homelab-nomad/backups/oneoff.nomad

variable "nextcloud_backup" {
  type = string
  description = "HCL config for Restic Scheduler jobs"
}

job "backup-oneoff" {
  datacenters = ["dc1"]
  type = "batch"

  parameterized {
    meta_required = ["job_name"]
    meta_optional = ["task", "snapshot"]

  }

  meta {
    task = "backup"
    snapshot = "latest"
  }

  group "nextcloud" {
    count = 1

    network {
      mode = "bridge"
    }

    volume "nextcloud-data" {
      type = "host"
      read_only = true
      source = "nextcloud-data"
    }

    volume "gitea-data" {
      type = "host"
      read_only = true
      source = "gitea-data"
    }

    volume "authentik-data" {
      type = "host"
      read_only = true
      source = "authentik-data"
    }

    service {
      connect {
        sidecar_service {
          proxy {
            upstreams {
              destination_name = "mysql-server"
              local_bind_port = 6060
            }

            config {
              protocol = "tcp"
            }
          }
        }

        sidecar_task {
          resources {
            cpu    = 50
            memory = 50
          }
        }
      }
    }

    task "backup" {
      driver = "docker"

      volume_mount {
        volume = "nextcloud-data"
        destination = "/data/nextcloud"
        read_only = false
      }

      volume_mount {
        volume = "gitea-data"
        destination = "/data/gitea"
        read_only = false
      }

      volume_mount {
        volume = "authentik-data"
        destination = "/data/authentik"
        read_only = false
      }

      config {
        image = "iamthefij/resticscheduler"
        ports = ["backup"]
        args = [
          "-once",
          "-${NOMAD_META_task}",
          "${NOMAD_META_job_name}",
          "/jobs/nextcloud.hcl",
        ]

        mount {
          type = "bind"
          target = "/jobs"
          source = "jobs"
        }
      }

      env = {
        "MYSQL_HOST" = "${NOMAD_UPSTREAM_IP_mysql_server}"
        "MYSQL_PORT" = "${NOMAD_UPSTREAM_PORT_mysql_server}"
        # TODO: Add user with access to all databases or variables for each user
        "MYSQL_DATABASE" = "nextcloud"
        "MYSQL_USER" = "nextcloud"
        "MYSQL_PASSWORD" = "nextcloud"

        # TODO: Something from vault
        "BACKUP_PASSPHRASE" = "secretpass"
      }

      template {
        data = var.nextcloud_backup
        destination = "jobs/nextcloud.hcl"
      }

      resources {
        cpu = 50
        memory = 256
      }
    }
  }
}
Add dedicated backup module and jobs Possible alternative to backups deployed with each job 2022-05-18 21:23:28 +00:00			`variable "nextcloud_backup" {`
			`type = string`
			`description = "HCL config for Restic Scheduler jobs"`
			`}`

			`job "backup-oneoff" {`
			`datacenters = ["dc1"]`
			`type = "batch"`

			`parameterized {`
			`meta_required = ["job_name"]`
			`meta_optional = ["task", "snapshot"]`

			`}`

			`meta {`
			`task = "backup"`
			`snapshot = "latest"`
			`}`

			`group "nextcloud" {`
			`count = 1`

			`network {`
			`mode = "bridge"`
			`}`

			`volume "nextcloud-data" {`
			`type = "host"`
			`read_only = true`
			`source = "nextcloud-data"`
			`}`

			`volume "gitea-data" {`
			`type = "host"`
			`read_only = true`
			`source = "gitea-data"`
			`}`

			`volume "authentik-data" {`
			`type = "host"`
			`read_only = true`
			`source = "authentik-data"`
			`}`

			`service {`
			`connect {`
			`sidecar_service {`
			`proxy {`
			`upstreams {`
			`destination_name = "mysql-server"`
			`local_bind_port = 6060`
			`}`

			`config {`
			`protocol = "tcp"`
			`}`
			`}`
			`}`

			`sidecar_task {`
			`resources {`
			`cpu = 50`
			`memory = 50`
			`}`
			`}`
			`}`
			`}`

			`task "backup" {`
			`driver = "docker"`

			`volume_mount {`
			`volume = "nextcloud-data"`
			`destination = "/data/nextcloud"`
			`read_only = false`
			`}`

			`volume_mount {`
			`volume = "gitea-data"`
			`destination = "/data/gitea"`
			`read_only = false`
			`}`

			`volume_mount {`
			`volume = "authentik-data"`
			`destination = "/data/authentik"`
			`read_only = false`
			`}`

			`config {`
			`image = "iamthefij/resticscheduler"`
			`ports = ["backup"]`
			`args = [`
			`"-once",`
			`"-${NOMAD_META_task}",`
			`"${NOMAD_META_job_name}",`
			`"/jobs/nextcloud.hcl",`
			`]`

			`mount {`
			`type = "bind"`
			`target = "/jobs"`
			`source = "jobs"`
			`}`
			`}`

			`env = {`
			`"MYSQL_HOST" = "${NOMAD_UPSTREAM_IP_mysql_server}"`
			`"MYSQL_PORT" = "${NOMAD_UPSTREAM_PORT_mysql_server}"`
			`# TODO: Add user with access to all databases or variables for each user`
			`"MYSQL_DATABASE" = "nextcloud"`
			`"MYSQL_USER" = "nextcloud"`
			`"MYSQL_PASSWORD" = "nextcloud"`

			`# TODO: Something from vault`
			`"BACKUP_PASSPHRASE" = "secretpass"`
			`}`

			`template {`
			`data = var.nextcloud_backup`
			`destination = "jobs/nextcloud.hcl"`
			`}`

			`resources {`
			`cpu = 50`
			`memory = 256`
			`}`
			`}`
			`}`
			`}`