Caleb/Homelab
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: Caleb:01337c1e84dfc1309793ca3f851e5fc8a8addfb2
Branches Tags
Caleb:main
..
compare: Caleb:149fd307f2429a438ada33d4a7bb243e3c735fab
Branches Tags
Caleb:main

No commits in common. "01337c1e84dfc1309793ca3f851e5fc8a8addfb2" and "149fd307f2429a438ada33d4a7bb243e3c735fab" have entirely different histories.
01337c1e84 ... 149fd307f2

2 changed files with 7 additions and 312 deletions
Show Stats Expand all files Collapse all files

306
nomad_jobs/apps/penpot-standalone.nomad.hcl
View File

@ -1,306 +0,0 @@
locals {
TRAEFIK_DOMAIN = "penpot.example.local"
PENPOT_PUBLIC_URI = "https://${local.TRAEFIK_DOMAIN}"
PENPOT_SECRET_KEY = "op://InfraSecrets/7hbsxng22unjqc4wkj62qniu2u/credential" # Try running `openssl rand -hex 32` to generate a random secret key
PENPOT_FLAGS = "enable-demo-users"
}
job "penpot-standalone" {
datacenters = ["dc1"]
group "frontend" {
count = 1
network {
mode = "bridge"
port "ingress" {
to = 80
}
}
# Expose frontend to internet through traefik
service {
name = "penpot-standalone"
port = "ingress"
tags = [
"traefik.enable=true",
"traefik.http.routers.penpot-standalone.tls=true",
"traefik.http.routers.penpot-standalone.entrypoints=websecure",
"traefik.http.routers.penpot-standalone.rule=Host(`${local.TRAEFIK_DOMAIN}`)",
]
connect {
sidecar_service {
proxy {
upstreams {
destination_name = "penpot-standalone-backend"
local_bind_address = "127.0.0.1"
local_bind_port = 6060
}
upstreams {
destination_name = "penpot-standalone-exporter"
local_bind_address = "127.0.0.1"
local_bind_port = 6061
}
upstreams {
destination_name = "minio"
local_bind_address = "127.0.0.1"
local_bind_port = 9000
}
}
tags = ["traefik.enable=false"] # Hide service from traefik
}
}
check {
type = "http"
path = "/"
interval = "10s"
timeout = "2s"
}
}
task "frontend" {
driver = "docker"
config {
image = "penpotapp/frontend:1.19.3"
ports = ["ingress"]
}
env {
PENPOT_PUBLIC_URI = local.PENPOT_PUBLIC_URI
PENPOT_BACKEND_URI = "http://127.0.0.1:6060"
PENPOT_EXPORTER_URI = "http://127.0.0.1:6061"
PENPOT_FLAGS = local.PENPOT_FLAGS
}
}
}
// penpot-standalone-backend
group "backend" {
network {
mode = "bridge"
}
service {
# Make available to other services by the 'penpot-backend' name
name = "penpot-standalone-backend"
port = "6060"
tags = ["traefik.enable=false"] # Hide redis from traefik
# Make available through the consul service mesh
connect {
sidecar_service {
proxy {
upstreams {
destination_name = "penpot-standalone-postgres"
local_bind_address = "127.0.0.1"
local_bind_port = 5432
}
upstreams {
destination_name = "penpot-standalone-redis-cache"
local_bind_address = "127.0.0.1"
local_bind_port = 6379
}
upstreams {
destination_name = "penpot-standalone-fake-smtp"
local_bind_address = "127.0.0.1"
local_bind_port = 1025
}
}
tags = ["traefik.enable=false"] # Hide penpot-backend envoy from traefik
}
}
}
task "backend" {
driver = "docker"
config {
image = "penpotapp/backend:1.19.3"
ports = ["ingress"]
}
env {
PENPOT_PUBLIC_URI = local.PENPOT_PUBLIC_URI
PENPOT_SECRET_KEY = local.PENPOT_SECRET_KEY
PENPOT_FLAGS = local.PENPOT_FLAGS
PENPOT_DATABASE_URI = "postgresql://127.0.0.1:5432/penpot"
PENPOT_DATABASE_USERNAME = "penpot"
PENPOT_DATABASE_PASSWORD = "not-a-secure-password"
PENPOT_REDIS_URI = "redis://127.0.0.1:6379/0"
PENPOT_TELEMERY_ENABLED = "false"
PENPOT_ASSETS_STORAGE_BACKEND = "assets-fs"
PENPOT_STORAGE_ASSETS_FS_DIRECTORY = "/opt/data/assets"
PENPOT_SMTP_DEFAULT_FROM = "no-reply+penpot-standalone@example.local"
PENPOT_SMTP_DEFAULT_REPLY_TO = "no-reply+penpot-standalone@example.local"
PENPOT_SMTP_HOST = "127.0.0.1"
PENPOT_SMTP_PORT = "1025"
PENPOT_SMTP_USERNAME = ""
PENPOT_SMTP_PASSWORD = ""
PENPOT_SMTP_TLS = "false"
PENPOT_SMTP_SSL = "false"
}
resources {
cpu = 8000
memory = 1024
memory_max = 2048
}
}
}
// penpot-standalone-exporter
group "exporter" {
network {
mode = "bridge"
}
task "exporter" {
driver = "docker"
config {
image = "penpotapp/exporter:1.19.3"
}
env {
PENPOT_PUBLIC_URI = local.PENPOT_PUBLIC_URI
PENPOT_REDIS_URI = "redis://127.0.0.1:6379/0"
}
}
service {
name = "penpot-standalone-exporter"
port = "6061"
tags = ["traefik.enable=false"] # Hide envoy from traefik
connect {
sidecar_service {
proxy {
upstreams {
destination_name = "penpot-standalone-redis-cache"
local_bind_address = "127.0.0.1"
local_bind_port = 6379
}
}
tags = ["traefik.enable=false"] # Hide envoy from traefik
}
}
}
}
// penpot-standalone-postgres
group "postgres" {
count = 1
network {
mode = "bridge"
port "ingress" {
to = 5432
}
}
service {
# Make available to other services by the 'postgres' name
name = "penpot-standalone-postgres"
port = "5432"
tags = ["traefik.enable=false"] # Hide postgres from traefik
# Make available through the consul service mesh
connect {
sidecar_service {
tags = ["traefik.enable=false"] # Hide postgres envoy from traefik
}
}
}
task "postgres" {
driver = "docker"
config {
image = "postgres:16.1-alpine3.19"
ports = ["ingress"]
}
env = {
POSTGRES_USER="penpot",
POSTGRES_PASSWORD="not-a-secure-password"
POSTGRES_DB="penpot"
}
}
}
// penpot-standalone-redis-cache
group "redis" {
count = 1
network {
mode = "bridge"
port "redis" {
to = 6379
}
}
service {
# Make available to other services by the 'redis-cache' name
name = "penpot-standalone-redis-cache"
port = "6379"
tags = ["traefik.enable=false"] # Hide redis from traefik
# Make available through the consul service mesh
connect {
sidecar_service {
tags = ["traefik.enable=false"] # Hide redis envoy from traefik
}
}
}
task "redis" {
driver = "docker"
config {
image = "redis:7.2.3-alpine"
ports = ["redis"]
}
}
}
// penpot-standalone-fake-smtp
group "mailcatcher" {
count = 1
network {
mode = "bridge"
port "webUI" {
to = 1080
}
}
service {
# Make available to other services by the 'fake-smtp' name
name = "penpot-standalone-fake-smtp"
port = "1025"
tags = ["traefik.enable=false"] # Hide redis from traefik
connect {
sidecar_service {
tags = ["traefik.enable=false"] # Hide redis envoy from traefik
}
}
}
task "mailcatcher" {
driver = "docker"
config {
image = "sj26/mailcatcher:latest"
ports = ["webUI"]
}
}
}
}

13
nomad_jobs/services/penpot/penpot.nomad.hcl
View File

@ -79,11 +79,6 @@ job "penpot" {
local_bind_address = "127.0.0.1"
local_bind_port = 6061
}
upstreams {
destination_name = "minio"
local_bind_address = "127.0.0.1"
local_bind_port = 9000
}
}
tags = ["traefik.enable=false"] # Hide service from traefik
}
@ -119,6 +114,9 @@ job "penpot" {
network {
mode = "bridge"
port "ingress" {
to = 6060
}
}
service {
@ -203,6 +201,9 @@ job "penpot" {
network {
mode = "bridge"
port "ingress" {
to = 6061
}
}
task "exporter" {
@ -219,7 +220,7 @@ job "penpot" {
service {
name = "penpot-exporter"
port = "6061"
port = "ingress"
tags = ["traefik.enable=false"] # Hide envoy from traefik
connect {