Move nomad var secrets to secrets.enc.json

2-nomad-config/1-infra.tf

@@ -33,6 +33,15 @@ resource "nomad_job" "authelia" {
   jobspec = file("authelia.nomad.hcl")
 }
 
+resource "nomad_variable" "authelia" {
+  path = "nomad/jobs/authelia"
+  items = {
+    session_secret = data.sops_file.secrets.data["authelia.session_secret"]
+    jwt_secret     = data.sops_file.secrets.data["authelia.jwt_secret"]
+    encryption_key = data.sops_file.secrets.data["authelia.encryption_key"]
+  }
+}
+
 // Data
 
 resource "nomad_job" "csi-smb" {
@@ -56,6 +65,13 @@ resource "nomad_job" "pgbackup" {
   jobspec = file("pgbackup.nomad.hcl")
 }
 
+resource "nomad_variable" "postgres" {
+  path = "nomad/jobs/postgres"
+  items = {
+    postgres_password = data.sops_file.secrets.data["postgres.postgres"]
+  }
+}
+
 resource "nomad_csi_volume_registration" "unraid_database_dump" {
   #Note: Before chaning the definition of this volume you need to stop the jobs that are using it
   depends_on = [data.nomad_plugin.smb]