job "nzbget" { # region = "global" datacenters = ["dc1"] type = "service" # priority = 50 constraint { attribute = "${attr.kernel.name}" value = "linux" } constraint { attribute = "${attr.unique.hostname}" operator = "regexp" value = "odroid.*" } update { # Stagger updates every 60 seconds stagger = "90s" max_parallel = 1 healthy_deadline = "5m" } group "nzbget" { count = 1 restart { attempts = 8 interval = "20m" delay = "10s" mode = "delay" } // task "init-trigger" { // driver = "docker" // lifecycle { // hook = "prestart" // } // config { // image = "curlimages/curl" // args = ["--request", "PUT", "--data", "${NOMAD_ALLOC_ID}", "http://${attr.unique.network.ip-address}:8500/v1/kv/${NOMAD_GROUP_NAME}"] // } // resources { // cpu = 20 # 500 MHz // memory = 20 # 128MB // } // } task "ovpn-client" { driver = "docker" lifecycle { hook = "prestart" sidecar = true } config { // image = "registry.service.dc1.consul:5000/openpyn:latest" image = "qmcgaw/gluetun" memory_hard_limit = "1024" ports = [ "shadowsocks", "nzbget", "http_proxy", "http_admin", "sabnzb_admin", "socks", ] cap_add = [ "NET_ADMIN", "NET_BIND_SERVICE", ] #network_mode = "host" #network_mode = "vpn" volumes = [ "/etc/localtime:/etc/localtime", ] devices = [ { host_path = "/dev/net/tun" container_path = "/dev/net/tun" }, ] } env { // VPNFLAGS = "us --max-load 70 --top-servers 10 --pings 5" // VPNFLAGS = "nl --max-load 70 --top-servers 10 --pings 5" // VPNSP = "nordvpn" // OPENVPN_USER = "yvPLaZ3xkXtnJKsyXDNQf9Ft" // OPENVPN_PASSWORD = "SW8XvhGkSVuQitjuFrbH9WPA" // REGION = "Netherlands" ##Mullvad VPNSP = "mullvad" VPN_TYPE = "wireguard" COUNTRY = "Canada" CITY = "Toronto" FIREWALL_VPN_INPUT_PORTS = "56987" WIREGUARD_PRIVATE_KEY = "iA64ImY2XNvml7s+HEHWNNGXeqpzFN0/KYGxhCsHLV8=" WIREGUARD_ADDRESS = "10.64.141.217/32" HTTPPROXY = "on" UPDATER_PERIOD= "24h" SHADOWSOCKS_PASSWORD = "farscape5" SHADOWSOCKS = "off" DOT_PROVIDERS = "cloudflare,google,quad9,quadrant" DOT = "off" } service { name = "${TASKGROUP}-admin" tags = ["global", "ovpn-openpyn"] port = "http_admin" } service { name = "${TASKGROUP}" tags = ["global", "ovpn-openpyn"] port = "shadowsocks" } service { name = "nzbget" tags = ["global", "ovpn-openpyn"] port = "nzbget" } service { name = "sabnzb" tags = ["global", "ovpn-openpyn", "enable_gocast", "gocast_vip=192.168.1.247/32", "gocast_nat=tcp:8080:8080", "gocast_nat=udp:8080:8080",] port = "sabnzb_admin" } service { name = "socks-nord" tags = ["global", "ovpn-openpyn", "enable_gocast", "gocast_vip=192.168.1.243/32", "gocast_nat=tcp:1080:1080", "gocast_nat=udp:1080:1080",] port = "socks" } resources { cpu = 100 # 500 MHz memory = 100 # 128MB } } #task ovpn task "dante" { driver = "docker" config { image = "serjs/go-socks5-proxy" // image = "ghcr.io/sstent/dante:latest" network_mode = "container:ovpn-client-${NOMAD_ALLOC_ID}" memory_hard_limit = 256 devices = [ { host_path = "/dev/net/tun" container_path = "/dev/net/tun" }, ] } env { REQUIRE_AUTH = "false" # Option 1: Disable auth # OR # REQUIRE_AUTH = "true" # Option 2: Enable auth with credentials # PROXY_USER = "your-username" # PROXY_PASSWORD = "your-password" } resources { cpu = 64 # 500 MHz memory = 128 # 128MB } } ###################################################################### ###################################################################### ###################################################################### task "init" { driver = "docker" lifecycle { hook = "prestart" sidecar = false } config { image = "ghcr.io/sstent/rsync:v0.3.5" memory_hard_limit = "2048" volumes = [ "/mnt/configs/${NOMAD_GROUP_NAME}:/config", "/mnt/Public/config/${NOMAD_GROUP_NAME}:/configbackup", "/mnt/Public/config/locks:/locks", ] args = ["flock", "-x", "/locks/${NOMAD_GROUP_NAME}_rsync.lock", "rsync", "-avz", "--exclude=Backups", "/configbackup/", "/config/", "--delete-before"] } resources { cpu = 20 # 500 MHz memory = 20 # 128MB } } #end init task task "finalsync" { driver = "docker" lifecycle { hook = "poststop" } config { // image = "pebalk/rsync" image = "ghcr.io/sstent/rsync:v0.3.5" memory_hard_limit = "2048" volumes = [ "/mnt/configs/${NOMAD_GROUP_NAME}:/config", "/mnt/Public/config/${NOMAD_GROUP_NAME}:/configbackup", "/mnt/Public/config/locks:/locks", ] args = ["flock", "-x", "/locks/${NOMAD_GROUP_NAME}_rsync.lock", "rsync", "-avz", "/config/", "/configbackup/"] } resources { cpu = 20 # 500 MHz memory = 20 # 128MB } } #end finalsync task // task "sync" { // driver = "docker" // lifecycle { // hook = "poststart" // sidecar = true // } // config { // image = "ghcr.io/sstent/rsync:v0.3.5" // memory_hard_limit = "2048" // volumes = [ // "/mnt/configs/:/configs", // "/mnt/Public/config/${NOMAD_GROUP_NAME}:/configbackup", // ] // args = ["client"] // } // resources { // cpu = 20 # 500 MHz // memory = 20 # 128MB // } // env { // CRON_TASK_1 = "*/20 8-20 * * * chmod a-w /configs/${NOMAD_GROUP_NAME}/ ; rsync -avz /configs/${NOMAD_GROUP_NAME}/ /configbackup/; chmod a+w /configs/${NOMAD_GROUP_NAME}/;" // } // } #end sync task ###################################################################### ###################################################################### ###################################################################### network { port "shadowsocks" { static = "8338" to = "8388" } port "http_proxy" { static = "8888" to = "8888" } port "http_admin" { static = "8000" to = "8000" } port "sabnzb_admin" { static = "8080" to = "8080" } port "socks" { static = "1080" to = "1080" } port "nzbget" { static = "6789" to = "6789" } } } }