chore: backup infrastructure configurations [skip ci]

2026-05-11 02:07:23 +00:00
parent 7527c05a1d
commit 0126ce23f5
26 changed files with 174 additions and 33 deletions
--- a/nomad_backup/wireguard.hcl
+++ b/nomad_backup/wireguard.hcl
@@ -2,57 +2,60 @@ job "wireguard" {
  region      = "global"
  datacenters = ["dc1"]
  type        = "service"
-  // constraint {
-  //   attribute = "${attr.cpu.arch}"
-  //   operator  = "regexp"
-  //   value     = "arm"
-  // }
+
+  constraint {
+    attribute = "${node.unique.name}"
+    value     = "opti1"
+  }
+
  group "wireguard" {
    count = 1

-
    task "wireguard" {
      driver = "docker"
-
      config {
-        image   = "lscr.io/linuxserver/wireguard"
-        ports   = ["vpn"]
+        image   = "ghcr.io/wg-easy/wg-easy"
+        ports   = ["vpn", "ui"]
        volumes = [
-          "/mnt/Public/config/wireguard:/config",
-          "/lib/modules:/lib/modules"
-          ]
-        cap_add = ["NET_ADMIN","SYS_MODULE"]
-        // network_mode = "host"
-
-        // network_mode      = "container:gocast-${NOMAD_ALLOC_ID}"
+          "/mnt/Public/config/wireguard:/etc/wireguard",
+        ]
+        cap_add = ["NET_ADMIN", "SYS_MODULE"]
        sysctl = {
-          "net.ipv4.conf.all.src_valid_mark"="1"
+          "net.ipv4.conf.all.src_valid_mark" = "1"
+          "net.ipv4.ip_forward"              = "1"
        }
+      }
+
+env {
+  TZ                 = "EST5EDT"
+  WG_HOST            = "wireguard.fbleagh.duckdns.org"
+  WG_PORT            = 51820
+  WG_DEFAULT_DNS     = "192.168.4.250,192.168.4.1,1.1.1.1"
+  WG_DEFAULT_ADDRESS = "10.8.0.x"
+  WG_ALLOWED_IPS     = "0.0.0.0/0"
+  PASSWORD_HASH      = "$2a$12$WAdMQQAoOqtANtsH09hVtuOnCvvghOX9oLZjGkUsovOjgkbPmMdtq"
+}

-      }
-      env {
-        TZ                  = "EST5EDT"
-        PUID                = 1000
-        PGID                = 1000
-        SERVERURL="wireguard.fbleagh.duckdns.org"
-        SERVERPORT=51820 
-        PEERS="StuPhone,SurfaceGo,Surface,SurfaceGo3" 
-        PEERDNS="192.168.1.250,192.168.1.1,1.1.1.1"
-        // INTERNAL_SUBNET= "192.168.1.0" 
-        ALLOWEDIPS="0.0.0.0/0"
-      }
      service {
        name = "${TASKGROUP}"
        port = "vpn"
-          tags = ["enable_gocast",
+        tags = [
+          "enable_gocast",
          "gocast_vip=192.168.1.241/32",
          "gocast_nat=tcp:51820:51820",
-          "gocast_nat=udp:51820:51820"]
+          "gocast_nat=udp:51820:51820",
+        ]
+      }
+
+      service {
+        name = "${TASKGROUP}-ui"
+        port = "ui"
+        tags = ["wireguard-ui"]
      }

      resources {
        cpu    = 50
-        memory = 100
+        memory = 128
      }
    }

@@ -61,6 +64,10 @@ job "wireguard" {
        static = 51820
        to     = 51820
      }
+      port "ui" {
+        static = 51821
+        to     = 51821
+      }
    }
  }
-}
+}