chore: backup Nomad jobs [skip ci]

2025-11-21 21:10:40 +00:00
parent fe8d4976ed
commit 890c867763
29 changed files with 4519 additions and 0 deletions
--- a/nomad_backup/auth.hcl
+++ b/nomad_backup/auth.hcl
@@ -0,0 +1,89 @@
+job "auth" {
+  datacenters = ["dc1"]
+  type        = "service"
+  constraint {
+    attribute = "${attr.kernel.name}"
+    value     = "linux"
+  }
+
+  constraint {
+    attribute = "${attr.unique.hostname}"
+    operator  = "regexp"
+    value     = "odroid.*"
+  }
+  group "auth" {
+    count = 1
+
+    task "fwdauth" {
+      driver = "docker"
+
+      config {
+        // image = "npawelek/traefik-forward-auth"
+        image = "thomseddon/traefik-forward-auth:2-arm"
+
+        port_map {
+          auth = 4181
+        }
+
+        volumes = [
+          "/etc/localtime:/etc/localtime:ro",
+        ]
+      }
+
+      env {
+        PROVIDERS_GOOGLE_CLIENT_ID     = "807888907647-uog95jmiolsuh6ql1t8jm53l1jvuajck.apps.googleusercontent.com"
+        PROVIDERS_GOOGLE_CLIENT_SECRET = "B8bDri5mFvGv-Ghzbt8fLj4W"
+        SECRET                         = "ladskfdjmqwermnnbasfnmldas"
+        CONFIG                         = "/local/config.ini"
+        LIFETIME                       = "31536000"
+        WHITELIST                      = "stuart.stent@gmail.com,stephen.bunt@gmail.com"
+
+        // AUTH_HOST     = "fwdauth.fbleagh.duckdns.org"
+        COOKIE_DOMAIN = "fbleagh.duckdns.org"
+      }
+
+      template {
+        data        = "{{ key \"Dex\" }}"
+        destination = "local/config.ini"
+        change_mode = "restart"
+      }
+
+      resources {
+        cpu    = 100 # 100 MHz
+        memory = 64  # 128 MB
+
+        network {
+          port "auth" {
+            static = 4181
+          }
+        }
+      }
+
+      service {
+        name = "dex"
+
+        tags = [
+          "fwdauth",
+          "web",
+          "traefik.http.routers.dex.rule=Host(`fwdauth.fbleagh.duckdns.org`,`fwdauth.fbleagh.dedyn.io`)",
+          "traefik.http.routers.dex.entrypoints=websecure",
+          "traefik.http.routers.dex.tls=true",
+          // "traefik.http.routers.dex.tls.certresolver=myresolver",
+          "traefik.http.middlewares.dex.forwardauth.address=http://dex.service.dc1.consul:4181",
+          "traefik.http.middlewares.dex.forwardauth.trustForwardHeader=true",
+          "traefik.http.middlewares.dex.forwardauth.authResponseHeaders=X-Forwarded-User",
+          "traefik.http.routers.auth.middlewares=dex",
+          "traefik.http.routers.traefik-forward-auth.middlewares=dex",
+        ]
+
+        port = "auth"
+
+        check {
+          type     = "tcp"
+          interval = "10s"
+          timeout  = "2s"
+        }
+      }
+    } #end Dex
+  }
+}