Initial work on db backups

2025-05-17 00:38:02 +10:00
parent c6925362a6
commit 08a2e458b2
2 changed files with 106 additions and 0 deletions
--- a/2-nomad-config/pgbackup.nomad.hcl
+++ b/2-nomad-config/pgbackup.nomad.hcl
@@ -0,0 +1,77 @@
+job "pgbackup" {
+  type = "batch"
+  periodic {
+    # Note: To avoid issues with daylight savings, avoid scheduling jobs at 2am +/- 1 hour
+    cron = "* 04 * * *" # Every day at 4am
+    time_zone = "Australia/Melbourne"
+    prohibit_overlap = true
+  }
+
+  group "pgbackup" {
+    service {
+      connect {
+        sidecar_service {
+          proxy {
+            upstreams {
+              destination_name = "postgres"
+              local_bind_port  = 5432
+            }
+          }
+        }
+      }
+    }
+
+    task "pgbackup" {
+      driver = "docker"
+
+      config {
+        image = "postgres:latest"
+        command = "/bin/bash"
+        args = ["-c", "pg_dumpall -h localhost -U postgres > /backup/all_databases.sql"]
+        volumes = [ "secrets/postgres_password:/run/secrets/postgres_password" ]
+      }
+
+      user = "1000"
+
+      volume_mount {
+        volume      = "unraid_database_dump"
+	      destination = "/backup"
+        read_only   = false
+      }
+
+      env {
+        PGPASSFILE = "/run/secrets/postgres_password"
+      }
+
+      template {
+        data = <<EOF
+localhost:5432:*:postgres:{{ with nomadVar "nomad/jobs/postgres" }}{{ .postgress_password }}{{ end }}
+EOF
+        destination = "/secrets/postgres_password"
+        perms = "0400"
+        uid = 1000
+      }
+
+      resources {
+        cpu    = 250
+        memory = 128
+      }
+    }
+
+    volume "unraid_database_dump" {
+      type      = "csi"
+      read_only = false
+      source    = "unraid_database_dump"
+      access_mode     = "single-node-writer"
+      attachment_mode = "file-system"
+
+      mount_options {
+        mount_flags = ["uid=1000","gid=0"]
+      }
+    }
+
+    network {
+      mode = "bridge"
+    }
+  }
+}
--- a/2-nomad-config/services.tf
+++ b/2-nomad-config/services.tf
@@ -88,6 +88,31 @@ data "sops_file" "secrets" {
  source_file = "secrets.enc.json"
 }

+resource "nomad_csi_volume_registration" "unraid_database_dump" {
+  #Note: Before chaning the definition of this volume you need to stop the jobs that are using it
+  depends_on  = [data.nomad_plugin.smb]
+  plugin_id  = "smb"
+  
+  volume_id  = "unraid_database_dump"
+  name = "unraid_database_dump"
+
+  external_id = "unraid_database_dump"
+
+  capability {
+    access_mode     = "single-node-writer"
+    attachment_mode = "file-system"
+  }
+
+  context = {
+    source = "//192.168.1.192/database-dump"
+  }
+
+  secrets = {
+    "username" = "nomad"
+    "password" = data.sops_file.secrets.data["unraid.nomad"]
+  }
+}
+
 resource "nomad_csi_volume_registration" "unraid_appdata_transferfilebrowser" {
  #Note: Before chaning the definition of this volume you need to stop the jobs that are using it
  depends_on  = [data.nomad_plugin.smb]
@@ -113,3 +138,7 @@ resource "nomad_csi_volume_registration" "unraid_appdata_transferfilebrowser" {
    "password" = data.sops_file.secrets.data["unraid.nomad"]
  }
 }
+
+resource "nomad_job" "pgbackup" {
+  jobspec = file("pgbackup.nomad.hcl")
+}