common/templates/task.pgbouncer

[[- /* vim: syntax=hcl
This is a pgbouncer instance, designed to run as a sidecar with every application
needing postgres access. */ -]]

[[- if eq .postgres.pooler.engine "pgbouncer" ]]
    task "pgbouncer" {
      driver = "[[ .nomad.driver ]]"
      user = 6432

      lifecycle {
        hook    = "prestart"
        sidecar = true
      }

      config {
        image           = "[[ .docker.repo ]][[ .docker.base_images.pgbouncer.image ]]"
        pids_limit      = 100
        readonly_rootfs = true
        command         = "pgbouncer"
        args            = ["/secrets/pgbouncer.ini"]
      }

[[ template "common/vault.policies" . ]]

      template {
        data =<<_EOT
[pgbouncer]
listen_addr = 127.0.0.1
listen_port = [[ .postgres.pooler.port ]]
unix_socket_dir =
pool_mode = [[ .postgres.pooler.mode ]]
auth_type = scram-sha-256
auth_file = /secrets/pgbouncer.users
ignore_startup_parameters = extra_float_digits
[[- if ne .postgres.pooler.mode "session" ]]
max_prepared_statements = 200
[[- end ]]
client_tls_sslmode = disable
[[- if regexp.Match "^(127\\.0\\.0\\.1|localhost)$" .postgres.host ]]
server_tls_sslmode = disable
[[- end ]]

[databases]
[[ $databases := coll.Slice ]]
[[- if has .postgres "database" -]]
  [[- if isKind "slice" .postgres.database ]]
    [[- $databases = .postgres.database ]]
  [[- else if isKind "string" .postgres.database ]]
    [[- $databases = coll.Slice .postgres.database ]]
  [[- end ]]
[[- else ]]
  [[- $databases = coll.Slice .instance ]]
[[- end ]]
[[- range $idx, $db := $databases ]]
[[ $db ]] = host=[[ $.postgres.host ]] port=[[ $.postgres.port ]] user=[[ $.postgres.user ]] password=[[ $.postgres.password ]]
[[- end ]]
_EOT
        destination   = "secrets/pgbouncer.ini"
        uid           = 106432
        gid           = 100000
        perms         = 400
        change_mode   = "signal"
        change_signal = "SIGHUP"
      }

      template {
        data =<<_EOT
"[[ .postgres.pooler.local_user ]]" "[[ .postgres.pooler.local_password ]]"
_EOT
        destination   = "secrets/pgbouncer.users"
        uid           = 106432
        gid           = 100000
        perms         = 400
        change_mode   = "signal"
        change_signal = "SIGHUP"
      }

[[ template "common/resources" .postgres.pooler.resources ]]
    }

[[- end -]]