Skip to content

Commit

Permalink
use internal addresses to speak with nomad
Browse files Browse the repository at this point in the history
  • Loading branch information
foodelevator committed Nov 21, 2024
1 parent bec7e35 commit 7ee6a14
Show file tree
Hide file tree
Showing 3 changed files with 11 additions and 5 deletions.
7 changes: 5 additions & 2 deletions env.example
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,9 @@ NOMAD_ADDR=https://nomad.datasektionen.se
NOMAD_TOKEN=
AGE_IDENTITY=$PWD/secrets/identity.txt

# If traefik breaks, this can be used (but doesn't work well with `nomad ui -authentiate`):
# NOMAD_ADDR=https://zeus.datasektionen.se:4646
# If traefik breaks, you can run `ssh -L4646:ares.dsekt.internal:4646 ares` and
# uncomment these (but doesn't work very well with `nomad ui -authentiate`) to
# contact nomad's api:
#
# NOMAD_ADDR=https://127.0.0.1:4646
# NOMAD_CACERT=/home/mathias/code/dsekt/infra/files/nomad-agent-ca.pem
2 changes: 1 addition & 1 deletion profiles/nomad/shared.nix
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
services.nomad = {
enable = true;
settings = {
bind_addr = "0.0.0.0";
bind_addr = config.dsekt.addresses.hosts.self;
advertise =
let
addr = config.dsekt.addresses.hosts.self;
Expand Down
7 changes: 5 additions & 2 deletions profiles/traefik.nix
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,10 @@
providers.nomad = {
exposedByDefault = false;
endpoint = {
address = "https://127.0.0.1:4646";
# We're making nomad bind to the internal IP address so we can't use
# 127.0.0.1. We also can't use ${config.dsekt.addresses.hosts.self}
# since the certificate isn't valid for that address.
address = "https://${config.networking.hostName}.dsekt.internal:4646";
token = "\${NOMAD_TOKEN}";
tls.ca = "${../files/nomad-agent-ca.pem}";
};
Expand Down Expand Up @@ -79,7 +82,7 @@
tls.certresolver = "default";
};
services.nomad.loadBalancer = {
servers = [ { url = "https://127.0.0.1:4646"; } ];
servers = [ { url = "https://${config.networking.hostName}.dsekt.internal:4646"; } ];
serversTransport = "nomadTransport";
};
serversTransports.nomadTransport.rootCAs = "${../files/nomad-agent-ca.pem}";
Expand Down

0 comments on commit 7ee6a14

Please sign in to comment.