-1/job/ingress.hcl
View file

@ -99,12 +99,11 @@ job "ingress" {
} }
task "nginx" { task "nginx" {
driver = "containerd-driver" driver = "docker"
# driver = "docker"
config { config {
flake_ref = "${var.flake_ref}#nixngSystems.ingressBlowhole.config.system.build.toplevel" nix_flake_ref = "${var.flake_ref}#nixngSystems.ingressBlowhole.config.system.build.toplevel"
flake_sha = var.flake_sha nix_flake_sha = var.flake_sha
entrypoint = [ "init" ] entrypoint = [ "init" ]
} }

54
nomad/regions/homelab-1/job/reicio.hcl
View file

@ -1,54 +0,0 @@
variable "flake_ref" {
type = string
}
variable "flake_sha" {
type = string
}
job "reicio" {
datacenters = [ "homelab-1" ]
type = "service"
group "reicio" {
count = 1
network {
mode = "bridge"
}
service {
name = "reicio"
port = "8000"
check {
type = "http"
address_mode = "alloc"
path = "/"
port = "8000"
interval = "2s"
timeout = "2s"
}
connect {
sidecar_service {}
}
}
task "reicio" {
driver = "containerd-driver"
config {
flake_ref = "${var.flake_ref}#nixngSystems.reicio.config.system.build.toplevel"
flake_sha = var.flake_sha
entrypoint = [ "init" ]
}
resources {
cpu = 64
memory = 16
memory_max = 32
}
}
}
}

6
nomad/regions/homelab-1/job/syncthing.hcl
View file

@ -76,11 +76,11 @@ job "syncthing" {
} }
task "syncthing" { task "syncthing" {
driver = "containerd-driver" driver = "docker"
config { config {
flake_ref = "${var.flake_ref}#nixngSystems.syncthing.config.system.build.toplevel" nix_flake_ref = "${var.flake_ref}#nixngSystems.syncthing.config.system.build.toplevel"
flake_sha = var.flake_sha nix_flake_sha = var.flake_sha
entrypoint = [ "init" ] entrypoint = [ "init" ]
} }

6
nomad/regions/homelab-1/job/website.hcl
View file

@ -56,11 +56,11 @@ job "website" {
} }
task "apache" { task "apache" {
driver = "containerd-driver" driver = "docker"
config { config {
flake_ref = "${var.flake_ref}#nixngSystems.website.config.system.build.toplevel" nix_flake_ref = "${var.flake_ref}#nixngSystems.website.config.system.build.toplevel"
flake_sha = var.flake_sha nix_flake_sha = var.flake_sha
entrypoint = [ "init" ] entrypoint = [ "init" ]
} }

11
nomad/regions/homelab-1/reicio.tf
View file

@ -1,11 +0,0 @@
resource "nomad_job" "reicio" {
jobspec = file("${path.module}/job/reicio.hcl")
hcl2 {
enabled = true
vars = {
flake_ref = "${var.flake_host}?rev=${var.flake_rev}&ref=${var.flake_ref}"
flake_sha = var.flake_sha
}
}
}