From ea79ff2e52abc4de0847cdff0d21edd33e5f7e3a Mon Sep 17 00:00:00 2001
From: Petru Paler <petru@paler.net>
Date: Mon, 15 Jan 2024 13:10:23 +0000
Subject: [PATCH] Get Postgres password from a Nomad var, and decomission old
 backup.

---
 secrets/postgres_password |  1 +
 services/postgres.hcl     | 30 ++----------------------------
 stateful-commands.txt     |  5 ++++-
 3 files changed, 7 insertions(+), 29 deletions(-)
 create mode 100644 secrets/postgres_password

diff --git a/secrets/postgres_password b/secrets/postgres_password
new file mode 100644
index 0000000..c32bc04
--- /dev/null
+++ b/secrets/postgres_password
@@ -0,0 +1 @@
+Faelaishewohlees4nei
diff --git a/services/postgres.hcl b/services/postgres.hcl
index c931a27..1322624 100644
--- a/services/postgres.hcl
+++ b/services/postgres.hcl
@@ -10,7 +10,6 @@ job "postgres" {
         to = 9187
       }
       port "admin" { }
-      port "backup_healthckeck" { }
     }
 
     task "postgres" {
@@ -23,7 +22,7 @@ job "postgres" {
       }
 
       env {
-        POSTGRES_PASSWORD = "${var.pg_password}"
+        POSTGRES_PASSWORD = "{{ with nomadVar \"secrets/postgresql\" }}{{ .postgres_password }}{{ end }}"
       }
 
       service {
@@ -52,7 +51,7 @@ job "postgres" {
       }
 
       env {
-        DATA_SOURCE_NAME = "postgresql://postgres:${var.pg_password}@${NOMAD_ADDR_db}/postgres?sslmode=disable"
+        DATA_SOURCE_NAME = "postgresql://postgres:{{ with nomadVar \"secrets/postgresql\" }}{{ .postgres_password }}{{ end }}@${NOMAD_ADDR_db}/postgres?sslmode=disable"
       }
 
       service {
@@ -106,34 +105,9 @@ EOH
         ]
       }
     }
-
-    task "backup" {
-      driver = "docker"
-
-      config {
-        image = "prodrigestivill/postgres-backup-local"
-        ports = [ "backup_healthckeck" ]
-        volumes = [ "/data/compute/appdata/pgbackup:/backups" ]
-      }
-
-      env {
-        POSTGRES_DB = "postgres"
-        POSTGRES_HOST = "${NOMAD_IP_db}"
-        POSTGRES_USER = "postgres"
-        POSTGRES_PASSWORD = "${var.pg_password}"
-        POSTGRES_CLUSTER = "TRUE"
-        POSTGRES_EXTRA_OPTS = ""
-        HEALTHCHECK_PORT = "${NOMAD_PORT_backup_healthckeck}"
-      }
-    }
   }
 }
 
-variable "pg_password" {
-  type = string
-  default = "Faelaishewohlees4nei"
-}
-
 variable "default_email" {
   type = string
   default = "petru@paler.net"
diff --git a/stateful-commands.txt b/stateful-commands.txt
index 3bbcbd9..e03abda 100644
--- a/stateful-commands.txt
+++ b/stateful-commands.txt
@@ -24,4 +24,7 @@ glusterfs tweaking for wordpress performance:
   * gluster volume set compute server.outstanding-rpc-limit 256
 
 mysql credentials
-  * Put secrets/mysql_root_password into a Nomad var named secrets/mysql
+  * Put secrets/mysql_root_password into a Nomad var named secrets/mysql.root_password
+
+postgres credentials
+  * Put secrets/postgres_password into a Nomad var named secrets/postgresql.postgres_password