One missing firewall, two independent issues.

- Nomad was exposing environment variables though its API, which is a huge deal.
- Some pgbouncer instances may have been exposed, which is a second huge fucking deal, especially for an attacker that has already found the first one.

The issue lasted less than 12 days and is of course fixed by now, but would have given an attacker complete access to everything.
Again i consider us lucky because nothing noticeably bad has happened.