#To Configure vault
# vault secrets enable database
# vault write database/config/postgresql  plugin_name=postgresql-database-plugin   connection_url="postgresql://{{username}}:{{password}}@postgres.service.consul:5432/postgres?sslmode=disable"   allowed_roles="*"     username="root"     password="rootpassword"
# vault write database/roles/readonly db_name=postgresql     creation_statements=@readonly.sql     default_ttl=1h max_ttl=24h

job "postgres" {
  datacenters = ["nummer5"]
  type = "service"

  group "service" {
    count = 1
    volume "postgres-data" {
        type = "csi"
        read_only = false
        source = "postgresql"
        access_mode = "single-node-writer"
        attachment_mode = "file-system"
    }
    task "postgres" {
      driver = "podman"
      config {
        image = "docker.io/postgres:13"
        network_mode = "host"
        port_map {
          db = 5432
        }
      }
      volume_mount {
        volume = "postgres-data"
        destination = "/var/lib/postgresql/data"
      }
      env {
          POSTGRES_USER="root"
          POSTGRES_PASSWORD="pg2020"
      }

      logs {
        max_files     = 5
        max_file_size = 15
      }
      
      resources {
        cpu = 1000
        memory = 1024
        network {
          port  "db"  {
            static = 5432
          }
        }
      }
      service {
        name = "postgres"
        tags = ["postgres for vault"]
        port = "db"

        check {
          name     = "alive"
          type     = "tcp"
          interval = "60s"
          timeout  = "2s"
        }
      }
    }
    restart {
      attempts = 10
      interval = "5m"
      delay = "25s"
      mode = "delay"
    }

  }

  update {
    max_parallel = 1
    min_healthy_time = "5s"
    healthy_deadline = "9m"
    auto_revert = false
    canary = 0
  }
}