{"id":19147169,"url":"https://github.com/janst123/nomad-gridscale","last_synced_at":"2026-02-06T17:31:19.252Z","repository":{"id":189173218,"uuid":"680187098","full_name":"JanST123/nomad-gridscale","owner":"JanST123","description":"Setting up a single node nomad \"cluster\" with consul on gridscale.io infrastructure","archived":false,"fork":false,"pushed_at":"2023-09-08T13:59:51.000Z","size":44,"stargazers_count":2,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-07-06T18:48:54.933Z","etag":null,"topics":["cluster","consul","fabio","gridscale","hosting","iaas","letsencrypt","nomad"],"latest_commit_sha":null,"homepage":"","language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/JanST123.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-08-18T14:52:08.000Z","updated_at":"2025-01-18T12:31:20.000Z","dependencies_parsed_at":"2025-01-03T16:50:39.580Z","dependency_job_id":"8c1c474f-fac0-492d-83da-10155d0cad5e","html_url":"https://github.com/JanST123/nomad-gridscale","commit_stats":null,"previous_names":["janst123/nomad-gridscale"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/JanST123/nomad-gridscale","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JanST123%2Fnomad-gridscale","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JanST123%2Fnomad-gridscale/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JanST123%2Fnomad-gridscale/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JanST123%2Fnomad-gridscale/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/JanST123","download_url":"https://codeload.github.com/JanST123/nomad-gridscale/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JanST123%2Fnomad-gridscale/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29170071,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-06T16:33:35.550Z","status":"ssl_error","status_checked_at":"2026-02-06T16:33:30.716Z","response_time":59,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cluster","consul","fabio","gridscale","hosting","iaas","letsencrypt","nomad"],"created_at":"2024-11-09T07:49:11.375Z","updated_at":"2026-02-06T17:31:19.228Z","avatar_url":"https://github.com/JanST123.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Nomad Single \"Cluster\" on gridscale infrastructure\n\nGet up and running a single \"cluster\" (meaning one node which is server and client at once) with Nomad on a [gridscale.io](https://gridscale.io) infrastructure. As you can guess this is a setup for some small web projects only, even it should not be too hard to extend it to a real cluster with additional nomad clients once.\n\n**Features:**\n* Single node nomad cluster with consul - ideal for small projects on a single server\n* Fabio Loadbalancer, automatically configuring loadbalancing from your domain to the nomad job (You have to set `tags` in your job definition (see `jobs/matomo.hcl` as an example or google for \"nomad fabio urlprefix\"))\n* Automatic managed Let's encrypt SSL certificates by aleff\n* Deploy and forget - your stuff is just running on your domain\n\n\n## Install on gridscale\n\n### Requirements\n\n* Paid account on [my.gridscale.io](https://my.gridscale.io)\n* API Token with write access and User-UUID (get both via the gridscale panel: Panel -\u003e UserIcon -\u003e API-Tokens)\n* SSH-Key uploaded to the gridscale panel\n* Terraform installed (e.g. `brew install terraform` on mac)\n\n\n### Let's go\n\n* Clone this repo if you haven't.\n* Within the `gridscale` directory run `terraform init`\n* Set variables in `gridscale/terraform.tfvars`: \n  * `gridscale_uuid` (gridscale User-UUID you get it from gridscale Panel -\u003e UserIcon -\u003e API-Tokens when you create new API token (write access))\n  * `gridscale_token` (gridscale API token you get it from gridscale Panel -\u003e UserIcon -\u003e API-Tokens when you create new API token (write access))\n  * `sshkey_uuid` (UUID of an SSH key which you should upload to gridscale Panel -\u003e UserIcon -\u003e SSH-Keys)\n  * `publicnet_uuid` (UUID of the network named \"Public Network\" in the gridscale panel)\n  * see all the other available, optional variables in the `variables.tf` \n* **PLEASE NOTE** if you make changes to scripts in `shared/config`: These were downloaded from GitHub during the installation process. So you have to provide them with your changes somewhere else and change the URLs in `shared/data-scripts/user-data-server.sh`\n* run `terraform apply`\n\n### Authorize to nomad from your workstation\n\nAfter terraform is ready perform this on your workstation:\n\n```\nexport NOMAD_ADDR=$(terraform output -raw nomad_ip)\n\nnomad acl bootstrap | \\\n  grep -i secret | \\\n  awk -F \"=\" '{print $2}' | \\\n  xargs \u003e nomad-management.token\n\nexport NOMAD_TOKEN=$(cat nomad-management.token)\n```\n\nThis will create the first Nomad Token for you as an admin and stores it in an environment variable.\nYou may also want to persist the `$NOMAD_ADDR` and `$NOMAD_TOKEN` env variables in your `.bashrc` or `.zshrc` file.\n\n#### Verify connectivity\n```\n nomad node status\n```\nShould display something except an error.\n\n#### Authorize to the web UI\n```\nnomad ui -authenticate\n```\nThis will open your browser with the nomad web UI, sending a token which will authorize your browser to the UI.\n\n\n## Deploying Apps\nYour \"cluster\" should be working now. Time to deploy first apps.\n\nFirst we need another token, cause we don't want to use our first token with those high permissions.\n\n### Add the dev policy:\n\nWe add a new policy, only allowing things that Dev's will do (deploy apps)\n`nomad acl policy apply developer policies/app-dev.policy.hcl`\n\nMore information on policies: https://developer.hashicorp.com/nomad/tutorials/access-control/access-control-create-policy\n\n### Create token (e.g. for CI/CD)\n\n`nomad acl token create -name=\"github actions\" -global=true -policy=developer -type=client | tee app-dev.token`\n\nTo get the secret, which you will need to deploy jobs (and that you may store to the github secret vault): `awk '/Secret/ {print $4}' app-dev.token`\n\n### HTTP API\nYou can also use the HTTP API to deploy jobs in json format (easier for Github Actions, just post a job JSON with curl)\n\nUseful command to get a JSON-job definition out of a hcl job definition:\n`nomad job run -output jobs/nginx.hcl`\n\n\n## Useful apps shipped with this repo\n\n### fabio\n\nTo have a loadbalancer, which will route incoming HTTP(s) requests to the right nomad job, you need [fabio](https://fabiolb.net): Deploy it:\n\n`nomad job run jobs/fabio.hcl`\n\n### aleff\n\nyou may also want to deploy the [aleff](https://aleff.dev) job, which will automatical manage let's encrypt certificates for your domains for you:\n\n`nomad job run  -var email_address=\"\u003cYOUR_EMAIL_ADDRESS\u003e\" -var nomad_token=\"\u003cNOMAD_DEVELOPER_TOKEN\u003e\" jobs/aleff.hcl`\n\n\n### MariaDB\nYou can also install mariaDB server (I use **one** for all my apps) by `nomad job run jobs/mariadb.hcl`\nThis will store data in the persistent volume `volume1` which is created with the terraform script\n\nI currently have no good solution to seed the DB, so I use the **Exec** function of the nomad UI on the database job, after it's deployed, install curl, download the dump from somewhere and import it...\n\n### Matomo\nAs self hosted tracking tool I use matomo. It will use the MariaDB installed on the previous step via nomad service discovery. \n\nBut matomo has a caveat that it needs to create a `config.ini.php` with it's setup wizzard the first time, and if this file is not there it will always start it's setup wizzard. And additonal matomo has a self-updater which will modify source files and the database. So restarting the container may cause a broken installation when the original sources from the docker image get's restored and the database is on an updated version.\nTherefore matomo needs also a persistent volume, and I use the \"matomo\" volume for this, which is also created when you used the terraform script of this repo. When you first browse to your matomo instance, you will just have to click through the setup. All the database stuff is prefilled as you give it to the following command (available variables see `jobs/matomo.hcl`).\n\n`nomad job run -var db_pass=\u003cYOUR_DATABASE_PASSWORD\u003e -var matomo_url=\u003cURL TO YOUR MATOMO INSTALLATIONY\u003e jobs/matomo.hcl`\n\n#### Matomo Archiver\nDon't know a better way to setup the archiver cron, so I made a periodic nomad batch job which just CURLs the cron via the matomo web URL. To install it do\n\n`nomad job run -var token_auth=\u003cAPI_TOKEN_GENERATED_WITH_ADMIN_USER\u003e -var matomo_url=\u003cURL TO YOUR MATOMO INSTALLATIONY\u003e jobs/matomo_archive.hcl`\n\nit will archive at 4AM every day\n\n### Backupper\nI also offer a backupper job, backing up MariaDB Database and optional GitHub Repo. Find it in the [nomad backupper repo](https://github.com/JanST123/nomad-backupper)\n\n\n## Thoughts on security\nYou should restrict access to the fabio UI on port 9998 via gridscale firewall settings of the server (in server details click on the green \"Activated\" next to the \"Public Network\").\n\nThe nomad UI (Port 4646) could also be restricted, even as it is protected by nomad itselt (auth with nomad token required).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjanst123%2Fnomad-gridscale","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjanst123%2Fnomad-gridscale","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjanst123%2Fnomad-gridscale/lists"}