othrayte/infra
1
0
Fork 0
Code Issues 1 Pull Requests 2 Actions Packages Projects Releases Wiki Activity

Initial work on db backups

Browse Source
This commit is contained in:
Adrian Cowan
2025-05-17 00:38:02 +10:00
parent c6925362a6
commit 08a2e458b2
2 changed files with 106 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

77
2-nomad-config/pgbackup.nomad.hcl Normal file
View File

@@ -0,0 +1,77 @@
job "pgbackup" {
type = "batch"
periodic {
# Note: To avoid issues with daylight savings, avoid scheduling jobs at 2am +/- 1 hour
cron = "* 04 * * *" # Every day at 4am
time_zone = "Australia/Melbourne"
prohibit_overlap = true
}
group "pgbackup" {
service {
connect {
sidecar_service {
proxy {
upstreams {
destination_name = "postgres"
local_bind_port = 5432
}
}
}
}
}
task "pgbackup" {
driver = "docker"
config {
image = "postgres:latest"
command = "/bin/bash"
args = ["-c", "pg_dumpall -h localhost -U postgres > /backup/all_databases.sql"]
volumes = [ "secrets/postgres_password:/run/secrets/postgres_password" ]
}
user = "1000"
volume_mount {
volume = "unraid_database_dump"
destination = "/backup"
read_only = false
}
env {
PGPASSFILE = "/run/secrets/postgres_password"
}
template {
data = <<EOF
localhost:5432:*:postgres:{{ with nomadVar "nomad/jobs/postgres" }}{{ .postgress_password }}{{ end }}
EOF
destination = "/secrets/postgres_password"
perms = "0400"
uid = 1000
}
resources {
cpu = 250
memory = 128
}
}
volume "unraid_database_dump" {
type = "csi"
read_only = false
source = "unraid_database_dump"
access_mode = "single-node-writer"
attachment_mode = "file-system"
mount_options {
mount_flags = ["uid=1000","gid=0"]
}
}
network {
mode = "bridge"
}
}
}

29
2-nomad-config/services.tf
View File

@@ -88,6 +88,31 @@ data "sops_file" "secrets" {
source_file = "secrets.enc.json" source_file = "secrets.enc.json"
} }
resource "nomad_csi_volume_registration" "unraid_database_dump" {
#Note: Before chaning the definition of this volume you need to stop the jobs that are using it
depends_on = [data.nomad_plugin.smb]
plugin_id = "smb"
volume_id = "unraid_database_dump"
name = "unraid_database_dump"
external_id = "unraid_database_dump"
capability {
access_mode = "single-node-writer"
attachment_mode = "file-system"
}
context = {
source = "//192.168.1.192/database-dump"
}
secrets = {
"username" = "nomad"
"password" = data.sops_file.secrets.data["unraid.nomad"]
}
}
resource "nomad_csi_volume_registration" "unraid_appdata_transferfilebrowser" { resource "nomad_csi_volume_registration" "unraid_appdata_transferfilebrowser" {
#Note: Before chaning the definition of this volume you need to stop the jobs that are using it #Note: Before chaning the definition of this volume you need to stop the jobs that are using it
depends_on = [data.nomad_plugin.smb] depends_on = [data.nomad_plugin.smb]
@@ -113,3 +138,7 @@ resource "nomad_csi_volume_registration" "unraid_appdata_transferfilebrowser" {
"password" = data.sops_file.secrets.data["unraid.nomad"] "password" = data.sops_file.secrets.data["unraid.nomad"]
} }
} }
resource "nomad_job" "pgbackup" {
jobspec = file("pgbackup.nomad.hcl")
}