job "postgres" {
  datacenters = ["dc1"]
  type = "service"

  group "database" {
    count = 1

    network {
      mode = "bridge"
      port "ingress" {
        to = 5432
      }
    }

    volume "postgres-data" {
      type      = "host"
      source    = "postgres"
    }

    service {
      # Make available to other services by the 'postgres' name
      name = "postgres"
      port = "5432"
      tags = ["traefik.enable=false"] # Hide postgres from traefik

      # Make available through the consul service mesh
      connect {
        sidecar_service {
          tags = ["traefik.enable=false"] # Hide postgres envoy from traefik
        }
      }
    }

    task "postgres" {
      driver = "docker"

      volume_mount {
        volume      = "postgres-data"
        destination = "/var/lib/postgresql/data"
      }

      config {
        image = "postgres:16.1-alpine3.19"
        ports = ["ingress"]
      }

      env = {
        POSTGRES_USER="op://InfraSecrets/Postgres Root/username",
        POSTGRES_PASSWORD="op://InfraSecrets/Postgres Root/password"
      }
    }
  }
}