125 lines
3.2 KiB
HCL
125 lines
3.2 KiB
HCL
job "postgres" {
|
|
datacenters = ["alo"]
|
|
|
|
group "db" {
|
|
network {
|
|
port "db" {
|
|
static = 5432
|
|
}
|
|
port "exporter" {
|
|
to = 9187
|
|
}
|
|
port "admin" { }
|
|
}
|
|
|
|
task "postgres" {
|
|
driver = "docker"
|
|
|
|
config {
|
|
image = "postgis/postgis:15-3.4-alpine"
|
|
ports = ["db"]
|
|
volumes = [ "/data/compute/appdata/postgres:/var/lib/postgresql/data" ]
|
|
}
|
|
|
|
env {
|
|
POSTGRES_PASSWORD = "${var.pg_password}"
|
|
}
|
|
|
|
service {
|
|
name = "postgres"
|
|
port = "db"
|
|
check {
|
|
type = "tcp"
|
|
port = "db"
|
|
interval = "30s"
|
|
timeout = "2s"
|
|
}
|
|
}
|
|
|
|
resources {
|
|
cpu = 1000
|
|
memory = 512
|
|
}
|
|
}
|
|
|
|
task "exporter" {
|
|
driver = "docker"
|
|
|
|
config {
|
|
image = "quay.io/prometheuscommunity/postgres-exporter"
|
|
ports = ["exporter"]
|
|
}
|
|
|
|
env {
|
|
DATA_SOURCE_NAME = "postgresql://postgres:${var.pg_password}@${NOMAD_ADDR_db}/postgres?sslmode=disable"
|
|
}
|
|
|
|
service {
|
|
name = "postgres-exporter"
|
|
port = "exporter"
|
|
tags = ["metrics"]
|
|
}
|
|
}
|
|
|
|
task "pgadmin" {
|
|
driver = "docker"
|
|
|
|
config {
|
|
image = "dpage/pgadmin4:latest"
|
|
ports = ["admin"]
|
|
volumes = [ "/data/compute/appdata/pgadmin:/var/lib/pgadmin" ]
|
|
}
|
|
|
|
env {
|
|
PGADMIN_LISTEN_PORT = "${NOMAD_PORT_admin}"
|
|
PGADMIN_DEFAULT_EMAIL = "${var.default_email}"
|
|
PGADMIN_DEFAULT_PASSWORD = "${var.default_password}"
|
|
PGADMIN_DISABLE_POSTFIX = "True"
|
|
PGADMIN_CONFIG_MAIL_SERVER = "'192.168.1.1'"
|
|
PGADMIN_CONFIG_AUTHENTICATION_SOURCES = "['oauth2', 'internal']"
|
|
PGADMIN_CONFIG_OAUTH2_AUTO_CREATE_USER = "True"
|
|
PGADMIN_CONFIG_OAUTH2_CONFIG = <<EOH
|
|
[{
|
|
'OAUTH2_NAME' : 'authentik',
|
|
'OAUTH2_DISPLAY_NAME' : 'SSO',
|
|
'OAUTH2_CLIENT_ID' : 'o4p3B03ayTQ2kpwmM7GswbcfO78JHCTdoZqKJEut',
|
|
'OAUTH2_CLIENT_SECRET' : '7UYHONOCVdjpRMK9Ojwds0qPPpxCiztbIRhK7FJ2IFBpUgN6tnmpEjlkPYimiGKfaHLhy4XE7kQm7Et1Jm0hgyia0iB1VIlp623ckppbwkM6IfpTE1LfEmTMtPrxSngx',
|
|
'OAUTH2_TOKEN_URL' : 'https://authentik.v.paler.net/application/o/token/',
|
|
'OAUTH2_AUTHORIZATION_URL' : 'https://authentik.v.paler.net/application/o/authorize/',
|
|
'OAUTH2_API_BASE_URL' : 'https://authentik.v.paler.net/',
|
|
'OAUTH2_USERINFO_ENDPOINT' : 'https://authentik.v.paler.net/application/o/userinfo/',
|
|
'OAUTH2_SERVER_METADATA_URL' : 'https://authentik.v.paler.net/application/o/pgadmin/.well-known/openid-configuration',
|
|
'OAUTH2_SCOPE' : 'openid email profile',
|
|
'OAUTH2_ICON' : 'fa-database',
|
|
'OAUTH2_BUTTON_COLOR' : '#00ff00'
|
|
}]
|
|
EOH
|
|
}
|
|
|
|
service {
|
|
name = "pgadmin"
|
|
port = "admin"
|
|
tags = [
|
|
"traefik.enable=true",
|
|
"traefik.http.routers.pgadmin.entryPoints=websecure",
|
|
]
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
variable "pg_password" {
|
|
type = string
|
|
default = "Faelaishewohlees4nei"
|
|
}
|
|
|
|
variable "default_email" {
|
|
type = string
|
|
default = "petru@paler.net"
|
|
}
|
|
|
|
variable "default_password" {
|
|
type = string
|
|
default = "ahheina6aeki3Hu0aht3"
|
|
}
|