Ian Fijolek
f5898b0283
Allows required jobs to access shared secrets and auto generates psks for stunnel. Currently supporting MySQL, Postgres, and LDAP.
75 lines
1.3 KiB
HCL
75 lines
1.3 KiB
HCL
resource "nomad_job" "mysql-server" {
|
|
hcl2 {
|
|
enabled = true
|
|
}
|
|
|
|
jobspec = file("${path.module}/mysql.nomad")
|
|
|
|
# Block until deployed as there are servics dependent on this one
|
|
detach = false
|
|
}
|
|
|
|
resource "nomad_acl_policy" "secrets_mysql" {
|
|
name = "secrets-mysql"
|
|
description = "Give access to MySQL secrets"
|
|
rules_hcl = <<EOH
|
|
namespace "default" {
|
|
variables {
|
|
path "secrets/mysql/*" {
|
|
capabilities = ["read"]
|
|
}
|
|
}
|
|
}
|
|
EOH
|
|
|
|
job_acl {
|
|
job_id = resource.nomad_job.mysql-server.id
|
|
}
|
|
}
|
|
|
|
resource "nomad_job" "postgres-server" {
|
|
hcl2 {
|
|
enabled = true
|
|
}
|
|
|
|
jobspec = file("${path.module}/postgres.nomad")
|
|
|
|
# Block until deployed as there are servics dependent on this one
|
|
detach = false
|
|
}
|
|
|
|
resource "nomad_acl_policy" "secrets_postgres" {
|
|
name = "secrets-postgres"
|
|
description = "Give access to Postgres secrets"
|
|
rules_hcl = <<EOH
|
|
namespace "default" {
|
|
variables {
|
|
path "secrets/postgres/*" {
|
|
capabilities = ["read"]
|
|
}
|
|
}
|
|
}
|
|
EOH
|
|
|
|
job_acl {
|
|
job_id = resource.nomad_job.postgres-server.id
|
|
}
|
|
}
|
|
|
|
resource "nomad_job" "redis" {
|
|
for_each = toset(["blocky", "authelia"])
|
|
|
|
hcl2 {
|
|
enabled = true
|
|
}
|
|
|
|
jobspec = templatefile("${path.module}/redis.nomad",
|
|
{
|
|
name = each.key,
|
|
}
|
|
)
|
|
|
|
# Block until deployed as there are servics dependent on this one
|
|
detach = false
|
|
}
|