job "backup_daily" { datacenters = ["orion", "neptune"] type = "batch" priority = "60" periodic { cron = "@daily" // Do not allow overlapping runs. prohibit_overlap = true } group "backup-dovecot" { constraint { attribute = "${attr.unique.hostname}" operator = "=" value = "doradille" } task "main" { driver = "docker" config { image = "restic/restic:0.14.0" entrypoint = [ "/bin/sh", "-c" ] args = [ "restic backup /mail && restic forget --group-by paths --keep-within 1m1d --keep-within-weekly 3m --keep-within-monthly 1y && restic prune --max-unused 50% --max-repack-size 2G && restic check" ] volumes = [ "/mnt/ssd/mail:/mail" ] } template { data = < $NOMAD_ALLOC_DIR/consul.json" ] volumes = [ "secrets:/etc/consul", ] } env { CONSUL_HTTP_ADDR = "https://consul.service.prod.consul:8501" CONSUL_HTTP_SSL = "true" CONSUL_CACERT = "/etc/consul/consul.crt" CONSUL_CLIENT_CERT = "/etc/consul/consul-client.crt" CONSUL_CLIENT_KEY = "/etc/consul/consul-client.key" } resources { cpu = 200 memory = 200 } template { data = "{{ key \"secrets/consul/consul.crt\" }}" destination = "secrets/consul.crt" } template { data = "{{ key \"secrets/consul/consul-client.crt\" }}" destination = "secrets/consul-client.crt" } template { data = "{{ key \"secrets/consul/consul-client.key\" }}" destination = "secrets/consul-client.key" } restart { attempts = 2 interval = "30m" delay = "15s" mode = "fail" } } task "restic-backup" { driver = "docker" config { image = "restic/restic:0.12.1" entrypoint = [ "/bin/sh", "-c" ] args = [ "restic backup $NOMAD_ALLOC_DIR/consul.json && restic forget --group-by paths --keep-within 1m1d --keep-within-weekly 3m --keep-within-monthly 1y && restic prune --max-unused 50% --max-repack-size 2G && restic check" ] } template { data = <