chore: backup infrastructure configurations [skip ci]

nomad_backup/traefik_backup.hcl

@@ -0,0 +1,228 @@
+job "traefik_backup" {
+  node_pool = "backup"
+
+  datacenters = ["dc1"]
+  type        = "system"
+
+  constraint {
+    attribute = "${attr.kernel.name}"
+    value     = "linux"
+  }
+
+  update {
+    stagger          = "10s"
+    max_parallel     = 1
+    healthy_deadline = "5m"
+  }
+
+  group "traefik" {
+    count = 1
+
+    restart {
+      attempts = 6
+      interval = "1m"
+      delay    = "10s"
+      mode     = "delay"
+    }
+
+    task "traefik" {
+      driver = "docker"
+
+      config {
+        image        = "traefik:2.9"
+        // network_mode = "host"
+
+        args = [
+          // "--api.dashboard",
+          // "--providers.consulcatalog.defaultRule=Host(`{{ .Name }}.service.dc1.consul`)",
+          // "--providers.consulcatalog.endpoint.address=${attr.unique.network.ip-address}:8500",
+          // "--providers.consulcatalog.exposedbydefault=true",
+          // "--metrics=true",
+          // "--metrics.prometheus=true",
+          // "--metrics.prometheus.entryPoint=web",
+          // "--entryPoints.web.address=:80",
+          // "--entryPoints.websecure.address=:443",
+          // "--entryPoints.openvpn.address=:1194/udp",
+          "--configFile=/local/file.yml",
+          // "--certificatesresolvers.myresolver.acme.email=stuart.stent@gmail.com",
+          // "--certificatesresolvers.myresolver.acme.storage=/acmecert/acme.json",
+          // "--certificatesresolvers.myresolver.acme.tlschallenge=true",
+          // "--certificatesresolvers.myresolver-int.acme.email=stuart.stent@gmail.com",
+          // "--certificatesresolvers.myresolver-int.acme.storage=/acmecert/acme.json",
+          // "--certificatesresolvers.myresolver-int.acme.tlschallenge=true",
+          // "--certificatesresolvers.myresolver-int.acme.dnschallenge=true",
+          // "--certificatesresolvers.myresolver-int.acme.dnschallenge.provider=duckdns",
+          "--accesslog=true",
+          // "--serversTransport.insecureSkipVerify=true",
+        ]
+        volumes = [
+          "/var/run/docker.sock:/var/run/docker.sock",
+          "/mnt/mnt/configs/letsencrypt:/acmecert/",
+        ]
+
+        // dns_servers = ["192.168.4.1", "192.168.4.250"]
+        ports       = ["traefik", "traefikhttps","traefikui"]
+
+        memory_hard_limit = 20480
+      }
+
+      env {
+        TZ   = "EST5EDT"
+        PUID = 1000
+        PGID = 1000
+        DUCKDNS_TOKEN="e4b5ca33-1f4d-494b-b06d-6dd4600df662"
+      }
+
+      template {
+        left_delimiter  = "[["
+        right_delimiter = "]]"
+
+        data = <<EOH
+http:
+  serversTransports:
+      insecureSkipVerify: true
+
+entryPoints:
+  web:
+    address: :80
+  websecure:
+    address: :443
+
+log:
+  level: INFO
+
+accessLog:
+  fields:
+    names:
+      RequestPath: keep
+  filters:
+    retryAttempts: true
+    minDuration: "10ms"
+
+metrics:
+  prometheus:
+    addRoutersLabels: true
+    addServicesLabels: true
+
+api:
+  dashboard: true
+  insecure: true
+
+providers:
+  consulCatalog:
+    exposedByDefault: true
+    refreshInterval: 30s
+    defaultRule: "Host(`{{ .Name }}.service.dc1.consul`)"
+    endpoint:
+      address: "[[env "attr.unique.network.ip-address"]]:8500"
+  file:
+    filename: /local/tls.yml
+
+
+EOH
+
+        destination = "local/file.yml"
+      }
+
+      template {
+        data = <<EOH
+tls:
+  certificates:
+    - certFile: /local/duckdns_fullchain.pem
+      keyFile: /local/duckdns_privkey.pem
+    - certFile: /local/dedyn_fullchain.pem
+      keyFile: /local/dedyn_privkey.pem
+  stores:
+    default:
+      defaultCertificate:
+        certFile: /local/duckdns_fullchain.pem
+        keyFile: /local/duckdns_privkey.pem
+
+EOH
+
+        destination = "local/tls.yml"
+      }
+
+
+  // file:
+  //   directory: /local/tls.yaml
+
+
+      template {
+        change_mode   = "restart"
+        data        = "{{ key \"letsconsul/*.fbleagh.duckdns.org/fullchain.cer\" }}"
+        destination = "local/duckdns_fullchain.pem"
+        perms = 0777
+      }
+      template {
+        change_mode   = "noop"
+        data        = "{{ key \"letsconsul/*.fbleagh.duckdns.org/*.fbleagh.duckdns.org.key\" }}"
+        destination = "local/duckdns_privkey.pem"
+        perms = 0777
+      }
+      template {
+        change_mode   = "restart"
+        data        = "{{ key \"letsconsul/*.fbleagh.dedyn.io/fullchain.cer\" }}"
+        destination = "local/dedyn_fullchain.pem"
+        perms = 0777
+      }
+      template {
+        change_mode   = "noop"
+        data        = "{{ key \"letsconsul/*.fbleagh.dedyn.io/*.fbleagh.dedyn.io.key\" }}"
+        destination = "local/dedyn_privkey.pem"
+        perms = 0777
+      }
+
+      service {
+        name = "${TASKGROUP}"
+
+        tags = [
+          "global",
+          "traefik",
+          "enable_gocast",
+                    "gocast_vip=192.168.1.249/32",
+                              "gocast_nat=tcp:443:443",
+                                        "gocast_nat=udp:443:443"]
+
+  
+
+        port = "traefik"
+      }
+
+      service {
+        name = "${TASKGROUP}-ui"
+
+        tags = [
+          "global",
+          "traefik",
+          "traefik.http.routers.dashboard.rule=Host(`traefik-ui.service.dc1.consul`)",
+          "traefik.http.routers.dashboard.service=api@internal",
+        ]
+
+        port = "traefik"
+      } #end service
+
+      resources {
+        cpu    = 256 # 500 MHz
+        memory = 256  # 128MB
+      } #end resources
+    } #end task
+
+    network {
+      port "traefik" {
+        static = 80
+        to     = 80
+      }
+
+      port "traefikui" {
+        static = 8090
+        to     = 8080
+      }
+
+      port "traefikhttps" {
+        static = 443
+        to     = 443
+      }
+    }
+  } # end group
+} # end job