weewx configuration

Ping pushgateway after successful backup.
Get Postgres password from a Nomad var, and decomission old backup.
2024-01-16 16:13:01 +00:00 · 2024-01-15 13:25:04 +00:00 · 2024-01-15 13:10:23 +00:00 · 2024-01-15 13:05:53 +00:00 · 2024-01-15 12:58:47 +00:00 · 2024-01-15 10:15:28 +00:00
10 changed files with 170 additions and 45 deletions
--- a/common/nomad.nix
+++ b/common/nomad.nix
@@ -67,6 +67,8 @@ in
        "node_name"
      ];
    };
+
+    plugin.raw_exec.config.enabled = true;
  };

  environment.persistence."/persist".directories = [
--- a/flake.lock
+++ b/flake.lock
@@ -9,11 +9,11 @@
        "utils": "utils"
      },
      "locked": {
-        "lastModified": 1703087360,
-        "narHash": "sha256-0VUbWBW8VyiDRuimMuLsEO4elGuUw/nc2WDeuO1eN1M=",
+        "lastModified": 1704875591,
+        "narHash": "sha256-eWRLbqRcrILgztU/m/k7CYLzETKNbv0OsT2GjkaNm8A=",
        "owner": "serokell",
        "repo": "deploy-rs",
-        "rev": "b709d63debafce9f5645a5ba550c9e0983b3d1f7",
+        "rev": "1776009f1f3fb2b5d236b84d9815f2edee463a9b",
        "type": "github"
      },
      "original": {
@@ -55,11 +55,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1703992652,
-        "narHash": "sha256-C0o8AUyu8xYgJ36kOxJfXIroy9if/G6aJbNOpA5W0+M=",
+        "lastModified": 1705183652,
+        "narHash": "sha256-rnfkyUH0x72oHfiSDhuCHDHg3gFgF+lF8zkkg5Zihsw=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "32f63574c85fbc80e4ba1fbb932cde9619bad25e",
+        "rev": "428544ae95eec077c7f823b422afae5f174dee4b",
        "type": "github"
      },
      "original": {
@@ -71,11 +71,11 @@
    },
    "nixpkgs-unstable": {
      "locked": {
-        "lastModified": 1703961334,
-        "narHash": "sha256-M1mV/Cq+pgjk0rt6VxoyyD+O8cOUiai8t9Q6Yyq4noY=",
+        "lastModified": 1705133751,
+        "narHash": "sha256-rCIsyE80jgiOU78gCWN3A0wE0tR2GI5nH6MlS+HaaSQ=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "b0d36bd0a420ecee3bc916c91886caca87c894e9",
+        "rev": "9b19f5e77dd906cb52dade0b7bd280339d2a1f3d",
        "type": "github"
      },
      "original": {
--- a/secrets/mysql_root_password
+++ b/secrets/mysql_root_password
@@ -0,0 +1 @@
+wiochohv8foR9eDo5ol5
--- a/secrets/postgres_password
+++ b/secrets/postgres_password
@@ -0,0 +1 @@
+Faelaishewohlees4nei
--- a/services/mysql-backup.hcl
+++ b/services/mysql-backup.hcl
@@ -0,0 +1,39 @@
+job "mysql-backup" {
+  datacenters = ["alo"]
+  type = "batch"
+
+  periodic {
+    cron = "23 23 * * * *"
+    prohibit_overlap = true
+  }
+
+  group "db" {
+    task "backup" {
+      driver = "raw_exec"
+
+      config {
+        command = "/bin/sh"
+        args = [ "local/script.sh" ]
+      }
+
+      template {
+        destination = "local/script.sh"
+        data = <<EOH
+          set -e
+          /run/current-system/sw/bin/nomad alloc exec -job -task=mysqld mysql \
+            mysqldump -u root --password="$MYSQL_ROOT_PASS" --all-databases > /data/compute/appdata/db-backups/mysql/backup.sql && \
+          echo "last_success $(date +%s)" | \
+          /run/current-system/sw/bin/curl --data-binary @- http://pushgateway.service.consul:9091/metrics/job/mysql_backup
+        EOH
+      }
+
+      template {
+        destination = "secrets/file.env"
+        env = true
+        data = <<EOH
+          {{- with nomadVar "secrets/mysql" -}}MYSQL_ROOT_PASS="{{ .root_password }}"{{- end -}}
+        EOH
+      }
+    }
+  }
+}
--- a/services/mysql.hcl
+++ b/services/mysql.hcl
@@ -14,13 +14,15 @@ job "mysql" {
      driver = "docker"

      config {
-        image = "mysql:8.1"
+        image = "mysql:8.2"
        ports = ["db"]
-        volumes = [ "/data/compute/appdata/mysql:/var/lib/mysql" ]
+        volumes = [
+          "/data/compute/appdata/mysql:/var/lib/mysql",
+        ]
      }

      env {
-        MYSQL_ROOT_PASSWORD = "${var.mysql_root_password}"
+        MYSQL_ROOT_PASSWORD = "{{ with nomadVar \"secrets/mysql\" }}{{ .root_password }}{{ end }}"
      }

      service {
@@ -61,8 +63,3 @@ job "mysql" {
    }
  }
 }
-
-variable "mysql_root_password" {
-  type = string
-  default = "wiochohv8foR9eDo5ol5"
-}
--- a/services/postgres-backup.hcl
+++ b/services/postgres-backup.hcl
@@ -0,0 +1,39 @@
+job "postgres-backup" {
+  datacenters = ["alo"]
+  type = "batch"
+
+  periodic {
+    cron = "22 22 * * * *"
+    prohibit_overlap = true
+  }
+
+  group "db" {
+    task "backup" {
+      driver = "raw_exec"
+
+      config {
+        command = "/bin/sh"
+        args = [ "local/script.sh" ]
+      }
+
+      template {
+        destination = "local/script.sh"
+        data = <<EOH
+          set -e
+          /run/current-system/sw/bin/nomad alloc exec -job -task=postgres postgres \
+            pg_dumpall -U postgres > /data/compute/appdata/db-backups/postgresql/backup.sql && \
+          echo "last_success $(date +%s)" | \
+          /run/current-system/sw/bin/curl --data-binary @- http://pushgateway.service.consul:9091/metrics/job/postgres_backup
+        EOH
+      }
+
+      template {
+        destination = "secrets/file.env"
+        env = true
+        data = <<EOH
+          {{- with nomadVar "secrets/postgresql" -}}PGPASSWORD="{{ .postgres_password }}"{{- end -}}
+        EOH
+      }
+    }
+  }
+}
--- a/services/postgres.hcl
+++ b/services/postgres.hcl
@@ -10,7 +10,6 @@ job "postgres" {
        to = 9187
      }
      port "admin" { }
-      port "backup_healthckeck" { }
    }

    task "postgres" {
@@ -23,7 +22,7 @@ job "postgres" {
      }

      env {
-        POSTGRES_PASSWORD = "${var.pg_password}"
+        POSTGRES_PASSWORD = "{{ with nomadVar \"secrets/postgresql\" }}{{ .postgres_password }}{{ end }}"
      }

      service {
@@ -52,7 +51,7 @@ job "postgres" {
      }

      env {
-        DATA_SOURCE_NAME = "postgresql://postgres:${var.pg_password}@${NOMAD_ADDR_db}/postgres?sslmode=disable"
+        DATA_SOURCE_NAME = "postgresql://postgres:{{ with nomadVar \"secrets/postgresql\" }}{{ .postgres_password }}{{ end }}@${NOMAD_ADDR_db}/postgres?sslmode=disable"
      }

      service {
@@ -106,34 +105,9 @@ EOH
        ]
      }
    }
-
-    task "backup" {
-      driver = "docker"
-
-      config {
-        image = "prodrigestivill/postgres-backup-local"
-        ports = [ "backup_healthckeck" ]
-        volumes = [ "/data/compute/appdata/pgbackup:/backups" ]
-      }
-
-      env {
-        POSTGRES_DB = "postgres"
-        POSTGRES_HOST = "${NOMAD_IP_db}"
-        POSTGRES_USER = "postgres"
-        POSTGRES_PASSWORD = "${var.pg_password}"
-        POSTGRES_CLUSTER = "TRUE"
-        POSTGRES_EXTRA_OPTS = ""
-        HEALTHCHECK_PORT = "${NOMAD_PORT_backup_healthckeck}"
-      }
-    }
  }
 }

-variable "pg_password" {
-  type = string
-  default = "Faelaishewohlees4nei"
-}
-
 variable "default_email" {
  type = string
  default = "petru@paler.net"
--- a/services/weewx.hcl
+++ b/services/weewx.hcl
@@ -0,0 +1,66 @@
+job "weewx" {
+  datacenters = ["alo"]
+
+  meta {
+    uuid = uuidv4()
+  }
+
+  group "weather" {
+    network {
+      port "http" {
+      }
+    }
+
+    task "backend" {
+      driver = "docker"
+
+      config {
+        image = "gitea.v.paler.net/ppetru/weewx:latest"
+        volumes = [
+          "/data/compute/appdata/weewx/etc:/etc/weewx",
+          "/data/compute/appdata/weewx/html:/var/www/html",
+        ]
+      }
+
+      resources {
+        # needed for running weectl report run inside the container
+        #memory = 1024
+      }
+    }
+
+    task "frontend" {
+      driver = "docker"
+
+      config {
+        image = "pierrezemb/gostatic"
+
+        ports = [ "http" ]
+
+        args = [
+          "-port=${NOMAD_PORT_http}",
+          "-enable-health",
+        ]
+
+        volumes = [ "/data/compute/appdata/weewx/html:/srv/http" ]
+      }
+    }
+
+    service {
+      name = "weather"
+      port = "http"
+
+      tags = [
+        "traefik.enable=true",
+        "traefik.http.routers.weather.entryPoints=websecure",
+        "traefik.http.routers.weather.rule=Host(`weewx.v.paler.net`) || (Host(`alo.land`) && PathPrefix(`/weather/`))",
+      ]
+
+      check {
+        type = "http"
+        path = "/health"
+        interval = "10s"
+        timeout = "2s"
+      } 
+    }
+  }
+}
--- a/stateful-commands.txt
+++ b/stateful-commands.txt
@@ -22,3 +22,9 @@ glusterfs tweaking for wordpress performance:
  * gluster volume set compute server.event-threads 8
  * gluster volume set compute cluster.readdir-optimize on
  * gluster volume set compute server.outstanding-rpc-limit 256
+
+mysql credentials
+  * Put secrets/mysql_root_password into a Nomad var named secrets/mysql.root_password
+
+postgres credentials
+  * Put secrets/postgres_password into a Nomad var named secrets/postgresql.postgres_password
Author	SHA1	Message	Date
Petru Paler	2b82227650	weewx configuration	2024-01-16 16:13:01 +00:00
Petru Paler	5b34927ffd	Ping pushgateway after successful backup.	2024-01-15 13:25:04 +00:00
Petru Paler	ea79ff2e52	Get Postgres password from a Nomad var, and decomission old backup.	2024-01-15 13:10:23 +00:00
Petru Paler	72f9319138	Postgres backup cronjob.	2024-01-15 13:05:53 +00:00
Petru Paler	bbf395ac5f	No longer map backups dir to mysqld job.	2024-01-15 12:58:47 +00:00
Petru Paler	9e6e95d1e9	Update nomad var location.	2024-01-15 10:15:28 +00:00
Petru Paler	7dbd5652ed	mysql backup cron	2024-01-15 10:14:03 +00:00
Petru Paler	30c88ea579	Enable raw_exec driver.	2024-01-15 07:22:11 +00:00
Petru Paler	70fb543fa3	Update deps.	2024-01-15 06:49:56 +00:00
Petru Paler	093c91151a	Store mysql root password in a Nomad variable.	2024-01-15 06:34:04 +00:00