Add initial PostgreSQL and pgAdmin services with Nomad configuration

2-nomad-config/pgadmin.nomad.hcl

@@ -0,0 +1,97 @@
+job "pgadmin" {
+  group "pgadmin" {
+    service {
+      connect {
+        sidecar_service {
+          proxy {
+            upstreams {
+              destination_name = "postgres"
+              local_bind_port  = 5432
+            }
+          }
+        }
+      }
+    }
+
+    network {
+      mode = "bridge"
+      port "http" {
+        to = 80
+      }
+    }
+
+    task "pgadmin" {
+      driver = "docker"
+
+      config {
+        image = "dpage/pgadmin4:latest"
+        ports = ["http"]
+
+        volumes = [
+          "local/servers.json:/pgadmin4/servers.json",
+          "secrets/.pgpass:/home/.pgpass"
+        ]
+      }
+
+      env = {
+        PGADMIN_DEFAULT_EMAIL    = "othrayte@gmail.com"
+        PGADMIN_DEFAULT_PASSWORD = "admin"
+        PGADMIN_CONFIG_WTF_CSRF_ENABLED = "False"
+        PGADMIN_CONFIG_WTF_CSRF_CHECK_DEFAULT = "False"
+        PGADMIN_CONFIG_ENHANCED_COOKIE_PROTECTION = "False"
+        PGADMIN_CONFIG_SERVER_MODE = "False"
+        PGADMIN_CONFIG_MASTER_PASSWORD_REQUIRED = "False"
+      }
+
+      resources {
+        cpu    = 500
+        memory = 256
+      }
+
+      service {
+        name = "pgadmin"
+        port = "http"
+
+        tags = [
+          "traefik.enable=true",
+          "traefik.http.routers.pgadmin.middlewares=auth@file",
+        ]
+
+        check {
+          type     = "http"
+          path     = "/"
+          interval = "10s"
+          timeout  = "2s"
+        }
+      }
+
+      template {
+        data = <<EOF
+{
+  "Servers": {
+    "1": {
+      "Group": "Servers",
+      "Name": "postgres",
+      "Host": "localhost",
+      "Port": 5432,
+      "MaintenanceDB": "postgres",
+      "Username": "postgres",
+      "PassFile": "/home/.pgpass"
+    }
+  }
+}
+EOF
+        destination = "local/servers.json"
+      }
+
+      template {
+        data = <<EOF
+localhost:5432:*:postgres:{{ with nomadVar "nomad/jobs/postgres" }}{{ .postgress_password }}{{ end }}
+EOF
+        destination = "secrets/.pgpass"
+        perms = "0400"
+        uid = 5050 # pgadmin
+      }
+    }
+  }
+}

2-nomad-config/postgres.nomad.hcl

@@ -0,0 +1,64 @@
+job "postgres" {
+  group "postgres" {
+    service {
+      name = "postgres"
+      port = "db"
+      
+      connect {
+        sidecar_service {}
+      }
+    }
+
+    task "postgres" {
+      driver = "docker"
+
+      config {
+        image = "postgres:latest"
+        ports = ["db"]
+
+        volumes = [
+          "secrets/postgres_password:/run/secrets/postgres_password"
+        ]
+      }
+
+      volume_mount {
+        volume      = "data"
+        destination = "/var/lib/postgresql/data"
+        read_only   = false
+      }
+
+      env {
+        POSTGRES_USER = "postgres"
+        POSTGRES_PASSWORD_FILE = "/run/secrets/postgres_password"
+        POSTGRES_INITDB_ARGS = "--auth-host=md5"
+      }
+
+      resources {
+        cpu    = 500
+        memory = 512
+      }
+
+      template {
+        # This securely sets the initial password for the postgres user, to change it later
+        # you need to connect to the database and change it manually
+        data = <<EOF
+{{ with nomadVar "nomad/jobs/postgres" }}{{ .postgress_password }}{{ end }}
+EOF
+        destination = "secrets/postgres_password"
+      }
+    }
+
+    network {
+      mode = "bridge"
+      port "db" {
+        static = 5432
+      }
+    }
+
+    volume "data" {
+      type      = "host"
+      read_only = false
+      source    = "postgres"
+    }
+  }
+}

2-nomad-config/services.tf

@@ -42,6 +42,14 @@ resource "nomad_job" "csi-smb" {
   jobspec = file("csi-smb.nomad.hcl")
 }
 
+resource "nomad_job" "postgres" {
+  jobspec = file("postgres.nomad.hcl")
+}
+
+resource "nomad_job" "pgadmin" {
+  jobspec = file("pgadmin.nomad.hcl")
+}
+
 data "nomad_plugin" "smb" {
   plugin_id        = "smb"
   wait_for_healthy = true