sstent/NomadBackup
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
256f2ecefaedd636779a7a7e32291e965013aaa9
NomadBackup/nomad_backup/traefik.hcl
github-actions[bot] 9e6c3bdecd chore: backup infrastructure configurations [skip ci]
2025-11-25 02:00:43 +00:00

227 lines
5.5 KiB
HCL
Raw Blame History

job "traefik" {
datacenters = ["dc1"]
type = "system"
constraint {
attribute = "${attr.kernel.name}"
value = "linux"
}
update {
stagger = "10s"
max_parallel = 1
healthy_deadline = "5m"
}
group "traefik" {
count = 1
restart {
attempts = 6
interval = "1m"
delay = "10s"
mode = "delay"
}
task "traefik" {
driver = "docker"
config {
image = "traefik:2.9"
// network_mode = "host"
args = [
// "--api.dashboard",
// "--providers.consulcatalog.defaultRule=Host(`{{ .Name }}.service.dc1.consul`)",
// "--providers.consulcatalog.endpoint.address=${attr.unique.network.ip-address}:8500",
// "--providers.consulcatalog.exposedbydefault=true",
// "--metrics=true",
// "--metrics.prometheus=true",
// "--metrics.prometheus.entryPoint=web",
// "--entryPoints.web.address=:80",
// "--entryPoints.websecure.address=:443",
// "--entryPoints.openvpn.address=:1194/udp",
"--configFile=/local/file.yml",
// "--certificatesresolvers.myresolver.acme.email=stuart.stent@gmail.com",
// "--certificatesresolvers.myresolver.acme.storage=/acmecert/acme.json",
// "--certificatesresolvers.myresolver.acme.tlschallenge=true",
// "--certificatesresolvers.myresolver-int.acme.email=stuart.stent@gmail.com",
// "--certificatesresolvers.myresolver-int.acme.storage=/acmecert/acme.json",
// "--certificatesresolvers.myresolver-int.acme.tlschallenge=true",
// "--certificatesresolvers.myresolver-int.acme.dnschallenge=true",
// "--certificatesresolvers.myresolver-int.acme.dnschallenge.provider=duckdns",
"--accesslog=true",
// "--serversTransport.insecureSkipVerify=true",
]
volumes = [
"/var/run/docker.sock:/var/run/docker.sock",
"/mnt/mnt/configs/letsencrypt:/acmecert/",
]
dns_servers = ["${attr.unique.network.ip-address}","192.168.4.250","8.8.8.8"]
ports = ["traefik", "traefikhttps","traefikui"]
memory_hard_limit = 20480
}
env {
TZ = "EST5EDT"
PUID = 1000
PGID = 1000
DUCKDNS_TOKEN="e4b5ca33-1f4d-494b-b06d-6dd4600df662"
}
template {
left_delimiter = "[["
right_delimiter = "]]"
data = <<EOH
http:
serversTransports:
insecureSkipVerify: true
entryPoints:
web:
address: :80
websecure:
address: :443
log:
level: INFO
accessLog:
fields:
names:
RequestPath: keep
filters:
retryAttempts: true
minDuration: "10ms"
metrics:
prometheus:
addRoutersLabels: true
addServicesLabels: true
api:
dashboard: true
insecure: true
providers:
consulCatalog:
exposedByDefault: true
refreshInterval: 30s
defaultRule: "Host(`{{ .Name }}.service.dc1.consul`)"
endpoint:
address: "[[env "attr.unique.network.ip-address"]]:8500"
file:
filename: /local/tls.yml
EOH
destination = "local/file.yml"
}
template {
data = <<EOH
tls:
certificates:
- certFile: /local/duckdns_fullchain.pem
keyFile: /local/duckdns_privkey.pem
- certFile: /local/dedyn_fullchain.pem
keyFile: /local/dedyn_privkey.pem
stores:
default:
defaultCertificate:
certFile: /local/duckdns_fullchain.pem
keyFile: /local/duckdns_privkey.pem
EOH
destination = "local/tls.yml"
}
// file:
// directory: /local/tls.yaml
template {
change_mode = "restart"
data = "{{ key \"letsconsul/*.fbleagh.duckdns.org/fullchain.cer\" }}"
destination = "local/duckdns_fullchain.pem"
perms = 0777
}
template {
change_mode = "noop"
data = "{{ key \"letsconsul/*.fbleagh.duckdns.org/*.fbleagh.duckdns.org.key\" }}"
destination = "local/duckdns_privkey.pem"
perms = 0777
}
template {
change_mode = "restart"
data = "{{ key \"letsconsul/*.fbleagh.dedyn.io/fullchain.cer\" }}"
destination = "local/dedyn_fullchain.pem"
perms = 0777
}
template {
change_mode = "noop"
data = "{{ key \"letsconsul/*.fbleagh.dedyn.io/*.fbleagh.dedyn.io.key\" }}"
destination = "local/dedyn_privkey.pem"
perms = 0777
}
service {
name = "${TASKGROUP}"
tags = [
"global",
"traefik",
"enable_gocast",
"gocast_vip=192.168.1.249/32",
"gocast_nat=tcp:443:443",
"gocast_nat=udp:443:443"]
port = "traefik"
}
service {
name = "${TASKGROUP}-ui"
tags = [
"global",
"traefik",
"traefik.http.routers.dashboard.rule=Host(`traefik-ui.service.dc1.consul`)",
"traefik.http.routers.dashboard.service=api@internal",
]
port = "traefik"
} #end service
resources {
cpu = 256 # 500 MHz
memory = 256 # 128MB
} #end resources
} #end task
network {
port "traefik" {
static = 80
to = 80
}
port "traefikui" {
static = 8090
to = 8080
}
port "traefikhttps" {
static = 443
to = 443
}
}
} # end group
} # end job
Reference in New Issue View Git Blame Copy Permalink