From 47b69d7f499b87af10e36a4e2a1aafcc067e02d0 Mon Sep 17 00:00:00 2001 From: shockrah Date: Sat, 10 May 2025 17:26:45 -0700 Subject: [PATCH] Nomad now responds to the basic nomad.nigel.local DNS name --- ansible/nuc.yaml | 1 + .../roles/local-server-head/files/host-file | 14 +++++++++ .../roles/local-server-head/files/nomad.conf | 8 +++++ .../roles/local-server-head/files/sanity.conf | 7 +++++ .../roles/local-server-head/tasks/main.yaml | 12 +++++++- .../tasks/reverse_proxy.yaml | 29 +++++++++++++++++++ 6 files changed, 70 insertions(+), 1 deletion(-) create mode 100644 ansible/roles/local-server-head/files/host-file create mode 100644 ansible/roles/local-server-head/files/nomad.conf create mode 100644 ansible/roles/local-server-head/files/sanity.conf create mode 100644 ansible/roles/local-server-head/tasks/reverse_proxy.yaml diff --git a/ansible/nuc.yaml b/ansible/nuc.yaml index 0313d4a..12eb585 100644 --- a/ansible/nuc.yaml +++ b/ansible/nuc.yaml @@ -6,5 +6,6 @@ tags: - setup - nomad + - proxy ansible.builtin.include_role: name: local-server-head diff --git a/ansible/roles/local-server-head/files/host-file b/ansible/roles/local-server-head/files/host-file new file mode 100644 index 0000000..da8489e --- /dev/null +++ b/ansible/roles/local-server-head/files/host-file @@ -0,0 +1,14 @@ +127.0.0.1 localhost +127.0.1.1 nigel + +# Our own dns stuff +127.0.1.1 nigel.local +127.0.1.1 nomad.nigel.local +127.0.1.1 sanity.nigel.local + +# The following lines are desirable for IPv6 capable hosts +::1 ip6-localhost ip6-loopback +fe00::0 ip6-localnet +ff00::0 ip6-mcastprefix +ff02::1 ip6-allnodes +ff02::2 ip6-allrouters \ No newline at end of file diff --git a/ansible/roles/local-server-head/files/nomad.conf b/ansible/roles/local-server-head/files/nomad.conf new file mode 100644 index 0000000..a9818ba --- /dev/null +++ b/ansible/roles/local-server-head/files/nomad.conf @@ -0,0 +1,8 @@ +server { + server_name nomad.nigel.local; + location / { + proxy_pass http://localhost:4646; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } +} + diff --git a/ansible/roles/local-server-head/files/sanity.conf b/ansible/roles/local-server-head/files/sanity.conf new file mode 100644 index 0000000..a081a69 --- /dev/null +++ b/ansible/roles/local-server-head/files/sanity.conf @@ -0,0 +1,7 @@ +server { + server_name sanity.nigel.local; + location / { + proxy_pass http://localhost:8000; + } +} + diff --git a/ansible/roles/local-server-head/tasks/main.yaml b/ansible/roles/local-server-head/tasks/main.yaml index d7e9ec0..d2898f0 100644 --- a/ansible/roles/local-server-head/tasks/main.yaml +++ b/ansible/roles/local-server-head/tasks/main.yaml @@ -9,6 +9,8 @@ - setup - name: Ensure nigel can use sudo without password become: true + tags: + - setup ansible.builtin.lineinfile: path: /etc/sudoers state: present @@ -20,4 +22,12 @@ apply: become: true tags: - - nomad \ No newline at end of file + - nomad +- name: Setup the reverse proxy outside of nomad + tags: proxy + ansible.builtin.include_tasks: + file: reverse_proxy.yaml + apply: + become: true + tags: + - proxy \ No newline at end of file diff --git a/ansible/roles/local-server-head/tasks/reverse_proxy.yaml b/ansible/roles/local-server-head/tasks/reverse_proxy.yaml new file mode 100644 index 0000000..3011061 --- /dev/null +++ b/ansible/roles/local-server-head/tasks/reverse_proxy.yaml @@ -0,0 +1,29 @@ +- name: Keep /etc/hosts up to date + ansible.builtin.copy: + dest: /etc/hosts + src: host-file + mode: "0644" +- name: Ensure nginx is setup as latest + ansible.builtin.apt: + name: nginx +- name: Copy the nomad.conf to available configurations + ansible.builtin.copy: + src: "{{ item }}" + dest: "/etc/nginx/sites-available/{{ item }}" + mode: "0644" + loop: + - nomad.conf + - sanity.conf +- name: Link the nomad.conf to sites-enabled + ansible.builtin.file: + path: "/etc/nginx/sites-enabled/{{ item }}" + state: link + src: "/etc/nginx/sites-available/{{ item }}" + mode: "0644" + loop: + - nomad.conf + - sanity.conf +- name: Restart nginx + ansible.builtin.systemd_service: + name: nginx + state: restarted \ No newline at end of file