50 lines
1019 B
Plaintext
50 lines
1019 B
Plaintext
|
|
||
|
|
job "vault-backup" {
|
||
|
|
datacenters = ["homelab"]
|
||
|
|
priority = 50
|
||
|
|
type = "batch"
|
||
|
|
meta {
|
||
|
|
forcedeploy = "0"
|
||
|
|
}
|
||
|
|
|
||
|
|
constraint {
|
||
|
|
attribute = "${attr.cpu.arch}"
|
||
|
|
value = "amd64"
|
||
|
|
}
|
||
|
|
periodic {
|
||
|
|
crons = ["30 3 * * *"]
|
||
|
|
prohibit_overlap = true
|
||
|
|
}
|
||
|
|
group "vault-backup" {
|
||
|
|
network {
|
||
|
|
mode = "host"
|
||
|
|
}
|
||
|
|
vault {
|
||
|
|
policies = ["vault-backup"]
|
||
|
|
}
|
||
|
|
task "vault-backup" {
|
||
|
|
driver = "docker"
|
||
|
|
config {
|
||
|
|
image = "ducampsv/docker-vault-backup:latest"
|
||
|
|
volumes = [
|
||
|
|
"/mnt/diskstation/git/backup/vault:/backup"
|
||
|
|
]
|
||
|
|
}
|
||
|
|
template {
|
||
|
|
data = <<EOH
|
||
|
|
{{ with secret "secrets/data/nomad/vault-backup"}}
|
||
|
|
VAULT_APPROLEID = "{{ .Data.data.VAULT_APPROLEID }}"
|
||
|
|
VAULT_SECRETID = "{{ .Data.data.VAULT_SECRETID }}"
|
||
|
|
{{end}}
|
||
|
|
EOH
|
||
|
|
destination = "secrets/secrets.env"
|
||
|
|
env = true
|
||
|
|
}
|
||
|
|
resources {
|
||
|
|
memory = 100
|
||
|
|
}
|
||
|
|
}
|
||
|
|
|
||
|
|
}
|
||
|
|
}
|