job "[[ .instance ]]-manage" { [[- $c := merge .pg.manage .pg . ]] [[- if and (has $c "cron") (ne $c.cron "") ]] type = "service" [[- else ]] type = "batch" meta { # Force job to run each time run = "${uuidv4()}" } [[- end ]] [[ template "common/job_start" $c ]] group "manage" { network { mode = "bridge" } ephemeral_disk { size = 101 } service { name = "[[ .instance ]]-manage[[ $c.consul.suffix ]]" [[ template "common/connect" $c ]] } [[ template "common/task.wait_for" $c ]] task "postgres-manage" { driver = "[[ $c.nomad.driver ]]" config { image = "[[ $c.image ]]" readonly_rootfs = true pids_limit = 20 } [[ template "common/vault.policies" $c ]] env { [[- range $idx, $db := $c.databases ]] PG_DB_[[ $idx ]] = [[ $db.name | toJSON ]] [[- if has $db "owner" ]] PG_DB_[[ $idx ]]_OWNER = [[ $db.owner | toJSON ]] [[- end ]] [[- if has $db "encoding" ]] PG_DB_[[ $idx ]]_ENCODING = [[ $db.encoding | toJSON ]] [[- end ]] [[- if has $db "locale" ]] PG_DB_[[ $idx ]]_LOCALE = [[ $db.locale | toJSON ]] [[- end ]] [[- if has $db "template" ]] PG_DB_[[ $idx ]]_TEMPLATE = [[ $db.template | toJSON ]] [[- end ]] [[- if has $db "extensions" ]] PG_DB_[[ $idx ]]_EXTENSIONS = "[[ join $db.extensions "," ]]" [[- end ]] [[- end ]] LDAP2PG_CONFIG = "/secrets/ldap2pg.yml" LDAP2PG_MODE = [[ $c.mode | toJSON ]] [[- if and (has $c "cron") (ne $c.cron "") ]] LDAP2PG_CRON = [[ $c.cron | toJSON ]] [[- end ]] } [[ template "common/file_env" $c ]] template { data =<<_EOF PGHOST=localhost PGPORT=5432 PGUSER=postgres PGPASSWORD={{ with secret "[[ .vault.root ]]kv/service/[[ .instance ]]" }}{{ .Data.data.pg_pwd | sprig_squote }}{{ end }} _EOF destination = "secrets/pg-manage.env" uid = 100000 gid = 100000 perms = 0400 env = true } template { data =<<_EOF [[ (merge $c.config $c.default_config) | toYAML ]] rules: [[ (coll.Slice $c.rules $c.default_rules) | flatten | toYAML | strings.Indent 2]] _EOF destination = "secrets/ldap2pg.yml" uid = 100000 gid = 100000 perms = 0400 } [[ template "common/resources" $c ]] } } }