Add support for pgbouncer

example/miniflux.nomad.hcl

@@ -92,6 +92,8 @@ job "miniflux" {
 
 
 
+
+
     task "miniflux" {
       driver = "docker"
 
@@ -101,12 +103,14 @@ job "miniflux" {
         readonly_rootfs = true
       }
 
+
       vault {
         policies     = ["miniflux"]
         env          = false
         disable_file = true
       }
 
+
       env {
         LISTEN_ADDR = "127.0.0.1:8085"
         BASE_URL    = "https://flux.example.org"
@@ -114,11 +118,19 @@ job "miniflux" {
 
       }
 
+      template {
+        data        = <<_EOT
+DATABASE_URL=postgresql://{{ with secret "database/creds/miniflux" }}{{ .Data.username }}{{ end }}:{{ with secret "database/creds/miniflux" }}{{ .Data.password }}{{ end }}@127.0.0.1:5432/miniflux?sslmode=disable
+_EOT
+        destination = "secrets/.db.env"
+        perms       = 400
+        env         = true
+      }
+
 
       # Use a template block instead of env {} so we can fetch values from vault
       template {
         data        = <<_EOT
-DATABASE_URL=postgresql://{{ with secret "database/creds/miniflux" }}{{ .Data.username }}:{{ urlquery .Data.password }}{{ end }}@localhost:5432/miniflux?sslmode=disable
 LANG=fr_FR.utf8
 TZ=Europe/Paris
 _EOT

miniflux.nomad.hcl

@@ -60,6 +60,8 @@ job [[ .instance | toJSON ]] {
 
 [[ template "common/task.wait_for" $c ]]
 
+[[ template "common/task.pgbouncer" $c ]]
+
     task "miniflux" {
       driver = [[ $c.nomad.driver | toJSON ]]
   
@@ -68,12 +70,8 @@ job [[ .instance | toJSON ]] {
         pids_limit      = 100
         readonly_rootfs = true
       }
-  
-      vault {
-        policies     = ["[[ .instance ]][[ .consul.suffix ]]"]
-        env          = false
-        disable_file = true
-      }
+
+[[ template "common/vault.policies" $c ]]
 
       env {
         LISTEN_ADDR = "127.0.0.1:8085"
@@ -84,6 +82,20 @@ job [[ .instance | toJSON ]] {
 [[ template "common/proxy_env" $c ]]
       }
 
+      template {
+        data =<<_EOT
+DATABASE_URL=postgresql://
+[[- if eq $c.postgres.pooler.engine "pgbouncer" -]]
+[[ .instance ]]:{{ env "NOMAD_ALLOC_ID" }}@127.0.0.1:6432/[[ $c.postgres.database ]]?sslmode=disable
+[[- else -]]
+[[ $c.postgres.user ]]:[[ $c.postgres.password ]]@[[ $c.postgres.host ]]:[[ $c.postgres.port ]]/[[ $c.postgres.database ]]?sslmode=disable
+[[- end ]]
+_EOT
+        destination = "secrets/.db.env"
+        perms = 400
+        env = true
+      }
+
 [[ template "common/file_env" $c.env ]]
 
 [[ template "common/resources" .miniflux.resources ]]

variables.yml

@@ -16,11 +16,25 @@ miniflux:
     memory: 192
 
   wait_for:
-    - service: master.postgres
+    - service: master.postgres[[ .consul.suffix ]]
+
+  consul:
+    connect:
+      upstreams:
+        - destination_name: 'postgres[[ .consul.suffix ]]'
+          local_bind_port: 5432
+
+  postgres:
+    database: '[[ .instance ]]'
+    user: '{{ with secret "[[ .vault.prefix ]]database/creds/[[ .instance ]]" }}{{ .Data.username }}{{ end }}'
+    password: '{{ with secret "[[ .vault.prefix ]]database/creds/[[ .instance ]]" }}{{ .Data.password }}{{ end }}'
+
+  vault:
+    policies:
+      - '[[ .instance ]][[ .consul.suffix ]]'
 
   # Additional env var to pass to the container
-  env:
-    DATABASE_URL: postgresql://{{ with secret "[[ .vault.prefix ]]database/creds/[[ .instance ]]" }}{{ .Data.username }}:{{ urlquery .Data.password }}{{ end }}@localhost:5432/[[ .instance ]]?sslmode=disable
+  env: {}
 
   # Public URL of the service
   public_url: https://flux.example.org
@@ -29,10 +43,3 @@ miniflux:
 prometheus:
   metrics_url: http://localhost:8085/metrics
 
-# Default to try to connect to a postgres service from the service mesh
-consul:
-  connect:
-    upstreams:
-      - destination_name: 'postgres[[ .consul.suffix ]]'
-        local_bind_port: 5432
-