From 34fd33ad87a8eaaaf69ff4784f0d0570c9f207de Mon Sep 17 00:00:00 2001
From: "Chinmay D. Pai" <chinmay.pai@zerodha.com>
Date: Fri, 20 Oct 2023 13:34:03 +0530
Subject: [PATCH] feat: add module for nomad

add a nix module for setting up nomad server/client
remove explicitly installed nomad package

Signed-off-by: Chinmay D. Pai <chinmay.pai@zerodha.com>
---
 machines/trench/default.nix        |  6 ++--
 modules/programs/nomad/default.nix | 55 ++++++++++++++++++++++++++++++
 2 files changed, 57 insertions(+), 4 deletions(-)
 create mode 100644 modules/programs/nomad/default.nix

diff --git a/machines/trench/default.nix b/machines/trench/default.nix
index ba9e6e8..82873c9 100644
--- a/machines/trench/default.nix
+++ b/machines/trench/default.nix
@@ -5,12 +5,10 @@
     ../../modules/nixos/core-server.nix
     ../../modules/nixos/user-group.nix
     ../../modules/programs/nixvim
+    ../../modules/programs/nomad
   ];
 
-  environment.systemPackages = with pkgs; [
-    nomad_1_6
-    tailscale
-  ];
+  environment.systemPackages = with pkgs; [tailscale];
 
   services = {
     unifi = {
diff --git a/modules/programs/nomad/default.nix b/modules/programs/nomad/default.nix
new file mode 100644
index 0000000..67a131e
--- /dev/null
+++ b/modules/programs/nomad/default.nix
@@ -0,0 +1,55 @@
+{pkgs, ...}: {
+  services = {
+    nomad = {
+      enable = true;
+      enableDocker = true;
+      extraPackages = with pkgs; [cni-plugins];
+      package = pkgs.nomad_1_6;
+      settings = {
+        datacenter = "trench";
+        bind_addr = "{{ GetInterfaceIP \"enp6s0\" }}";
+
+        advertise = {
+          http = "{{ GetInterfaceIP \"enp6s0\" }}";
+          rpc = "{{ GetInterfaceIP \"enp6s0\" }}";
+          serf = "{{ GetInterfaceIP \"enp6s0\" }}";
+        };
+
+        acl = {
+          enabled = true;
+        };
+
+        consul = {
+          auto_advertise = false;
+          server_auto_join = false;
+          client_auto_join = false;
+        };
+
+        telemetry = {
+          collection_interval = "15s";
+          disable_hostname = true;
+          prometheus_metrics = true;
+          publish_allocation_metrics = true;
+          publish_node_metrics = true;
+        };
+
+        server = {
+          enabled = true;
+          bootstrap_expect = 1;
+          encrypt = "I5aj2gi4NYNvaUWuuaEDQVMtiu6G8PogWw3Oo2TplnI=";
+        };
+
+        client = {
+          enabled = true;
+        };
+
+        plugin."docker".config = {
+          allow_privileged = true;
+          volumes = {
+            enabled = true;
+          };
+        };
+      };
+    };
+  };
+}