flakes/modules/programs/nomad/default.nix

{pkgs, ...}: {
  services = {
    nomad = {
      enable = true;
      dropPrivileges = false;
      enableDocker = true;
      extraPackages = with pkgs; [cni-plugins] ++ stdenv.initialPath;
      package = pkgs.nomad_1_6;
      settings = {
        datacenter = "trench";
        bind_addr = "{{ GetInterfaceIP \"enp6s0\" }}";

        advertise = {
          http = "{{ GetInterfaceIP \"enp6s0\" }}";
          rpc = "{{ GetInterfaceIP \"enp6s0\" }}";
          serf = "{{ GetInterfaceIP \"enp6s0\" }}";
        };

        acl = {
          enabled = true;
        };

        consul = {
          auto_advertise = false;
          server_auto_join = false;
          client_auto_join = false;
        };

        telemetry = {
          collection_interval = "15s";
          disable_hostname = true;
          prometheus_metrics = true;
          publish_allocation_metrics = true;
          publish_node_metrics = true;
        };

        server = {
          enabled = true;
          bootstrap_expect = 1;
          encrypt = "I5aj2gi4NYNvaUWuuaEDQVMtiu6G8PogWw3Oo2TplnI=";
        };

        client = {
          enabled = true;
          cni_path = "${pkgs.cni-plugins}/bin";
          artifact = {
            disable_filesystem_isolation = true;
          };
          # Required for `exec` driver deployments
          # bind-mounts the nix store to resolve symlinks
          host_volume = {
            "nix" = {
              path = "/nix";
              read_only = true;
            };
          };
        };

        plugin."docker".config = {
          allow_privileged = true;
          volumes = {
            enabled = true;
          };
        };
      };
    };
  };
}
feat: add module for nomad add a nix module for setting up nomad server/client remove explicitly installed nomad package Signed-off-by: Chinmay D. Pai <chinmay.pai@zerodha.com> 2023-10-20 13:34:03 +05:30			`{pkgs, ...}: {`
			`services = {`
			`nomad = {`
			`enable = true;`
chore: do not drop privileges for nomad Signed-off-by: Chinmay D. Pai <chinmay.pai@zerodha.com> 2023-10-20 14:42:35 +05:30			`dropPrivileges = false;`
feat: add module for nomad add a nix module for setting up nomad server/client remove explicitly installed nomad package Signed-off-by: Chinmay D. Pai <chinmay.pai@zerodha.com> 2023-10-20 13:34:03 +05:30			`enableDocker = true;`
fix: add nix store as host volume for nomad Signed-off-by: Chinmay D. Pai <chinmay.pai@zerodha.com> 2023-11-25 01:30:10 +05:30			`extraPackages = with pkgs; [cni-plugins] ++ stdenv.initialPath;`
feat: add module for nomad add a nix module for setting up nomad server/client remove explicitly installed nomad package Signed-off-by: Chinmay D. Pai <chinmay.pai@zerodha.com> 2023-10-20 13:34:03 +05:30			`package = pkgs.nomad_1_6;`
			`settings = {`
			`datacenter = "trench";`
			`bind_addr = "{{ GetInterfaceIP \"enp6s0\" }}";`

			`advertise = {`
			`http = "{{ GetInterfaceIP \"enp6s0\" }}";`
			`rpc = "{{ GetInterfaceIP \"enp6s0\" }}";`
			`serf = "{{ GetInterfaceIP \"enp6s0\" }}";`
			`};`

			`acl = {`
			`enabled = true;`
			`};`

			`consul = {`
			`auto_advertise = false;`
			`server_auto_join = false;`
			`client_auto_join = false;`
			`};`

			`telemetry = {`
			`collection_interval = "15s";`
			`disable_hostname = true;`
			`prometheus_metrics = true;`
			`publish_allocation_metrics = true;`
			`publish_node_metrics = true;`
			`};`

			`server = {`
			`enabled = true;`
			`bootstrap_expect = 1;`
			`encrypt = "I5aj2gi4NYNvaUWuuaEDQVMtiu6G8PogWw3Oo2TplnI=";`
			`};`

			`client = {`
			`enabled = true;`
chore: add cni_path to nomad client Signed-off-by: Chinmay D. Pai <chinmay.pai@zerodha.com> 2023-10-20 14:33:00 +05:30			`cni_path = "${pkgs.cni-plugins}/bin";`
chore: disable filesystem isolation for artifacts Signed-off-by: Chinmay D. Pai <chinmay.pai@zerodha.com> 2023-10-20 16:06:17 +05:30			`artifact = {`
			`disable_filesystem_isolation = true;`
			`};`
fix: add nix store as host volume for nomad Signed-off-by: Chinmay D. Pai <chinmay.pai@zerodha.com> 2023-11-25 01:30:10 +05:30			# Required for `exec` driver deployments
			`# bind-mounts the nix store to resolve symlinks`
			`host_volume = {`
			`"nix" = {`
			`path = "/nix";`
			`read_only = true;`
			`};`
			`};`
feat: add module for nomad add a nix module for setting up nomad server/client remove explicitly installed nomad package Signed-off-by: Chinmay D. Pai <chinmay.pai@zerodha.com> 2023-10-20 13:34:03 +05:30			`};`

			`plugin."docker".config = {`
			`allow_privileged = true;`
			`volumes = {`
			`enabled = true;`
			`};`
			`};`
			`};`
			`};`
			`};`
			`}`