Adrian Cowan
e695485353
All checks were successful
CI / Terraform fmt + validate (pull_request) Successful in 27s
CI / Nomad job spec validate (pull_request) Successful in 22s
CI / Docker image pull validation (pull_request) Successful in 16s
CI / Terraform fmt + validate (push) Successful in 23s
CI / Nomad job spec validate (push) Successful in 22s
CI / Docker image pull validation (push) Has been skipped
- traefik: TCP → HTTP check on /ping (enable ping entrypoint) - gitea: check path → /api/healthz - jellyfin: TCP → HTTP check on /health - glance: TCP → HTTP check on / - sonarr/prowlarr: check path / → /ping (×2 checks each) - ntfy/transfer/deluge/openreader/authelia/pgadmin: add name and port to existing checks - postgres: remove invalid TCP check (Connect-enabled service) - unifi: TCP → script check via curl (macvlan host isolation workaround)
72 lines
1.8 KiB
HCL
72 lines
1.8 KiB
HCL
job "postgres" {
|
|
group "postgres" {
|
|
service {
|
|
name = "postgres"
|
|
port = "db"
|
|
|
|
connect {
|
|
sidecar_service {}
|
|
}
|
|
|
|
# Note: TCP checks are not valid for Connect-enabled services (runs through
|
|
# Envoy sidecar). Postgres is a single-writer DB that we never canary, so
|
|
# observable health via Consul is lower priority than other services.
|
|
}
|
|
|
|
task "postgres" {
|
|
driver = "docker"
|
|
|
|
config {
|
|
# Temporarily pin to v17 as v18 moved the default data directory and immich doesn't officially support it yet
|
|
# immich also needs >= 0.3.0, < 0.5.0. https://docs.immich.app/administration/postgres-standalone/#prerequisites
|
|
#image = "postgres:17"
|
|
image = "tensorchord/vchord-postgres:pg17-v0.4.3"
|
|
ports = ["db"]
|
|
|
|
volumes = [
|
|
"secrets/postgres_password:/run/secrets/postgres_password"
|
|
]
|
|
}
|
|
|
|
volume_mount {
|
|
volume = "data"
|
|
destination = "/var/lib/postgresql/data"
|
|
read_only = false
|
|
}
|
|
|
|
env {
|
|
POSTGRES_USER = "postgres"
|
|
POSTGRES_PASSWORD_FILE = "/run/secrets/postgres_password"
|
|
POSTGRES_INITDB_ARGS = "--auth-host=md5"
|
|
}
|
|
|
|
resources {
|
|
cpu = 500
|
|
memory = 1024
|
|
}
|
|
|
|
template {
|
|
# This securely sets the initial password for the postgres user, to change it later
|
|
# you need to connect to the database and change it manually
|
|
data = <<EOF
|
|
{{ with nomadVar "nomad/jobs/postgres" }}{{ .postgres_password }}{{ end }}
|
|
EOF
|
|
destination = "secrets/postgres_password"
|
|
}
|
|
}
|
|
|
|
network {
|
|
mode = "bridge"
|
|
port "db" {
|
|
static = 5432
|
|
}
|
|
}
|
|
|
|
volume "data" {
|
|
type = "host"
|
|
read_only = false
|
|
source = "postgres"
|
|
}
|
|
}
|
|
}
|