homelab-nomad/backups/backup.nomad

189 lines
4.0 KiB
Plaintext
Raw Normal View History

job "backup%{ if batch_node != null }-oneoff-${batch_node}%{ endif }" {
datacenters = ["dc1"]
2022-11-18 16:58:38 +00:00
priority = 90
%{ if batch_node == null ~}
type = "system"
%{ else ~}
type = "batch"
parameterized {
meta_required = ["job_name"]
meta_optional = ["task", "snapshot"]
}
meta {
task = "backup"
snapshot = "latest"
}
%{ endif ~}
2023-08-03 04:33:16 +00:00
%{ if batch_node != null ~}
constraint {
attribute = "$${node.unique.name}"
value = "${batch_node}"
}
%{ endif ~}
group "backup" {
network {
mode = "bridge"
port "metrics" {
host_network = "wesher"
to = 8080
}
}
volume "all-volumes" {
type = "host"
2022-07-28 05:04:22 +00:00
read_only = false
source = "all-volumes"
}
service {
name = "backup"
2023-03-24 18:24:36 +00:00
provider = "nomad"
port = "metrics"
2023-03-24 18:24:36 +00:00
tags = [
"prometheus.scrape"
]
}
task "backup" {
driver = "docker"
volume_mount {
volume = "all-volumes"
destination = "/data"
2022-07-28 05:04:22 +00:00
read_only = false
}
config {
image = "iamthefij/resticscheduler:0.2.0"
ports = ["metrics"]
args = [
%{ if batch_node != null ~}
"-once",
"-$${NOMAD_META_task}",
"$${NOMAD_META_job_name}",
"--snapshot",
"$${NOMAD_META_snapshot}",
"--push-gateway",
"http://pushgateway.nomad:9091",
%{ endif ~}
"$${NOMAD_TASK_DIR}/node-jobs.hcl",
]
}
env = {
2022-11-04 05:17:48 +00:00
"RCLONE_CHECKERS" = "2"
"RCLONE_TRANSFERS" = "2"
"RCLONE_FTP_CONCURRENCY" = "5"
2022-07-22 02:03:40 +00:00
}
2022-07-22 02:03:40 +00:00
template {
data = <<EOF
MYSQL_HOST=127.0.0.1
MYSQL_PORT=3306
2023-03-24 18:24:36 +00:00
# TODO: Move this to new mysql root pass path
{{ with nomadVar "nomad/jobs" }}
2022-11-03 03:30:04 +00:00
MYSQL_USER=root
2023-03-24 18:24:36 +00:00
MYSQL_PASSWORD={{ .mysql_root_password }}
2022-11-03 22:10:09 +00:00
{{ end -}}
{{ with nomadVar (print "nomad/jobs/" (env "NOMAD_JOB_ID")) -}}
2023-03-24 18:24:36 +00:00
BACKUP_PASSPHRASE={{ .backup_passphrase }}
RCLONE_FTP_HOST={{ .nas_ftp_host }}
RCLONE_FTP_USER={{ .nas_ftp_user }}
RCLONE_FTP_PASS={{ .nas_ftp_pass.Value | toJSON }}
2022-07-28 05:04:22 +00:00
RCLONE_FTP_EXPLICIT_TLS=true
RCLONE_FTP_NO_CHECK_CERTIFICATE=true
{{ end -}}
2022-07-22 02:03:40 +00:00
EOF
destination = "secrets/db.env"
env = true
}
2022-07-25 23:29:06 +00:00
template {
2022-07-22 02:03:40 +00:00
# Build jobs based on node
data = <<EOF
2023-03-25 06:34:23 +00:00
# Current node is {{ env "node.unique.name" }} {{ env "node.unique.id" }}
%{ for job_file in fileset(module_path, "jobs/*.hcl") ~}
{{ range nomadService 1 "backups" "${trimsuffix(basename(job_file), ".hcl")}" -}}
# ${trimsuffix(basename(job_file), ".hcl")} .Node {{ .Node }}
2023-03-25 06:34:23 +00:00
{{ if eq .Node (env "node.unique.id") -}}
${file("${module_path}/${job_file}")}
{{ end -}}
{{ end -}}
%{ endfor ~}
EOF
destination = "local/node-jobs.hcl"
}
resources {
cpu = 50
memory = 256
}
}
task "stunnel" {
driver = "docker"
lifecycle {
hook = "prestart"
sidecar = true
}
config {
image = "alpine:3.17"
args = ["/bin/sh", "$${NOMAD_TASK_DIR}/start.sh"]
}
resources {
cpu = 100
memory = 100
}
template {
data = <<EOF
set -e
apk add stunnel
exec stunnel {{ env "NOMAD_TASK_DIR" }}/stunnel.conf
EOF
destination = "$${NOMAD_TASK_DIR}/start.sh"
}
template {
data = <<EOF
syslog = no
foreground = yes
delay = yes
[mysql_client]
client = yes
accept = 127.0.0.1:3306
{{ range nomadService 1 (env "NOMAD_ALLOC_ID") "mysql-tls" -}}
connect = {{ .Address }}:{{ .Port }}
{{- end }}
PSKsecrets = {{ env "NOMAD_SECRETS_DIR" }}/mysql_stunnel_psk.txt
EOF
destination = "$${NOMAD_TASK_DIR}/stunnel.conf"
}
# TODO: Get psk for backup jobs despite multiple job declarations
# Probably should use variable ACLs to grant each node job to this path
template {
data = <<EOF
{{- with nomadVar (print "nomad/jobs/" (env "NOMAD_JOB_ID")) }}{{ .mysql_stunnel_psk }}{{ end -}}
EOF
destination = "$${NOMAD_SECRETS_DIR}/mysql_stunnel_psk.txt"
}
}
}
}