NomadBackup/nomad_backup/20251115_142246/traefik.json

{
  "Format": "hcl2",
  "JobID": "traefik",
  "JobModifyIndex": 14202342,
  "Namespace": "default",
  "Source": "job \"traefik\" {\n  datacenters = [\"dc1\"]\n  type        = \"system\"\n\n  constraint {\n    attribute = \"${attr.kernel.name}\"\n    value     = \"linux\"\n  }\n\n  update {\n    stagger          = \"10s\"\n    max_parallel     = 1\n    healthy_deadline = \"5m\"\n  }\n\n  group \"traefik\" {\n    count = 1\n\n    restart {\n      attempts = 6\n      interval = \"1m\"\n      delay    = \"10s\"\n      mode     = \"delay\"\n    }\n\n    task \"traefik\" {\n      driver = \"docker\"\n\n      config {\n        image        = \"traefik:2.9\"\n        // network_mode = \"host\"\n\n        args = [\n          // \"--api.dashboard\",\n          // \"--providers.consulcatalog.defaultRule=Host(`{{ .Name }}.service.dc1.consul`)\",\n          // \"--providers.consulcatalog.endpoint.address=${attr.unique.network.ip-address}:8500\",\n          // \"--providers.consulcatalog.exposedbydefault=true\",\n          // \"--metrics=true\",\n          // \"--metrics.prometheus=true\",\n          // \"--metrics.prometheus.entryPoint=web\",\n          // \"--entryPoints.web.address=:80\",\n          // \"--entryPoints.websecure.address=:443\",\n          // \"--entryPoints.openvpn.address=:1194/udp\",\n          \"--configFile=/local/file.yml\",\n          // \"--certificatesresolvers.myresolver.acme.email=stuart.stent@gmail.com\",\n          // \"--certificatesresolvers.myresolver.acme.storage=/acmecert/acme.json\",\n          // \"--certificatesresolvers.myresolver.acme.tlschallenge=true\",\n          // \"--certificatesresolvers.myresolver-int.acme.email=stuart.stent@gmail.com\",\n          // \"--certificatesresolvers.myresolver-int.acme.storage=/acmecert/acme.json\",\n          // \"--certificatesresolvers.myresolver-int.acme.tlschallenge=true\",\n          // \"--certificatesresolvers.myresolver-int.acme.dnschallenge=true\",\n          // \"--certificatesresolvers.myresolver-int.acme.dnschallenge.provider=duckdns\",\n          \"--accesslog=true\",\n          // \"--serversTransport.insecureSkipVerify=true\",\n        ]\n        volumes = [\n          \"/var/run/docker.sock:/var/run/docker.sock\",\n          \"/mnt/mnt/configs/letsencrypt:/acmecert/\",\n        ]\n\n        dns_servers = [\"192.168.1.1\", \"192.168.1.250\"]\n        ports       = [\"traefik\", \"traefikhttps\",\"traefikui\"]\n\n        memory_hard_limit = 2048\n      }\n\n      env {\n        TZ   = \"EST5EDT\"\n        PUID = 1000\n        PGID = 1000\n        DUCKDNS_TOKEN=\"e4b5ca33-1f4d-494b-b06d-6dd4600df662\"\n      }\n\n      template {\n        left_delimiter  = \"[[\"\n        right_delimiter = \"]]\"\n\n        data = <<EOH\nhttp:\n  serversTransports:\n      insecureSkipVerify: true\n\nentryPoints:\n  web:\n    address: :80\n  websecure:\n    address: :443\n\nlog:\n  level: DEBUG\n\nmetrics:\n  prometheus:\n    addRoutersLabels: true\n    addServicesLabels: true\n\napi:\n  dashboard: true\n  insecure: true\n\nproviders:\n  consulCatalog:\n    exposedByDefault: true\n    refreshInterval: 30s\n    defaultRule: \"Host(`{{ .Name }}.service.dc1.consul`)\"\n    endpoint:\n      address: \"[[env \"attr.unique.network.ip-address\"]]:8500\"\n  file:\n    filename: /local/tls.yml\n\n\nEOH\n\n        destination = \"local/file.yml\"\n      }\n\n      template {\n        data = <<EOH\ntls:\n  certificates:\n    - certFile: /local/duckdns_fullchain.pem\n      keyFile: /local/duckdns_privkey.pem\n    - certFile: /local/dedyn_fullchain.pem\n      keyFile: /local/dedyn_privkey.pem\n  stores:\n    default:\n      defaultCertificate:\n        certFile: /local/duckdns_fullchain.pem\n        keyFile: /local/duckdns_privkey.pem\n\nEOH\n\n        destination = \"local/tls.yml\"\n      }\n\n\n  // file:\n  //   directory: /local/tls.yaml\n\n\n      template {\n        change_mode   = \"restart\"\n        data        = \"{{ key \\\"letsconsul/*.fbleagh.duckdns.org/fullchain.cer\\\" }}\"\n        destination = \"local/duckdns_fullchain.pem\"\n        perms = 0777\n      }\n      template {\n        change_mode   = \"noop\"\n        data        = \"{{ key \\\"letsconsul/*.fbleagh.duckdns.org/*.fbleagh.duckdns.org.key\\\" }}\"\n        destination = \"local/duckdns_privkey.pem\"\n        perms = 0777\n      }\n      template {\n        change_mode   = \"restart\"\n        data        = \"{{ key \\\"letsconsul/*.fbleagh.dedyn.io/fullchain.cer\\\" }}\"\n        destination = \"local/dedyn_fullchain.pem\"\n        perms = 0777\n      }\n      template {\n        change_mode   = \"noop\"\n        data        = \"{{ key \\\"letsconsul/*.fbleagh.dedyn.io/*.fbleagh.dedyn.io.key\\\" }}\"\n        destination = \"local/dedyn_privkey.pem\"\n        perms = 0777\n      }\n\n      service {\n        name = \"${TASKGROUP}\"\n\n        tags = [\n          \"global\",\n          \"traefik\",\n          \"enable_gocast\",\n                    \"gocast_vip=192.168.1.249/32\",\n                              \"gocast_nat=tcp:443:443\",\n                                        \"gocast_nat=udp:443:443\"]\n\n  \n\n        port = \"traefik\"\n      }\n\n      service {\n        name = \"${TASKGROUP}-ui\"\n\n        tags = [\n          \"global\",\n          \"traefik\",\n          \"traefik.http.routers.dashboard.rule=Host(`traefik-ui.service.dc1.consul`)\",\n          \"traefik.http.routers.dashboard.service=api@internal\",\n        ]\n\n        port = \"traefik\"\n      } #end service\n\n      resources {\n        cpu    = 256 # 500 MHz\n        memory = 256  # 128MB\n      } #end resources\n    } #end task\n\n    network {\n      port \"traefik\" {\n        static = 80\n        to     = 80\n      }\n\n      port \"traefikui\" {\n        static = 8090\n        to     = 8080\n      }\n\n      port \"traefikhttps\" {\n        static = 443\n        to     = 443\n      }\n    }\n  } # end group\n} # end job\n",
  "VariableFlags": null,
  "Variables": "",
  "Version": 7
}