sstent/NomadBackup
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

chore: backup infrastructure configurations [skip ci]

Browse Source
This commit is contained in:
github-actions[bot]
2025-11-24 15:25:01 +00:00
parent a5e11de6ed
commit 26a7d1eee1
31 changed files with 1016 additions and 306 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
consul_backup/metadata.json
View File

@@ -1,5 +1,5 @@
{ {
"backup_timestamp": "2025-11-23T02:00:42.913047", "backup_timestamp": "2025-11-24T15:25:00.879116",
"total_keys": 79, "total_keys": 79,
"successful_backups": 74, "successful_backups": 74,
"failed_backups": 5, "failed_backups": 5,

2
consul_backup/nomad/postgres/members/pg-odroid6
View File

@@ -1 +1 @@
{"conn_url":"postgres://192.168.4.226:5432/postgres","api_url":"http://192.168.4.226:8008/patroni","state":"running","role":"replica","version":"4.0.4","xlog_location":587880588200,"replication_state":"streaming","timeline":248} {"conn_url":"postgres://192.168.4.226:5432/postgres","api_url":"http://192.168.4.226:8008/patroni","state":"running","role":"replica","version":"4.0.4","xlog_location":589299797968,"replication_state":"streaming","timeline":248}

2
consul_backup/nomad/postgres/members/pg-odroid7
View File

@@ -1 +1 @@
{"conn_url":"postgres://192.168.4.227:5432/postgres","api_url":"http://192.168.4.227:8008/patroni","state":"running","role":"replica","version":"4.0.4","xlog_location":587880560592,"replication_state":"streaming","timeline":248} {"conn_url":"postgres://192.168.4.227:5432/postgres","api_url":"http://192.168.4.227:8008/patroni","state":"running","role":"replica","version":"4.0.4","xlog_location":589299779856,"replication_state":"streaming","timeline":248}

2
consul_backup/nomad/postgres/members/pg-odroid8
View File

@@ -1 +1 @@
{"conn_url":"postgres://192.168.4.228:5432/postgres","api_url":"http://192.168.4.228:8008/patroni","state":"running","role":"primary","version":"4.0.4","xlog_location":587880553712,"timeline":248} {"conn_url":"postgres://192.168.4.228:5432/postgres","api_url":"http://192.168.4.228:8008/patroni","state":"running","role":"primary","version":"4.0.4","xlog_location":589299779856,"timeline":248}

2
consul_backup/nomad/postgres/members/pg-opti1
View File

@@ -1 +1 @@
{"conn_url":"postgres://192.168.4.36:5432/postgres","api_url":"http://192.168.4.36:8008/patroni","state":"running","role":"replica","version":"4.0.4","xlog_location":587880830616,"replication_state":"streaming","timeline":248} {"conn_url":"postgres://192.168.4.36:5432/postgres","api_url":"http://192.168.4.36:8008/patroni","state":"running","role":"replica","version":"4.0.4","xlog_location":589299713952,"replication_state":"streaming","timeline":248}

2
consul_backup/nomad/postgres/status
View File

@@ -1 +1 @@
{"optime":587880553712,"slots":{"pg_odroid6":587880553712,"pg_odroid7":587880553712,"pg_opti1":587880553712,"pg_odroid8":587880553712},"retain_slots":["pg_odroid6","pg_odroid7","pg_odroid8","pg_opti1"]} {"optime":589299779856,"slots":{"pg_odroid6":589299779856,"pg_odroid7":589299779856,"pg_opti1":589299779856,"pg_odroid8":589299779856},"retain_slots":["pg_odroid6","pg_odroid7","pg_odroid8","pg_opti1"]}

2
consul_backup/qbitcheck/connection_monitor/state
View File

@@ -1 +1 @@
{"connection_state": "stable", "last_state_change_time": 1763829844.4920733, "consecutive_failures": 21, "consecutive_stable_checks": 122, "last_failure_time": 1763829749.067393} {"connection_state": "unstable", "last_state_change_time": 1763997771.3138738, "consecutive_failures": 0, "consecutive_stable_checks": 0, "last_failure_time": 1763829749.067393}

2
consul_backup/qbitcheck/connection_monitor/vpn
View File

@@ -1 +1 @@
{"vpn_status": "running", "last_vpn_status_change": 1763829147.0930555, "public_ip": "192.30.89.67", "last_public_ip_change": 1763829147.2012818, "public_ip_details": {"public_ip": "192.30.89.67", "region": "British Columbia", "country": "Canada", "city": "Vancouver", "location": "49.2497,-123.1193", "organization": "AS394256 Tech Futures Interactive Inc.", "postal_code": "V5Y", "timezone": "America/Vancouver"}} {"vpn_status": "running", "last_vpn_status_change": 1763829147.0930555, "public_ip": "139.28.218.235", "last_public_ip_change": 1763997771.0223732, "public_ip_details": {"public_ip": "139.28.218.235", "region": "Quebec", "country": "Canada", "city": "Montreal", "location": "45.499401,-73.570297", "organization": "M247 Europe SRL", "postal_code": "H3B", "timezone": "America/Toronto"}}

1
nomad_backup/gitea.hcl
View File

@@ -68,7 +68,6 @@ job "gitea" {
GITEA__server__SSH_PORT = "${NOMAD_HOST_PORT_ssh}" # The port exposed on the host for SSH GITEA__server__SSH_PORT = "${NOMAD_HOST_PORT_ssh}" # The port exposed on the host for SSH
GITEA__actions__ENABLED=true GITEA__actions__ENABLED=true
GITEA__packages__ENABLED=true
# Set the user Gitea runs as inside the container (important for permissions) # Set the user Gitea runs as inside the container (important for permissions)
USER_UID = "1000" USER_UID = "1000"

3
nomad_backup/gonic.hcl
View File

@@ -48,6 +48,7 @@ job "gonic" {
"traefik.http.routers.goniclan.rule=Host(`gonic.service.dc1.consul`)", "traefik.http.routers.goniclan.rule=Host(`gonic.service.dc1.consul`)",
"traefik.http.routers.gonicwan.rule=Host(`mg.fbleagh.duckdns.org`)", "traefik.http.routers.gonicwan.rule=Host(`mg.fbleagh.duckdns.org`)",
"traefik.http.routers.gonicwan.tls=true", "traefik.http.routers.gonicwan.tls=true",
"traefik.http.routers.gonicwan.tls.certresolver=myresolver"
] ]
// "traefik.http.middlewares.gonic_auth.basicauth.users=admin:$2y$05$cJGONoS0BFTeBUXqmETikeI14QhLDKIDkYuPdA1umIOC129grVMAm", // "traefik.http.middlewares.gonic_auth.basicauth.users=admin:$2y$05$cJGONoS0BFTeBUXqmETikeI14QhLDKIDkYuPdA1umIOC129grVMAm",
@@ -147,4 +148,4 @@ dbs:
} }
} }

36
nomad_backup/grafana.hcl
View File

@@ -2,7 +2,9 @@ job "grafana" {
# region = "global" # region = "global"
datacenters = ["dc1"] datacenters = ["dc1"]
type = "service" type = "service"
# priority = 50 # priority = 50
constraint { constraint {
attribute = "${attr.kernel.name}" attribute = "${attr.kernel.name}"
value = "linux" value = "linux"
@@ -19,23 +21,29 @@ job "grafana" {
} }
group "grafana" { group "grafana" {
count = 1 count = 1
restart { restart {
attempts = 2 attempts = 2
interval = "1m" interval = "1m"
delay = "10s" delay = "10s"
mode = "delay" mode = "delay"
} }
task "grafana" { task "grafana" {
driver = "docker" driver = "docker"
config { config {
// image = "fg2it/grafana-armhf:v5.1.4" // image = "fg2it/grafana-armhf:v5.1.4"
image = "grafana/grafana:latest" image = "grafana/grafana:latest"
ports = ["http"] ports = ["http"]
logging { logging {
type = "json-file" type = "json-file"
} }
memory_hard_limit = 2048 memory_hard_limit = 2048
} }
env { env {
disable_login_form = "EST5EDT" disable_login_form = "EST5EDT"
PUID = 1000 PUID = 1000
@@ -45,28 +53,25 @@ job "grafana" {
GF_AUTH_ANONYMOUS_ORG_NAME = "Main Org." GF_AUTH_ANONYMOUS_ORG_NAME = "Main Org."
GF_AUTH_ANONYMOUS_ORG_ROLE = "Admin" GF_AUTH_ANONYMOUS_ORG_ROLE = "Admin"
} }
template { template {
data = <<EOH data = <<EOH
apiVersion: 1 apiVersion: 1
datasources: datasources:
- name: Prometheus - name: Prometheus
type: prometheus type: prometheus
url: http://prometheus.service.dc1.consul:9090 url: http://prometheus.service.dc1.consul:9090
isDefault: true isDefault:
- name: Loki
type: loki
access: proxy
url: http://{{ range service "loki" }}{{ .Address }}:{{ .Port }}{{ end }}
isDefault: false
editable: true
jsonData:
maxLines: 1000
EOH EOH
destination = "local/datasources/prometheus.yaml" destination = "local/datasources/prometheus.yaml"
} }
template { template {
data = <<EOH data = <<EOH
apiVersion: 1 apiVersion: 1
providers: providers:
- name: dashboards - name: dashboards
type: file type: file
@@ -75,24 +80,28 @@ providers:
path: /local/dashboard_definitons path: /local/dashboard_definitons
foldersFromFilesStructure: true foldersFromFilesStructure: true
EOH EOH
destination = "local/dashboards/dashboards.yaml" destination = "local/dashboards/dashboards.yaml"
} }
template { template {
data = "{{ key \"grafana_dashboards/nomad\" }}" data = "{{ key \"grafana_dashboards/nomad\" }}"
destination = "local/dashboard_definitons/nomad.json" destination = "local/dashboard_definitons/nomad.json"
} }
template { template {
data = "{{ key \"grafana_dashboards/thermals\" }}" data = "{{ key \"grafana_dashboards/thermals\" }}"
destination = "local/dashboard_definitons/thermals.json" destination = "local/dashboard_definitons/thermals.json"
} }
template { template {
data = "{{ key \"grafana_dashboards/NomadMem\" }}" data = "{{ key \"grafana_dashboards/NomadMem\" }}"
destination = "local/dashboard_definitons/NomadMem.json" destination = "local/dashboard_definitons/NomadMem.json"
} }
service { service {
name = "${TASKGROUP}" name = "${TASKGROUP}"
tags = ["global", "backend"] tags = ["global", "backend"]
port = "http" port = "http"
check { check {
name = "alive" name = "alive"
type = "http" type = "http"
@@ -100,6 +109,7 @@ providers:
timeout = "120s" timeout = "120s"
path = "/login" path = "/login"
port = "http" port = "http"
check_restart { check_restart {
limit = 3 limit = 3
grace = "120s" grace = "120s"
@@ -107,17 +117,21 @@ providers:
} }
} }
} }
resources { resources {
cpu = 128 # 500 MHz cpu = 128 # 500 MHz
memory = 64 # 128MB memory = 64 # 128MB
} }
# Specify configuration related to log rotation # Specify configuration related to log rotation
logs { logs {
max_files = 10 max_files = 10
max_file_size = 15 max_file_size = 15
} }
kill_timeout = "10s" kill_timeout = "10s"
} }
network { network {
port "http" { port "http" {
static = 3100 static = 3100

159
nomad_backup/hass.hcl
View File

@@ -28,6 +28,8 @@ job "hass" {
# Stagger updates every 60 seconds # Stagger updates every 60 seconds
stagger = "10s" stagger = "10s"
max_parallel = 1 max_parallel = 1
healthy_deadline = "15m"
progress_deadline = "20m"
} }
group "hass" { group "hass" {
count = 1 count = 1
@@ -39,92 +41,92 @@ job "hass" {
mode = "delay" mode = "delay"
} }
task "init" { // task "init" {
driver = "docker" // driver = "docker"
lifecycle { // lifecycle {
hook = "prestart" // hook = "prestart"
sidecar = false // sidecar = false
}
config {
memory_hard_limit = "2048"
image_pull_timeout = "10m"
force_pull = false
image = "ghcr.io/sstent/rsync"
volumes = [
"/mnt/configs/${NOMAD_GROUP_NAME}:/config",
"/mnt/Public/config/${NOMAD_GROUP_NAME}:/configbackup",
"/mnt/Public/config/locks:/locks"
]
}
env {
DB_NAME = "home-assistant_v2.db"
}
resources {
cpu = 20 # 500 MHz
memory = 20 # 128MB
}
// template {
// data = <<EOH
// dbs:
// - path: /config/radarr.db
// replicas:
// - path: /configbackup
// EOH
// destination = "local/litestream.yml"
// } // }
} // config {
// memory_hard_limit = "2048"
// image_pull_timeout = "10m"
// force_pull = false
// image = "ghcr.io/sstent/rsync"
// volumes = [
// "/mnt/configs/${NOMAD_GROUP_NAME}:/config",
// "/mnt/Public/config/${NOMAD_GROUP_NAME}:/configbackup",
// "/mnt/Public/config/locks:/locks"
// ]
// }
// env {
// DB_NAME = "home-assistant_v2.db"
// }
// resources {
// cpu = 20 # 500 MHz
// memory = 20 # 128MB
// }
// // template {
// // data = <<EOH
// // dbs:
// // - path: /config/radarr.db
// // replicas:
// // - path: /configbackup
// // EOH
// // destination = "local/litestream.yml"
// // }
// }
task "finalsync" { // task "finalsync" {
driver = "docker" // driver = "docker"
lifecycle { // lifecycle {
hook = "poststop" // hook = "poststop"
} // }
config { // config {
memory_hard_limit = "2048" // memory_hard_limit = "2048"
image = "ghcr.io/sstent/rsync" // image = "ghcr.io/sstent/rsync"
volumes = [ // volumes = [
"/mnt/configs/${NOMAD_GROUP_NAME}:/config", // "/mnt/configs/${NOMAD_GROUP_NAME}:/config",
"/mnt/Public/config/${NOMAD_GROUP_NAME}:/configbackup", // "/mnt/Public/config/${NOMAD_GROUP_NAME}:/configbackup",
"/mnt/Public/config/locks:/locks" // "/mnt/Public/config/locks:/locks"
] // ]
// args = ["flock", "-x", "/locks/${NOMAD_GROUP_NAME}_rsync.lock", "rsync", "-av","--exclude='8-20 * * *.db8-20 * * *'","--exclude='8-20 * * *.db'","--exclude='8-20 * * *.db-litestream'","--exclude='generations'","/config/","/configbackup/"] // // args = ["flock", "-x", "/locks/${NOMAD_GROUP_NAME}_rsync.lock", "rsync", "-av","--exclude='8-20 * * *.db8-20 * * *'","--exclude='8-20 * * *.db'","--exclude='8-20 * * *.db-litestream'","--exclude='generations'","/config/","/configbackup/"]
} // }
resources { // resources {
cpu = 20 # 500 MHz // cpu = 20 # 500 MHz
memory = 128 # 128MB // memory = 128 # 128MB
} // }
} // }
task "sync" { // task "sync" {
driver = "docker" // driver = "docker"
lifecycle { // lifecycle {
hook = "poststart" // hook = "poststart"
sidecar = true // sidecar = true
} // }
config { // config {
memory_hard_limit = "2048" // memory_hard_limit = "2048"
image = "ghcr.io/sstent/rsync" // image = "ghcr.io/sstent/rsync"
volumes = [ // volumes = [
"/mnt/configs/:/configs", // "/mnt/configs/:/configs",
"/mnt/Public/config/${NOMAD_GROUP_NAME}:/configbackup", // "/mnt/Public/config/${NOMAD_GROUP_NAME}:/configbackup",
] // ]
args = ["client"] // args = ["client"]
} // }
env { // env {
CRON_TASK_1 = "50 8-20 * * *rsync -av --exclude='*.db*' --exclude='*.db' --exclude='.db-litestream' --exclude='generations' /configs/${NOMAD_GROUP_NAME}/ /configbackup/;" // CRON_TASK_1 = "50 8-20 * * *rsync -av --exclude='*.db*' --exclude='*.db' --exclude='.db-litestream' --exclude='generations' /configs/${NOMAD_GROUP_NAME}/ /configbackup/;"
} // }
resources { // resources {
cpu = 20 # 500 MHz // cpu = 20 # 500 MHz
memory = 20 # 128MB // memory = 20 # 128MB
} // }
} // }
@@ -146,6 +148,7 @@ job "hass" {
"local/configuration.yaml:/config/configuration.yaml", "local/configuration.yaml:/config/configuration.yaml",
"local/ui-lovelace.yaml:/config/ui-lovelace.yaml", "local/ui-lovelace.yaml:/config/ui-lovelace.yaml",
"/mnt/configs/hass:/config", "/mnt/configs/hass:/config",
// "/mnt/Public/config/hass:/config",
] ]
// "local/auth_provider.homeassistant:/config/.storage/auth_provider.homeassistant" // "local/auth_provider.homeassistant:/config/.storage/auth_provider.homeassistant"

6
nomad_backup/immich.hcl
View File

@@ -1,4 +1,10 @@
job "immich" { job "immich" {
constraint {
attribute = "${attr.cpu.arch}"
operator = "!="
value = "arm"
}
datacenters = ["dc1"] # Specify your datacenter datacenters = ["dc1"] # Specify your datacenter
type = "service" type = "service"

6
nomad_backup/minihass.hcl
View File

@@ -1,4 +1,10 @@
job "minihass" { job "minihass" {
constraint {
attribute = "${attr.cpu.arch}"
operator = "!="
value = "armhf"
}
datacenters = ["dc1"] datacenters = ["dc1"]
group "smart-home" { group "smart-home" {

7
nomad_backup/nginx.hcl
View File

@@ -69,12 +69,7 @@ job "nginx" {
} }
service { service {
name = "nginx" name = "nginx"
tags = ["nginx", "web", "urlprefix-/nginx", "backend", tags = ["nginx", "web", "urlprefix-/nginx", "backend"]
"traefik.http.routers.nginxlan.rule=Host(`nginx.service.dc1.consul`)",
"traefik.http.routers.nginxwan.rule=Host(`nginx.service.dc1.fbleagh.duckdns.org`)",
"traefik.http.routers.nginxwan.tls=true",
]
port = "http" port = "http"
check { check {

63
nomad_backup/nzbget.hcl
View File

@@ -47,6 +47,59 @@ job "nzbget" {
// } // }
// } // }
task "nzbget" {
driver = "docker"
config {
image = "linuxserver/nzbget"
network_mode = "container:ovpn-client-${NOMAD_ALLOC_ID}"
// ports = ["nzbget"]
volumes = [
"/mnt/Public/Downloads/news:/downloads",
"/mnt/Public/incoming:/incomplete-downloads",
"/mnt/configs/nzbget/nzbget:/config",
]
}
env {
TZ = "EST5EDT"
PUID = 1000
PGID = 1000
}
resources {
cpu = 500 # 500 MHz
memory = 200 # 128MB
}
} #task nzbget
task "saznzb" {
driver = "docker"
config {
// image = "linuxserver/sabnzbd:2.3.8-0ubuntu1jcfp118.04-ls13"
image = "linuxserver/sabnzbd"
network_mode = "container:ovpn-client-${NOMAD_ALLOC_ID}"
volumes = [
"/mnt/Public/Downloads/news:/downloads",
"/mnt/Public/incoming:/incomplete-downloads",
"/mnt/configs/saznzb/saznzb:/config",
]
}
env {
TZ = "EST5EDT"
PUID = 1000
PGID = 1000
}
resources {
cpu = 500 # 500 MHz
memory = 1024 # 128MB
}
}
task "ovpn-client" { task "ovpn-client" {
driver = "docker" driver = "docker"
@@ -101,8 +154,8 @@ job "nzbget" {
COUNTRY = "Canada" COUNTRY = "Canada"
CITY = "Toronto" CITY = "Toronto"
FIREWALL_VPN_INPUT_PORTS = "56987" FIREWALL_VPN_INPUT_PORTS = "56987"
WIREGUARD_PRIVATE_KEY = "2FHwQX1jxk+qeMmXUtSGRc2kKF1WHeSCyIgHNW+7akA=" #ActiveLynx WIREGUARD_PRIVATE_KEY = "iA64ImY2XNvml7s+HEHWNNGXeqpzFN0/KYGxhCsHLV8="
WIREGUARD_ADDRESS = "10.66.246.4/32" WIREGUARD_ADDRESS = "10.64.141.217/32"
@@ -173,11 +226,7 @@ service {
}, },
] ]
} }
env {
REQUIRE_AUTH = "false"
}
resources { resources {
cpu = 64 # 500 MHz cpu = 64 # 500 MHz
memory = 128 # 128MB memory = 128 # 128MB

6
nomad_backup/postgres-15.hcl
View File

@@ -1,4 +1,10 @@
job "postgres-15" { job "postgres-15" {
constraint {
attribute = "${attr.cpu.arch}"
operator = "!="
value = "arm"
}
type = "system" type = "system"
datacenters = ["dc1"] datacenters = ["dc1"]

110
nomad_backup/promtail.hcl
View File

@@ -3,6 +3,14 @@ job "promtail" {
type = "system" # Runs on every node type = "system" # Runs on every node
group "promtail" { group "promtail" {
count = 1
# Allow spreading across multiple node pools
constraint {
operator = "regexp"
attribute = "${node.pool}"
value = "^(default|backup)$"
}
network { network {
port "http" { port "http" {
static = 9080 static = 9080
@@ -50,6 +58,44 @@ clients:
- url: http://{{ range service "loki" }}{{ .Address }}:{{ .Port }}{{ end }}/loki/api/v1/push - url: http://{{ range service "loki" }}{{ .Address }}:{{ .Port }}{{ end }}/loki/api/v1/push
scrape_configs: scrape_configs:
# Scrape Consul server logs from journald
- job_name: consul-server
journal:
json: false
max_age: 12h
path: /var/log/journal
labels:
job: consul-server
component: server
host: {{ env "HOSTNAME" }}
relabel_configs:
- source_labels: ['__journal__systemd_unit']
regex: 'consul.service'
action: keep
- source_labels: ['__journal__hostname']
target_label: 'journal_host'
- source_labels: ['__journal__systemd_unit']
target_label: 'unit'
# Scrape Consul Template logs from journald
- job_name: consul-template
journal:
json: false
max_age: 12h
path: /var/log/journal
labels:
job: consul-template
component: template
host: {{ env "HOSTNAME" }}
relabel_configs:
- source_labels: ['__journal__systemd_unit']
regex: 'consul-template.service'
action: keep
- source_labels: ['__journal__hostname']
target_label: 'journal_host'
- source_labels: ['__journal__systemd_unit']
target_label: 'unit'
# Scrape Nomad server logs from journald # Scrape Nomad server logs from journald
- job_name: nomad-server - job_name: nomad-server
journal: journal:
@@ -69,6 +115,63 @@ scrape_configs:
- source_labels: ['__journal__systemd_unit'] - source_labels: ['__journal__systemd_unit']
target_label: 'unit' target_label: 'unit'
# Scrape CoreDNS logs from journald
- job_name: coredns
journal:
json: false
max_age: 12h
path: /var/log/journal
labels:
job: coredns
component: dns
host: {{ env "HOSTNAME" }}
relabel_configs:
- source_labels: ['__journal__systemd_unit']
regex: 'coredns.service'
action: keep
- source_labels: ['__journal__hostname']
target_label: 'journal_host'
- source_labels: ['__journal__systemd_unit']
target_label: 'unit'
# Scrape Docker daemon logs from journald
- job_name: docker-daemon
journal:
json: false
max_age: 12h
path: /var/log/journal
labels:
job: docker-daemon
component: docker
host: {{ env "HOSTNAME" }}
relabel_configs:
- source_labels: ['__journal__systemd_unit']
regex: 'docker.service'
action: keep
- source_labels: ['__journal__hostname']
target_label: 'journal_host'
- source_labels: ['__journal__systemd_unit']
target_label: 'unit'
# Scrape Keepalived logs from journald
- job_name: keepalived
journal:
json: false
max_age: 12h
path: /var/log/journal
labels:
job: keepalived
component: ha
host: {{ env "HOSTNAME" }}
relabel_configs:
- source_labels: ['__journal__systemd_unit']
regex: 'keepalived.service'
action: keep
- source_labels: ['__journal__hostname']
target_label: 'journal_host'
- source_labels: ['__journal__systemd_unit']
target_label: 'unit'
# Scrape Nomad allocation logs # Scrape Nomad allocation logs
- job_name: nomad-alloc-logs - job_name: nomad-alloc-logs
static_configs: static_configs:
@@ -79,12 +182,11 @@ scrape_configs:
host: {{ env "HOSTNAME" }} host: {{ env "HOSTNAME" }}
__path__: /alloc/logs/* __path__: /alloc/logs/*
# Exclude Promtail's own FIFO files to avoid seek errors
pipeline_stages: pipeline_stages:
- match: - match:
selector: '{job="nomad-logs"}' selector: '{filename=~".*/\\.promtail\\.(stdout|stderr)\\.fifo"}'
stages: action: drop
- drop:
expression: '.*\.promtail\.(stdout|stderr)\.fifo.*'
# Scrape Docker container logs # Scrape Docker container logs
- job_name: docker - job_name: docker

151
nomad_backup/promtail_backup.hcl Normal file
View File

@@ -0,0 +1,151 @@
job "promtail_backup" {
node_pool = "backup"
datacenters = ["dc1"]
type = "system" # Runs on every node
group "promtail" {
network {
port "http" {
static = 9080
}
}
task "promtail" {
driver = "docker"
config {
image = "grafana/promtail:2.9.3"
ports = ["http"]
args = [
"-config.file=/local/promtail-config.yml",
]
# Mount the Docker socket, journal, and machine-id for systemd logs
volumes = [
"/var/lib/docker/containers:/var/lib/docker/containers:ro",
"/var/log/journal:/var/log/journal:ro",
"/run/log/journal:/run/log/journal:ro",
"/etc/machine-id:/etc/machine-id:ro",
"/var/run/docker.sock:/var/run/docker.sock:ro",
]
# Run as root to access Docker socket
privileged = true
}
env {
HOSTNAME = "${node.unique.name}"
}
template {
data = <<EOH
server:
http_listen_port: 9080
grpc_listen_port: 0
positions:
filename: /alloc/data/positions.yaml
clients:
- url: http://{{ range service "loki" }}{{ .Address }}:{{ .Port }}{{ end }}/loki/api/v1/push
scrape_configs:
# Scrape Nomad server logs from journald
- job_name: nomad-server
journal:
json: false
max_age: 12h
path: /var/log/journal
labels:
job: nomad-server
component: server
host: {{ env "HOSTNAME" }}
relabel_configs:
- source_labels: ['__journal__systemd_unit']
regex: 'nomad.service'
action: keep
- source_labels: ['__journal__hostname']
target_label: 'journal_host'
- source_labels: ['__journal__systemd_unit']
target_label: 'unit'
# Scrape Nomad allocation logs
- job_name: nomad-alloc-logs
static_configs:
- targets:
- localhost
labels:
job: nomad-logs
host: {{ env "HOSTNAME" }}
__path__: /alloc/logs/*
pipeline_stages:
- match:
selector: '{job="nomad-logs"}'
stages:
- drop:
expression: '.*\.promtail\.(stdout|stderr)\.fifo.*'
# Scrape Docker container logs
- job_name: docker
docker_sd_configs:
- host: unix:///var/run/docker.sock
refresh_interval: 5s
relabel_configs:
# Add hostname label
- replacement: {{ env "HOSTNAME" }}
target_label: 'host'
# Extract container name
- source_labels: ['__meta_docker_container_name']
regex: '/(.*)'
target_label: 'container'
# Extract Nomad job name if available
- source_labels: ['__meta_docker_container_label_com_hashicorp_nomad_job_name']
target_label: 'nomad_job'
# Extract Nomad task name if available
- source_labels: ['__meta_docker_container_label_com_hashicorp_nomad_task_name']
target_label: 'nomad_task'
# Extract Nomad namespace if available
- source_labels: ['__meta_docker_container_label_com_hashicorp_nomad_namespace']
target_label: 'nomad_namespace'
# Set the log path
- source_labels: ['__meta_docker_container_id']
target_label: '__path__'
replacement: '/var/lib/docker/containers/$1/*.log'
EOH
destination = "local/promtail-config.yml"
change_mode = "restart"
}
resources {
cpu = 200
memory = 128
}
service {
name = "promtail"
port = "http"
tags = [
"logging",
]
check {
type = "http"
path = "/ready"
interval = "10s"
timeout = "2s"
}
}
}
}
}

23
nomad_backup/prowlarr.hcl
View File

@@ -1,6 +1,12 @@
# There can only be a single job definition per file. # There can only be a single job definition per file.
# Create a job with ID and Name 'example' # Create a job with ID and Name 'example'
job "prowlarr" { job "prowlarr" {
constraint {
attribute = "${attr.cpu.arch}"
operator = "!="
value = "arm"
}
datacenters = ["dc1"] datacenters = ["dc1"]
type = "service" type = "service"
@@ -30,28 +36,11 @@ job "prowlarr" {
} }
task "flaresolver" {
driver = "docker"
config {
image = "ghcr.io/flaresolverr/flaresolverr:latest"
ports = ["http_flare"]
dns_servers = ["192.168.4.250", "1.1.1.1"]
memory_hard_limit = "2048"
force_pull = false
}
service {
name = "${TASKGROUP}"
tags = ["prowlarr_pg", "tools"]
port = "http_flare"
}
}
task "prowlarr" { task "prowlarr" {
driver = "docker" driver = "docker"
config { config {
image = "ghcr.io/linuxserver/prowlarr:develop" image = "ghcr.io/linuxserver/prowlarr:develop"
ports = ["http"] ports = ["http"]
dns_servers = ["192.168.4.250", "1.1.1.1"]
memory_hard_limit = "2048" memory_hard_limit = "2048"
volumes = [ volumes = [
"/mnt/Public/configs/prowlarr_pg:/config", "/mnt/Public/configs/prowlarr_pg:/config",

201
nomad_backup/qbittorrent.hcl
View File

@@ -3,21 +3,28 @@
datacenters = ["dc1"] datacenters = ["dc1"]
type = "service" type = "service"
# priority = 50
constraint {
attribute = "${attr.unique.hostname}"
operator = "regexp"
value = "odroid.*"
// weight = 100
}
affinity {
attribute = "${attr.unique.hostname}"
value = "odroid3"
weight = 100
}
constraint { constraint {
attribute = "${attr.kernel.name}" attribute = "${attr.kernel.name}"
value = "linux" value = "linux"
} }
constraint {
attribute = "${attr.cpu.arch}"
operator = "regexp"
value = "amd64"
}
update { update {
# Stagger updates every 60 seconds # Stagger updates every 60 seconds
stagger = "90s" stagger = "90s"
max_parallel = 1 max_parallel = 1
healthy_deadline = "2m" healthy_deadline = "4m"
health_check = "task_states" health_check = "task_states"
} }
@@ -65,7 +72,6 @@ constraint {
volumes = [ volumes = [
"/etc/localtime:/etc/localtime", "/etc/localtime:/etc/localtime",
"/mnt/syncthing/mullvad:/vpn", "/mnt/syncthing/mullvad:/vpn",
"local/gluetun.toml:/gluetun/config.toml"
] ]
devices = [ devices = [
@@ -74,37 +80,21 @@ constraint {
container_path = "/dev/net/tun" container_path = "/dev/net/tun"
}, },
] ]
} }
template {
data = <<EOH
[[roles]]
name = "qbittorrent"
# Define a list of routes with the syntax "Http-Method /path"
routes = ["GET /v1/openvpn/status", "PUT /v1/openvpn/status", "PUT /v1/openvpn/status", "GET /v1/openvpn/portforwarded", "GET /v1/openvpn/settings", "GET /v1/dns/status", "PUT /v1/dns/status", "PUT /v1/dns/status", "GET /v1/updater/status", "PUT /v1/updater/status", "PUT /v1/updater/status", "GET /v1/publicip/ip", "GET /v1/version", "GET /v1/vpn/status", "PUT /v1/vpn/status", "GET /v1/vpn/settings", "PUT /v1/vpn/settings"]
auth = "none"
EOH
destination = "custom/auth.toml"
}
env { env {
VPN_SERVICE_PROVIDER="airvpn" VPN_SERVICE_PROVIDER="airvpn"
VPN_TYPE="wireguard" VPN_TYPE="wireguard"
WIREGUARD_PRIVATE_KEY="EIos1A9eGCIoCHr02aOsEu8S4C0gqhNLIYF/vMykEV0=" WIREGUARD_PRIVATE_KEY="EF39fCd2/ycBG88qrk0Wgzak4wDLwq9kxLpzNM2se0s="
WIREGUARD_PRESHARED_KEY="RzPcraPA24hLFxGiB7z5JMWrtI+JBbEzvmeiEX36XWo=" WIREGUARD_PRESHARED_KEY="utk1Fqp8N1T20qwof6xGxIDPnrOO49tM6+nQBCBC9OY="
WIREGUARD_ADDRESSES="10.161.31.240/32" WIREGUARD_ADDRESSES="10.152.125.142/32"
SERVER_COUNTRIES="Canada" SERVER_COUNTRIES="Canada"
SERVER_CITIES="Vancouver,Montreal,Toronto" SERVER_CITIES="Montreal"
FIREWALL_VPN_INPUT_PORTS = "61944,53304" FIREWALL_VPN_INPUT_PORTS = "54547"
FIREWALL_INPUT_PORTS="8080,1080"
FIREWALL_DEBUG="on"
HEALTH_TARGET_ADDRESS="1.1.1.1" HEALTH_TARGET_ADDRESS="1.1.1.1"
HEALTH_SUCCESS_WAIT_DURATION="30s" HEALTH_SUCCESS_WAIT_DURATION="30s"
HEALTH_VPN_DURATION_INITIAL="3600s"
HEALTH_VPN_DURATION_ADDITION="600s"
HTTP_CONTROL_SERVER_AUTH_CONFIG_FILEPATH="/custom/auth.toml"
// HEALTH_TARGET_ADDRESS="cloudflare.com:443" // HEALTH_TARGET_ADDRESS="cloudflare.com:443"
@@ -121,7 +111,7 @@ auth = "none"
SHADOWSOCKS = "on" SHADOWSOCKS = "on"
DOT_PROVIDERS = "cloudflare,google,quad9,quadrant" DOT_PROVIDERS = "cloudflare,google,quad9,quadrant"
DOT = "off" DOT = "off"
WEBUI_PORT=8080 WEBUI_PORT=8081
} }
service { service {
@@ -168,7 +158,7 @@ auth = "none"
}, },
] ]
} }
env {REQUIRE_AUTH="false"}
resources { resources {
cpu = 64 # 500 MHz cpu = 64 # 500 MHz
memory = 128 # 128MB memory = 128 # 128MB
@@ -176,80 +166,80 @@ auth = "none"
} #end dante } #end dante
# task "init" { task "init" {
# driver = "docker" driver = "docker"
# lifecycle { lifecycle {
# hook = "prestart" hook = "prestart"
# sidecar = false sidecar = false
# } }
# config { config {
# memory_hard_limit = "2048" memory_hard_limit = "2048"
# image = "ghcr.io/sstent/rsync" image = "ghcr.io/sstent/rsync"
# volumes = [ volumes = [
# "/mnt/configs/${NOMAD_GROUP_NAME}:/config", "/mnt/configs/${NOMAD_GROUP_NAME}:/config",
# "/mnt/Public/config/${NOMAD_GROUP_NAME}:/configbackup", "/mnt/Public/config/${NOMAD_GROUP_NAME}:/configbackup",
# "/mnt/Public/config/locks:/locks" "/mnt/Public/config/locks:/locks"
# ] ]
# args = ["flock", "-x", "/locks/${NOMAD_GROUP_NAME}_rsync.lock", "rsync", "-av", "/configbackup/", "/config/", "--delete-before"] args = ["flock", "-x", "/locks/${NOMAD_GROUP_NAME}_rsync.lock", "rsync", "-av", "/configbackup/", "/config/", "--delete-before"]
# } }
# resources { resources {
# cpu = 20 # 500 MHz cpu = 20 # 500 MHz
# memory = 20 # 128MB memory = 20 # 128MB
# } }
# } }
# task "finalsync" { task "finalsync" {
# driver = "docker" driver = "docker"
# lifecycle { lifecycle {
# hook = "poststop" hook = "poststop"
# } }
# config { config {
# memory_hard_limit = "2048" memory_hard_limit = "2048"
# image = "ghcr.io/sstent/rsync" image = "ghcr.io/sstent/rsync"
# volumes = [ volumes = [
# "/mnt/configs/${NOMAD_GROUP_NAME}:/config", "/mnt/configs/${NOMAD_GROUP_NAME}:/config",
# "/mnt/Public/config/${NOMAD_GROUP_NAME}:/configbackup", "/mnt/Public/config/${NOMAD_GROUP_NAME}:/configbackup",
# "/mnt/Public/config/locks:/locks" "/mnt/Public/config/locks:/locks"
# ] ]
# args = ["flock", "-x", "/locks/${NOMAD_GROUP_NAME}_rsync.lock", "rsync", "-av", "--delete", "/config/", "/configbackup/"] args = ["flock", "-x", "/locks/${NOMAD_GROUP_NAME}_rsync.lock", "rsync", "-av", "--delete", "/config/", "/configbackup/"]
# } }
# resources { resources {
# cpu = 20 # 500 MHz cpu = 20 # 500 MHz
# memory = 128 # 128MB memory = 128 # 128MB
# } }
# } }
# task "sync" { task "sync" {
# driver = "docker" driver = "docker"
# lifecycle { lifecycle {
# hook = "poststart" hook = "poststart"
# sidecar = true sidecar = true
# } }
# config { config {
# memory_hard_limit = "2048" memory_hard_limit = "2048"
# image = "ghcr.io/sstent/rsync" image = "ghcr.io/sstent/rsync"
# volumes = [ volumes = [
# "/mnt/configs/:/configs", "/mnt/configs/:/configs",
# "/mnt/Public/config/${NOMAD_GROUP_NAME}:/configbackup", "/mnt/Public/config/${NOMAD_GROUP_NAME}:/configbackup",
# ] ]
# args = ["client"] args = ["client"]
# } }
# env { env {
# CRON_TASK_1 = "25 8-20 * * * chmod a-w /configs/${NOMAD_GROUP_NAME}/ ; rsync -avz --delete /configs/${NOMAD_GROUP_NAME}/ /configbackup/; chmod a+w /configs/${NOMAD_GROUP_NAME}/;" CRON_TASK_1 = "25 8-20 * * * chmod a-w /configs/${NOMAD_GROUP_NAME}/ ; rsync -avz --delete /configs/${NOMAD_GROUP_NAME}/ /configbackup/; chmod a+w /configs/${NOMAD_GROUP_NAME}/;"
# } }
# resources { resources {
# cpu = 20 # 500 MHz cpu = 20 # 500 MHz
# memory = 20 # 128MB memory = 20 # 128MB
# } }
# } #end sync } #end sync
task "qbittorrent" { task "qbittorrent" {
@@ -257,7 +247,8 @@ auth = "none"
// "/mnt/Public/config/qbittorrent:/config", // "/mnt/Public/config/qbittorrent:/config",
config { config {
image = "linuxserver/qbittorrent:5.1.0" // image = "lscr.io/linuxserver/qbittorrent:latest"
image = "linuxserver/qbittorrent:4.6.5"
network_mode = "container:qbittorrent-vpn-${NOMAD_ALLOC_ID}" network_mode = "container:qbittorrent-vpn-${NOMAD_ALLOC_ID}"
memory_hard_limit = 2048 memory_hard_limit = 2048
@@ -293,6 +284,20 @@ auth = "none"
] ]
port = "qbittorrent_80" port = "qbittorrent_80"
check {
type = "script"
name = "check_up"
command = "/bin/bash"
args = ["/local/qbithealth.sh"]
interval = "120s"
timeout = "10s"
check_restart {
limit = 10
grace = "120s"
ignore_warnings = false
}
}
} }
template { template {

2
nomad_backup/radarr.hcl
View File

@@ -41,7 +41,7 @@ constraint {
config { config {
// image = "linuxserver/radarr:nightly" // image = "linuxserver/radarr:nightly"
image = "linuxserver/radarr:latest" image = "linuxserver/radarr:latest"
dns_servers = ["192.168.4.250", "192.168.4.1"] dns_servers = ["${attr.unique.network.ip-address}","192.168.4.250","8.8.8.8"]
ports = ["http"] ports = ["http"]
memory_hard_limit = "2048" memory_hard_limit = "2048"
// cpuset_cpus = "4-7" // cpuset_cpus = "4-7"

41
nomad_backup/seaweedfsmaster.hcl
View File

@@ -37,38 +37,21 @@ job "seaweedfsmaster" {
mode = "delay" mode = "delay"
} }
task "seaweedfsadmin" {
driver = "docker"
config {
image = "chrislusf/seaweedfs"
memory_hard_limit = "2048"
entrypoint = ["/usr/bin/weed"]
args = [
"admin",
"-masters=${NOMAD_GROUP_NAME}0.service.dc1.consul:9333,${NOMAD_GROUP_NAME}1.service.dc1.consul:9333,${NOMAD_GROUP_NAME}2.service.dc1.consul:9333",
"-dataDir=/data",
]
volumes = [
"/mnt/Public/configs/seaweedfadmin:/data/",
]
ports = ["seaweedfs_admin"]
}
}
task "seaweedfsmaster" { task "seaweedfsmaster" {
driver = "docker" driver = "docker"
config { config {
image = "chrislusf/seaweedfs" image = "chrislusf/seaweedfs"
// image = "ghcr.io/sstent/seaweedfs:latest"
// command = ""
// entrypoint = ["/usr/bin/seaweedfs"]
// entrypoint = ["/usr/bin/nslookup","odroid3.node.dc1.consul"]
memory_hard_limit = "2048" memory_hard_limit = "2048"
// dns_servers = ["192.168.1.1"]
// hostname = "${attr.unique.hostname}"
// hostname = "${attr.unique.network.ip-address}"
entrypoint = ["/usr/bin/weed"] entrypoint = ["/usr/bin/weed"]
args = [ args = [
@@ -89,9 +72,10 @@ job "seaweedfsmaster" {
"-volume.port.grpc=19444", "-volume.port.grpc=19444",
"-volume.max=100" "-volume.max=100"
] ]
// "-filer.peers=${NOMAD_GROUP_NAME}0.service.dc1.consul:8877,${NOMAD_GROUP_NAME}1.service.dc1.consul:8877,${NOMAD_GROUP_NAME}2.service.dc1.consul:8877",
volumes = [ volumes = [
"/mnt/configs/seaweedfs:/data/", "/data/seaweedfs/:/data/",
] ]
ports = ["seaweedfs", "seaweedfs_high", "seaweedfs_filer", "seaweed_s3", "seaweed_webdav", "seaweedfs_filer_high","seaweedfs_vol","seaweedfs_vol_high"] ports = ["seaweedfs", "seaweedfs_high", "seaweedfs_filer", "seaweed_s3", "seaweed_webdav", "seaweedfs_filer_high","seaweedfs_vol","seaweedfs_vol_high"]
@@ -157,9 +141,6 @@ job "seaweedfsmaster" {
port "seaweedfs_vol_high" { port "seaweedfs_vol_high" {
static = "19444" static = "19444"
} }
port "seaweedfs_admin" {
static = "23646"
}
// port "s8080" { // port "s8080" {
// static = 8080 // static = 8080
// to = 8080 // to = 8080

6
nomad_backup/slskd.hcl
View File

@@ -1,6 +1,12 @@
# There can only be a single job definition per file. # There can only be a single job definition per file.
# Create a job with ID and Name 'example' # Create a job with ID and Name 'example'
job "slskd" { job "slskd" {
constraint {
attribute = "${attr.cpu.arch}"
operator = "!="
value = "arm"
}
datacenters = ["dc1"] datacenters = ["dc1"]
type = "service" type = "service"

136
nomad_backup/sonarr-small.hcl Normal file
View File

@@ -0,0 +1,136 @@
# There can only be a single job definition per file.
# Create a job with ID and Name 'example'
job "sonarr-small" {
datacenters = ["dc1"]
type = "service"
constraint {
attribute = "${attr.kernel.name}"
value = "linux"
}
constraint {
attribute = "${attr.cpu.arch}"
operator = "regexp"
value = "arm64"
}
constraint {
attribute = "${attr.unique.hostname}"
operator = "regexp"
value = "odroid.*"
}
update {
stagger = "10s"
max_parallel = 1
}
group "sonarr-small" {
count = 1
restart {
attempts = 2
interval = "1m"
delay = "10s"
mode = "fail"
}
task "sonarr" {
// driver = "raw_exec" // config { // command = "docker" // args = ["run", // "--rm", // "--name=sonarr", // "-e", "PUID=1000", // "-e", "PGID=1000", // "-e", "TZ=EST5EDT", // "-p", "8989:8989", // "-v", "/mnt/syncthing/sonarrv3:/config", // "-v", "/mnt/Public/Downloads/tv:/tv", // "-v", "/mnt/Public/Downloads/news:/downloads", // "--cpuset-cpus","4-7", // "linuxserver/sonarr:preview"] // }
driver = "docker"
config {
image = "linuxserver/sonarr:develop"
ports = ["http"]
// dns_servers = ["192.168.1.1", "1.1.1.1"]
memory_hard_limit = "2048"
// cpuset_cpus = "4-7"
volumes = [
"/mnt/Public/Downloads/news:/downloads",
"/mnt/Public/Downloads/tv:/tv",
// "/mnt/configs/sonarr:/config",
"/mnt/Public/configs/sonarr-small:/config",
// "local/config.xml:/config/config.xml"
]
// "/mnt/gv0/sonarr:/config",
force_pull = false
}
service {
name = "${TASKGROUP}"
tags = ["sonarr", "tools"]
port = "http"
check {
type = "script"
name = "check_up"
command = "/local/healthcheck.sh"
interval = "60s"
timeout = "5s"
check_restart {
limit = 3
grace = "90s"
ignore_warnings = false
}
}
}
template {
data = <<EOH
#!/bin/bash
/usr/bin/curl -f "http://localhost:${NOMAD_PORT_http}/api/v3/system/status?apikey=$(grep -Eo '<ApiKey>(.*)</ApiKey>' /config/config.xml | sed -e 's/<[^>]*>//g')"
EOH
destination = "local/healthcheck.sh"
perms = "0755"
}
template {
data = "---\nkey: {{ key \"ovpn-client\" }}"
destination = "local/file.yml"
change_mode = "restart"
}
env {
// SHARE = "Public;/mount/Public;yes;no;yes;all;none;;Public"
# GLOBAL = "socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=65536 SO_SNDBUF=65536"
# PERMISSIONS = "true"
# WORKGROUP = "WORKGROUP"
TZ = "EST5EDT"
PUID = 1000
PGID = 1000
}
# We must specify the resources required for
# this task to ensure it runs on a machine with
# enough capacity.
resources {
cpu = 500 # 500 MHz
memory = 256 # 128MB
}
# Specify configuration related to log rotation
logs {
max_files = 10
max_file_size = 15
}
# Controls the timeout between signalling a task it will be killed
# and killing the task. If not set a default is used.
kill_timeout = "10s"
} #End main task
network {
// mbits = 100
port "http" {
static = 8989
to = 8989
}
}
}
}

18
nomad_backup/sonarr.hcl
View File

@@ -8,12 +8,7 @@ job "sonarr" {
attribute = "${attr.kernel.name}" attribute = "${attr.kernel.name}"
value = "linux" value = "linux"
} }
constraint {
attribute = "${attr.cpu.arch}"
operator = "regexp"
value = "amd64"
}
update { update {
stagger = "10s" stagger = "10s"
max_parallel = 1 max_parallel = 1
@@ -34,23 +29,18 @@ job "sonarr" {
driver = "docker" driver = "docker"
config { config {
image = "linuxserver/sonarr:develop" image = "lscr.io/linuxserver/sonarr:develop"
ports = ["http"] ports = ["http"]
dns_servers = ["${attr.unique.network.ip-address}","192.168.4.250","8.8.8.8"]
// dns_servers = ["192.168.1.1", "1.1.1.1"]
memory_hard_limit = "2048" memory_hard_limit = "2048"
// cpuset_cpus = "4-7"
volumes = [ volumes = [
"/mnt/Public/Downloads/news:/downloads", "/mnt/Public/Downloads/news:/downloads",
"/mnt/Public/Downloads/tv:/tv", "/mnt/Public/Downloads/tv:/tv",
// "/mnt/configs/sonarr:/config",
"/mnt/Public/configs/sonarr_pg:/config", "/mnt/Public/configs/sonarr_pg:/config",
// "local/config.xml:/config/config.xml"
] ]
// "/mnt/gv0/sonarr:/config",
force_pull = false force_pull = false
} }
@@ -137,7 +127,7 @@ job "sonarr" {
# Specify configuration related to log rotation # Specify configuration related to log rotation
logs { logs {
max_files = 12 max_files = 10
max_file_size = 15 max_file_size = 15
} }

7
nomad_backup/traefik.hcl
View File

@@ -1,4 +1,11 @@
job "traefik" { job "traefik" {
node_pool = "default"
constraint {
attribute = "${attr.cpu.arch}"
operator = "!="
value = "arm"
}
datacenters = ["dc1"] datacenters = ["dc1"]
type = "system" type = "system"

228
nomad_backup/traefik_backup.hcl Normal file
View File

@@ -0,0 +1,228 @@
job "traefik_backup" {
node_pool = "backup"
datacenters = ["dc1"]
type = "system"
constraint {
attribute = "${attr.kernel.name}"
value = "linux"
}
update {
stagger = "10s"
max_parallel = 1
healthy_deadline = "5m"
}
group "traefik" {
count = 1
restart {
attempts = 6
interval = "1m"
delay = "10s"
mode = "delay"
}
task "traefik" {
driver = "docker"
config {
image = "traefik:2.9"
// network_mode = "host"
args = [
// "--api.dashboard",
// "--providers.consulcatalog.defaultRule=Host(`{{ .Name }}.service.dc1.consul`)",
// "--providers.consulcatalog.endpoint.address=${attr.unique.network.ip-address}:8500",
// "--providers.consulcatalog.exposedbydefault=true",
// "--metrics=true",
// "--metrics.prometheus=true",
// "--metrics.prometheus.entryPoint=web",
// "--entryPoints.web.address=:80",
// "--entryPoints.websecure.address=:443",
// "--entryPoints.openvpn.address=:1194/udp",
"--configFile=/local/file.yml",
// "--certificatesresolvers.myresolver.acme.email=stuart.stent@gmail.com",
// "--certificatesresolvers.myresolver.acme.storage=/acmecert/acme.json",
// "--certificatesresolvers.myresolver.acme.tlschallenge=true",
// "--certificatesresolvers.myresolver-int.acme.email=stuart.stent@gmail.com",
// "--certificatesresolvers.myresolver-int.acme.storage=/acmecert/acme.json",
// "--certificatesresolvers.myresolver-int.acme.tlschallenge=true",
// "--certificatesresolvers.myresolver-int.acme.dnschallenge=true",
// "--certificatesresolvers.myresolver-int.acme.dnschallenge.provider=duckdns",
"--accesslog=true",
// "--serversTransport.insecureSkipVerify=true",
]
volumes = [
"/var/run/docker.sock:/var/run/docker.sock",
"/mnt/mnt/configs/letsencrypt:/acmecert/",
]
// dns_servers = ["192.168.4.1", "192.168.4.250"]
ports = ["traefik", "traefikhttps","traefikui"]
memory_hard_limit = 20480
}
env {
TZ = "EST5EDT"
PUID = 1000
PGID = 1000
DUCKDNS_TOKEN="e4b5ca33-1f4d-494b-b06d-6dd4600df662"
}
template {
left_delimiter = "[["
right_delimiter = "]]"
data = <<EOH
http:
serversTransports:
insecureSkipVerify: true
entryPoints:
web:
address: :80
websecure:
address: :443
log:
level: INFO
accessLog:
fields:
names:
RequestPath: keep
filters:
retryAttempts: true
minDuration: "10ms"
metrics:
prometheus:
addRoutersLabels: true
addServicesLabels: true
api:
dashboard: true
insecure: true
providers:
consulCatalog:
exposedByDefault: true
refreshInterval: 30s
defaultRule: "Host(`{{ .Name }}.service.dc1.consul`)"
endpoint:
address: "[[env "attr.unique.network.ip-address"]]:8500"
file:
filename: /local/tls.yml
EOH
destination = "local/file.yml"
}
template {
data = <<EOH
tls:
certificates:
- certFile: /local/duckdns_fullchain.pem
keyFile: /local/duckdns_privkey.pem
- certFile: /local/dedyn_fullchain.pem
keyFile: /local/dedyn_privkey.pem
stores:
default:
defaultCertificate:
certFile: /local/duckdns_fullchain.pem
keyFile: /local/duckdns_privkey.pem
EOH
destination = "local/tls.yml"
}
// file:
// directory: /local/tls.yaml
template {
change_mode = "restart"
data = "{{ key \"letsconsul/*.fbleagh.duckdns.org/fullchain.cer\" }}"
destination = "local/duckdns_fullchain.pem"
perms = 0777
}
template {
change_mode = "noop"
data = "{{ key \"letsconsul/*.fbleagh.duckdns.org/*.fbleagh.duckdns.org.key\" }}"
destination = "local/duckdns_privkey.pem"
perms = 0777
}
template {
change_mode = "restart"
data = "{{ key \"letsconsul/*.fbleagh.dedyn.io/fullchain.cer\" }}"
destination = "local/dedyn_fullchain.pem"
perms = 0777
}
template {
change_mode = "noop"
data = "{{ key \"letsconsul/*.fbleagh.dedyn.io/*.fbleagh.dedyn.io.key\" }}"
destination = "local/dedyn_privkey.pem"
perms = 0777
}
service {
name = "${TASKGROUP}"
tags = [
"global",
"traefik",
"enable_gocast",
"gocast_vip=192.168.1.249/32",
"gocast_nat=tcp:443:443",
"gocast_nat=udp:443:443"]
port = "traefik"
}
service {
name = "${TASKGROUP}-ui"
tags = [
"global",
"traefik",
"traefik.http.routers.dashboard.rule=Host(`traefik-ui.service.dc1.consul`)",
"traefik.http.routers.dashboard.service=api@internal",
]
port = "traefik"
} #end service
resources {
cpu = 256 # 500 MHz
memory = 256 # 128MB
} #end resources
} #end task
network {
port "traefik" {
static = 80
to = 80
}
port "traefikui" {
static = 8090
to = 8080
}
port "traefikhttps" {
static = 443
to = 443
}
}
} # end group
} # end job

44
nomad_backup/vaultwarden.hcl
View File

@@ -17,8 +17,7 @@ job "vaultwarden" {
task "vaultwarden" { task "vaultwarden" {
driver = "docker" driver = "docker"
config { config {
# image = "vaultwarden/server:latest" image = "vaultwarden/server:latest"
image = "vaultwarden/server:1.32.7"
memory_hard_limit = 2048 memory_hard_limit = 2048
ports = ["http"] ports = ["http"]
@@ -33,7 +32,6 @@ job "vaultwarden" {
// vaultwarden_PODCAST_PATH = "/podcasts" // vaultwarden_PODCAST_PATH = "/podcasts"
ADMIN_TOKEN = "VReYRX0RuSw3mxmGFG4+2ECY71l/wYmuD52NOWDur6e43z/inbUmJGUr5KU4wtjW" ADMIN_TOKEN = "VReYRX0RuSw3mxmGFG4+2ECY71l/wYmuD52NOWDur6e43z/inbUmJGUr5KU4wtjW"
ENABLE_DB_WAL = "false" ENABLE_DB_WAL = "false"
DATABASE_URL= "postgresql://postgres:postgres@master.postgres.service.dc1.consul:5432/vaultwarden"
} }
resources { resources {
cpu = 100 # 100 MHz cpu = 100 # 100 MHz
@@ -51,7 +49,8 @@ job "vaultwarden" {
"traefik.http.routers.vaultwardenwan-admin.rule=(Host(`vault.fbleagh.duckdns.org`) && PathPrefix(`/admin/`))", "traefik.http.routers.vaultwardenwan-admin.rule=(Host(`vault.fbleagh.duckdns.org`) && PathPrefix(`/admin/`))",
"traefik.http.routers.vaultwardenwan.tls=true", "traefik.http.routers.vaultwardenwan.tls=true",
// "traefik.http.routers.vaultwardenwan.tls.certresolver=myresolver-int", // "traefik.http.routers.vaultwardenwan.tls.certresolver=myresolver-int",
"traefik.http.middlewares.vaultwardenwan-admin-ipwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.4.0/22", "traefik.http.middlewares.vaultwardenwan-admin-ipwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.0/24",
"traefik.http.routers.nginx-admin.middlewares=vaultwardenwan-admin-ipwhitelist",
"enable_gocast", "enable_gocast",
"gocast_vip=192.168.1.246/32", "gocast_vip=192.168.1.246/32",
"gocast_nat=tcp:8081:8081", "gocast_nat=tcp:8081:8081",
@@ -162,20 +161,53 @@ job "vaultwarden" {
image = "ghcr.io/sstent/rsync" image = "ghcr.io/sstent/rsync"
volumes = [ volumes = [
"/mnt/configs/${NOMAD_GROUP_NAME}/data:/config", "/mnt/configs/:/configs",
"/mnt/Public/config/${NOMAD_GROUP_NAME}:/configbackup", "/mnt/Public/config/${NOMAD_GROUP_NAME}:/configbackup",
] ]
args = ["client"] args = ["client"]
} }
env { env {
CRON_TASK_1 = "50 * * * * rsync -av --exclude='*.db' --exclude='*.db' --exclude='.*.db-litestream' --exclude='generations' /config/ /configbackup/;" CRON_TASK_1 = "50 * * * * rsync -av --exclude='*.db' --exclude='*.db' --exclude='.*.db-litestream' --exclude='generations' /configs/${NOMAD_GROUP_NAME}/ /configbackup/;"
} }
resources { resources {
cpu = 20 # 500 MHz cpu = 20 # 500 MHz
memory = 20 # 128MB memory = 20 # 128MB
} }
} }
task "Backup" {
driver = "docker"
lifecycle {
hook = "poststart"
sidecar = true
}
config {
image = "bruceforce/vaultwarden-backup"
memory_hard_limit = 2048
volumes = [
"/mnt/configs/${NOMAD_GROUP_NAME}/data:/data",
// "/mnt/Public/config/${NOMAD_GROUP_NAME}:/configbackup",
]
args = ["client"]
}
env {
TIMESTAMP = true
DELETE_AFTER = 60
CRON_TIME = "0 5 * * *"
BACKUP_DIR = "/data/backups"
BACKUP_DIR_PERMISSIONS = "-1"
UID = 1000
GID = 1000
}
resources {
cpu = 20 # 500 MHz
memory = 20 # 128MB
}
} #end sync task
network { network {
// mbits = 100 // mbits = 100

3
nomad_backup/wallabag.hcl
View File

@@ -43,6 +43,9 @@ job "wallabag" {
"traefik.http.routers.wallabaglan.rule=Host(`wallabag.service.dc1.consul`)", "traefik.http.routers.wallabaglan.rule=Host(`wallabag.service.dc1.consul`)",
"traefik.http.routers.wallabagwan.rule=Host(`wallabag.fbleagh.duckdns.org`)", "traefik.http.routers.wallabagwan.rule=Host(`wallabag.fbleagh.duckdns.org`)",
"traefik.http.routers.wallabagwan.tls=true", "traefik.http.routers.wallabagwan.tls=true",
// "traefik.http.routers.vaultwardenwan.tls.certresolver=myresolver-int",
"traefik.http.middlewares.vaultwardenwan-admin-ipwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.0/24",
"traefik.http.routers.nginx-admin.middlewares=vaultwardenwan-admin-ipwhitelist",
] ]
port = "http" port = "http"

49
nomad_backup/wireguard.hcl
View File

@@ -2,27 +2,31 @@ job "wireguard" {
region = "global" region = "global"
datacenters = ["dc1"] datacenters = ["dc1"]
type = "service" type = "service"
// constraint {
constraint { // attribute = "${attr.cpu.arch}"
attribute = "${attr.cpu.arch}" // operator = "regexp"
operator = "regexp" // value = "arm"
value = "amd64" // }
}
group "wireguard" { group "wireguard" {
count = 1 count = 1
task "wireguard" { task "wireguard" {
driver = "docker" driver = "docker"
config { config {
image = "ghcr.io/wg-easy/wg-easy" image = "lscr.io/linuxserver/wireguard"
ports = ["vpn","vpn_ui"] ports = ["vpn"]
volumes = [ volumes = [
"/mnt/Public/config/wireguard:/etc/wireguard", "/mnt/Public/config/wireguard:/config",
"/lib/modules:/lib/modules"
] ]
cap_add = ["NET_ADMIN","SYS_MODULE"] cap_add = ["NET_ADMIN","SYS_MODULE"]
// network_mode = "host"
// network_mode = "container:gocast-${NOMAD_ALLOC_ID}"
sysctl = { sysctl = {
"net.ipv4.conf.all.src_valid_mark"="1" "net.ipv4.conf.all.src_valid_mark"="1"
"net.ipv4.ip_forward"="1"
} }
} }
@@ -30,18 +34,20 @@ constraint {
TZ = "EST5EDT" TZ = "EST5EDT"
PUID = 1000 PUID = 1000
PGID = 1000 PGID = 1000
WG_HOST="wireguard.fbleagh.duckdns.org" SERVERURL="wireguard.fbleagh.duckdns.org"
WG_PORT=51820 SERVERPORT=51820
PORT=51821 PEERS="StuPhone,SurfaceGo,Surface,SurfaceGo3"
WEBUI_HOST="0.0.0.0" PEERDNS="192.168.1.250,192.168.1.1,1.1.1.1"
WG_ALLOWED_IPS="0.0.0.0/0" // INTERNAL_SUBNET= "192.168.1.0"
UI_TRAFFIC_STATS="true" ALLOWEDIPS="0.0.0.0/0"
UI_CHART_TYPE=1
WG_DEFAULT_DNS="192.168.4.36, 8.8.8.8"
} }
service { service {
name = "${TASKGROUP}" name = "${TASKGROUP}"
port = "vpn" port = "vpn"
tags = ["enable_gocast",
"gocast_vip=192.168.1.241/32",
"gocast_nat=tcp:51820:51820",
"gocast_nat=udp:51820:51820"]
} }
resources { resources {
@@ -55,11 +61,6 @@ constraint {
static = 51820 static = 51820
to = 51820 to = 51820
} }
port "vpn_ui" {
static = 51821
to = 51821
}
} }
} }
} }