variable "flake_ref" { type = string } variable "flake_sha" { type = string } variable "store_path" { type = string } variable "upstreams" { type = string } job "ingress" { datacenters = [ "do-1" ] region = "do-1" type = "service" group "ingress" { count = 1 constraint { attribute = "${attr.unique.hostname}" value = "toothpick" } volume "ingress-letsencrypt" { type = "csi" source = "ingress-letsencrypt" read_only = false attachment_mode = "file-system" access_mode = "single-node-writer" } network { mode = "bridge" port "http" { static = 80 to = 80 host_network = "public" } port "http-matrix" { static = 8448 to = 8448 host_network = "public" } port "https" { static = 443 to = 443 host_network = "public" } port "minecraft" { static = 25565 to = 25565 host_network = "public" } port "forgejo-ssh" { static = 19022 to = 19022 host_network = "public" } } service { name = "ingress-toothpick" port = "http" connect { sidecar_service { proxy { upstreams { destination_name = "gitea" local_bind_port = 3000 datacenter = "homelab-1" mesh_gateway { mode = "local" } } upstreams { destination_name = "hydra" local_bind_port = 8666 datacenter = "homelab-1" mesh_gateway { mode = "local" } } upstreams { destination_name = "nextcloud" local_bind_port = 8777 datacenter = "homelab-1" mesh_gateway { mode = "local" } } upstreams { destination_name = "website" local_bind_port = 8080 datacenter = "homelab-1" mesh_gateway { mode = "local" } } upstreams { destination_name = "minecraft" local_bind_port = 2666 datacenter = "homelab-1" mesh_gateway { mode = "local" } } upstreams { destination_name = "reicio" local_bind_port = 8000 datacenter = "homelab-1" mesh_gateway { mode = "local" } } upstreams { destination_name = "matrix-synapse" local_bind_port = 6167 datacenter = "homelab-1" mesh_gateway { mode = "local" } } upstreams { destination_name = "matrix-synapse-client" local_bind_port = 6168 datacenter = "homelab-1" mesh_gateway { mode = "local" } } upstreams { destination_name = "matrix-synapse-federation-receiver" local_bind_port = 6169 datacenter = "homelab-1" mesh_gateway { mode = "local" } } upstreams { destination_name = "matrix-synapse-sync" local_bind_port = 6170 datacenter = "homelab-1" mesh_gateway { mode = "local" } } } } } } task "nginx" { driver = "docker" volume_mount { volume = "ingress-letsencrypt" destination = "/etc/letsencrypt" read_only = false } config { nix_flake_ref = "${var.flake_ref}#nixngConfigurations.ingressToothpick.config.system.build.toplevel" nix_flake_sha = var.flake_sha nix_flake_store_path = var.store_path entrypoint = [ "init" ] } resources { cpu = 200 memory = 128 } template { data = <