job "postgres" {
  datacenters = ["dc1"]
  type = "service"
  priority = 80

  group "postgres" {
    count = 1

    restart {
      attempts = 10
      interval = "5m"
      delay = "25s"
      mode = "delay"
    }

    network {
      mode = "bridge"
      port "db" {
        host_network = "loopback"
        to = 5432
      }
    }

    volume "postgres-data" {
      type = "host"
      read_only = false
      source = "postgres-data"
    }

    service {
      name = "postgres"
      port = "db"

      connect {
        sidecar_service {
          proxy {
            local_service_port = 5432
          }
        }

        sidecar_task {
          resources {
            cpu    = 50
            memory = 50
          }
        }
      }

      # Can't use a tcp check with bridge network or proxy
      # check {
      #   type = "tcp"
      #   interval = "10s"
      #   timeout = "2s"
      # }
    }

    task "postgres" {
      driver = "docker"

      config {
        image = "postgres:14"
        ports = ["db"]
      }

      vault {
        policies = [
          "access-tables",
          "nomad-task",
        ]
      }

      volume_mount {
        volume = "postgres-data"
        destination = "/var/lib/postgresql/data"
        read_only = false
      }

      env = {
        PGDATA = "/var/lib/postgresql/data/pgdata"
      }

      template {
        data = <<EOH
{{ with secret "kv/data/postgres" }}
POSTGRES_PASSWORD={{ .Data.data.superuser_password }}
{{ end }}
        EOH
        destination = "secrets/db.env"
        env = true
      }

      resources {
        cpu = 300
        memory = 1024
      }
    }
  }
}