This repository contains a Terraform configuration to deploy a Nomad cluster on Digital Ocean.
- Convert to a copier template
Not ready for general usage. For now if you really want to play with it the process is very convoluted:
- docker
- a tailscale account and api token (tailscale via pacman)
- a digital ocean account and api token
- age (pronounced ah-geh) installed on your machine (age via pacman)
- copier ( python-copier in AUR )
Clone the repo to your machine and make sure you have the prequisites installed / created.
./launch-deployer.sh
This script will initalise an age keypair and then launch a docker container with all the tools you need. It will also mount the current directory into the container so you can edit the terraform files on your machine and run terraform inside the container. You will be prompted to enter your tailscale and digital ocean tokens as well as your github username. These will be stored in the secrets folder and encrypted with age.
Once the container is running:
Create the base images for our virtual machines
make build-images
Next we create the basic infrastrucutre on Digital Ocean
make apply-infrastructure
This can be unreliable at times :-( If it fails just run it again. Unfortunately at times this may mean manually clearing down the infrastructure and starting again. The postgres cluster can be very slow to create, sometimes 20 minutes. Once completed this will have created everything you need in Digital Ocean. Once it is done you can ssh into the bastion server and use it as a jump to the other servers.
make connect
This creates tunnels to the running services on the cluster. You can now access the nomad ui at http://localhost:4646/, the consul ui at http://localhost:8500/ and the vault ui at http://localhost:8200/.
Next we need to initialise vault
make init-vault
make configure-vault
make connect-vault
step 1 here initialises the vault saving the unseal keys and root token to the secrets folder. step 2 configures vault with the nomad and consul secrets engines. Running the terraform under the vault folder. step 3 connects the vault to nomad.
Your network is now ready to run jobs. Start traefik by running
nomad run jobs/traefik.nomad
Type exit
to exit the docker image and everything stored in the secrets folder will be encrypted with age.
This template leans very heavily on work by @fmeringdal in this project