homelab-nomad/databases/main.tf

resource "nomad_job" "mysql-server" {
  jobspec = file("${path.module}/mysql.nomad")

  # Block until deployed as there are servics dependent on this one
  detach = false
}

resource "nomad_acl_policy" "secrets_mysql" {
  name        = "secrets-mysql"
  description = "Give access to MySQL secrets"
  rules_hcl   = <<EOH
namespace "default" {
  variables {
    path "secrets/mysql/*" {
      capabilities = ["read"]
    }
  }
}
EOH

  job_acl {
    job_id = resource.nomad_job.mysql-server.id
  }
}

resource "nomad_job" "postgres-server" {
  jobspec = file("${path.module}/postgres.nomad")

  # Block until deployed as there are servics dependent on this one
  detach = false
}

resource "nomad_acl_policy" "secrets_postgres" {
  name        = "secrets-postgres"
  description = "Give access to Postgres secrets"
  rules_hcl   = <<EOH
namespace "default" {
  variables {
    path "secrets/postgres/*" {
      capabilities = ["read"]
    }
  }
}
EOH

  job_acl {
    job_id = resource.nomad_job.postgres-server.id
  }
}

resource "nomad_job" "redis" {
  for_each = toset(["blocky", "authelia"])

  jobspec = templatefile("${path.module}/redis.nomad",
    {
      name = each.key,
    }
  )

  # Block until deployed as there are servics dependent on this one
  detach = false
}
Add Postgres database to cluster 2023-05-03 21:16:47 +00:00			`resource "nomad_job" "mysql-server" {`
			`jobspec = file("${path.module}/mysql.nomad")`

			`# Block until deployed as there are servics dependent on this one`
			`detach = false`
			`}`

Add workload ACL management for mysql and postgres access Allows required jobs to access shared secrets and auto generates psks for stunnel. Currently supporting MySQL, Postgres, and LDAP. 2023-08-29 19:48:48 +00:00			`resource "nomad_acl_policy" "secrets_mysql" {`
			`name = "secrets-mysql"`
			`description = "Give access to MySQL secrets"`
			`rules_hcl = <<EOH`
			`namespace "default" {`
			`variables {`
			`path "secrets/mysql/*" {`
			`capabilities = ["read"]`
			`}`
			`}`
			`}`
			`EOH`

			`job_acl {`
			`job_id = resource.nomad_job.mysql-server.id`
			`}`
			`}`

Add Postgres database to cluster 2023-05-03 21:16:47 +00:00			`resource "nomad_job" "postgres-server" {`
			`jobspec = file("${path.module}/postgres.nomad")`

			`# Block until deployed as there are servics dependent on this one`
			`detach = false`
			`}`

Add workload ACL management for mysql and postgres access Allows required jobs to access shared secrets and auto generates psks for stunnel. Currently supporting MySQL, Postgres, and LDAP. 2023-08-29 19:48:48 +00:00			`resource "nomad_acl_policy" "secrets_postgres" {`
			`name = "secrets-postgres"`
			`description = "Give access to Postgres secrets"`
			`rules_hcl = <<EOH`
			`namespace "default" {`
			`variables {`
			`path "secrets/postgres/*" {`
			`capabilities = ["read"]`
			`}`
			`}`
			`}`
			`EOH`

			`job_acl {`
			`job_id = resource.nomad_job.postgres-server.id`
			`}`
			`}`

Add Postgres database to cluster 2023-05-03 21:16:47 +00:00			`resource "nomad_job" "redis" {`
Enable redis for authelia This also splits redis instances by service 2023-07-07 22:50:23 +00:00			`for_each = toset(["blocky", "authelia"])`

			`jobspec = templatefile("${path.module}/redis.nomad",`
			`{`
			`name = each.key,`
			`}`
			`)`
Add Postgres database to cluster 2023-05-03 21:16:47 +00:00
			`# Block until deployed as there are servics dependent on this one`
			`detach = false`
			`}`