mgmt/infrastructure/nomad/nomad-jobs/traefik-cloudflare/traefik-cloudflare-v3.nomad

job "traefik-cloudflare-v3" {
  datacenters = ["dc1"]
  type = "service"

  group "traefik" {
    count = 1

    constraint {
      attribute = "${node.unique.name}"
      value     = "hcp1"
    }

    volume "traefik-certs" {
      type      = "host"
      read_only = false
      source    = "traefik-certs"
    }



    network {
      mode = "host"
      port "http" {
        static = 80
      }
      port "https" {
        static = 443
      }
      port "traefik" {
        static = 8080
      }
    }

    task "traefik" {
      driver = "exec"
      
      config {
        command = "/usr/local/bin/traefik"
        args = [
          "--configfile=/local/traefik.yml"
        ]
      }

      env {
        CLOUDFLARE_EMAIL = "locksmithknight@gmail.com"
        CLOUDFLARE_DNS_API_TOKEN = "0aPWoLaQ59l0nyL1jIVzZaEx2e41Gjgcfhn3ztJr"
        CLOUDFLARE_ZONE_API_TOKEN = "0aPWoLaQ59l0nyL1jIVzZaEx2e41Gjgcfhn3ztJr"
      }

      volume_mount {
        volume      = "traefik-certs"
        destination = "/opt/traefik/certs"
        read_only   = false
      }



      template {
        data = <<EOF
api:
  dashboard: true
  insecure: true

# 开启访问日志
accessLog: {}

# 开启指标收集
metrics:
  prometheus:
    addEntryPointsLabels: true
    addServicesLabels: true
    entryPoint: "traefik"

entryPoints:
  web:
    address: "0.0.0.0:80"
    http:
      redirections:
        entrypoint:
          to: websecure
          scheme: https
          permanent: true
  websecure:
    address: "0.0.0.0:443"
  traefik:
    address: "0.0.0.0:8080"

providers:
  consulCatalog:
    endpoint:
      address: "warden.tailnet-68f9.ts.net:8500"
      scheme: "http"
    watch: true
    exposedByDefault: false
    prefix: "traefik"
    defaultRule: "Host(`{{ .Name }}.git-4ta.live`)"
  file:
    directory: /opt/traefik/certs
    watch: true

certificatesResolvers:
  cloudflare:
    acme:
      email: {{ env "CLOUDFLARE_EMAIL" }}
      storage: /opt/traefik/certs/acme.json
      dnsChallenge:
        provider: cloudflare
        delayBeforeCheck: 30s

log:
  level: DEBUG
EOF
        destination = "local/traefik.yml"
      }


      template {
        data = <<EOF
CLOUDFLARE_EMAIL=locksmithknight@gmail.com
CLOUDFLARE_DNS_API_TOKEN=0aPWoLaQ59l0nyL1jIVzZaEx2e41Gjgcfhn3ztJr
CLOUDFLARE_ZONE_API_TOKEN=0aPWoLaQ59l0nyL1jIVzZaEx2e41Gjgcfhn3ztJr
EOF
        destination = "local/cloudflare.env"
        env = true
      }

      resources {
        cpu    = 500
        memory = 512
      }
    }
  }
}