A set of Nomad job files for services and applications I run in my home lab. These may require modification to work in your environment.
Storage is provided via Florian Apolloner's NFS CSI Plugin which should work with any NFS share. Please review his documentation for details on how to configure and use it.
There is Terraform code here if you'd like to manage these with Terraform and the Nomad provider, however this is not required. Please exercise caution as deleting an external volume will destroy the data on that volume.
To use the QEMU driver, you'll have to expose HW assisted virtualization on the Nomad client VMs in ESXi.
I run the following three jobs outside of Terraform, as they are necessary for terraform and the other jobs to be run:
- Explicitly specify the tag version for more controlled updates/upgrades.
There is an example service registration in the consul-esm folder. Learn more in the Register External Services with Consul Service Discovery Learn guide.
- Configuring external URL
- Looks like i need to update the readiness probes to IP whitelist per https://docs.gitlab.com/ee/user/admin_area/monitoring/health_check.html#access-token-deprecated
There are dashboards for the following in the grafana-dashboards folder:
- Consul Cluster Health
- Vault Cluster Health
- Nomad Cluster
- Nomad Jobs
- Node Exporter
- ESXi Host
- Pi-hole
- Internet connection
- Speedtest
- Blackbox Exporter
- Prometheus 2.0 Stats
- Ubiquiti EdgeRouter
These must be manually imported from within Grafana. Some of the dashboards require Grafana plugins.
Script to invoke linter on all nomad files in the folder. Requires the deprecated hclfmt be installed and available in your path.
Watching #10927 as I sometimes encounter this issue. The workaround is to deregister and reregister the volume. (Deregistering the volume will not destroy the data on the NFS volume.)
I am using Pi-hole as my primary LDNS. I have a filter configured in a Nomad template stanza that will check all services in Consul for the presence of a tag dnsmasq.cname=true. For each service with that tag, a DNS entry for that service will be created on Pi-hole. This allows me to easily make a service available automatically.
I am using cloudflared as the resolver, this is not required and can be removed.
Keepalived is used to provide a floating VIP (virtual address). This is useful if you would like to use Pi-hole as a local DNS server.
https://docs.splunk.com/Documentation/Splunk/8.2.1/Admin/MoreaboutSplunkFree
I run this as an Exec instead of Docker to make sure local networking works as expected when using the esxi provider to a local ESXi host.
I am using the Let's Encrypt integration to automatically obtain and renew a publicly signed wildcard certificate. This is not required. You'll need to search and replace all tags with your domain name.
Keepalived is used to provide a floating VIP (virtual address). This is useful if you would like to expose a port on your router and forward traffic to the Traefik ingress.
- Watching #7430 for a UDP fix