feat: add module for nomad

add a nix module for setting up nomad server/client
remove explicitly installed nomad package

Signed-off-by: Chinmay D. Pai <chinmay.pai@zerodha.com>

machines/trench/default.nix

@@ -5,12 +5,10 @@
     ../../modules/nixos/core-server.nix
     ../../modules/nixos/user-group.nix
     ../../modules/programs/nixvim
+    ../../modules/programs/nomad
   ];
 
-  environment.systemPackages = with pkgs; [
+  environment.systemPackages = with pkgs; [tailscale];
-    nomad_1_6
-    tailscale
-  ];
 
   services = {
     unifi = {

modules/programs/nomad/default.nix

@@ -0,0 +1,55 @@
+{pkgs, ...}: {
+  services = {
+    nomad = {
+      enable = true;
+      enableDocker = true;
+      extraPackages = with pkgs; [cni-plugins];
+      package = pkgs.nomad_1_6;
+      settings = {
+        datacenter = "trench";
+        bind_addr = "{{ GetInterfaceIP \"enp6s0\" }}";
+
+        advertise = {
+          http = "{{ GetInterfaceIP \"enp6s0\" }}";
+          rpc = "{{ GetInterfaceIP \"enp6s0\" }}";
+          serf = "{{ GetInterfaceIP \"enp6s0\" }}";
+        };
+
+        acl = {
+          enabled = true;
+        };
+
+        consul = {
+          auto_advertise = false;
+          server_auto_join = false;
+          client_auto_join = false;
+        };
+
+        telemetry = {
+          collection_interval = "15s";
+          disable_hostname = true;
+          prometheus_metrics = true;
+          publish_allocation_metrics = true;
+          publish_node_metrics = true;
+        };
+
+        server = {
+          enabled = true;
+          bootstrap_expect = 1;
+          encrypt = "I5aj2gi4NYNvaUWuuaEDQVMtiu6G8PogWw3Oo2TplnI=";
+        };
+
+        client = {
+          enabled = true;
+        };
+
+        plugin."docker".config = {
+          allow_privileged = true;
+          volumes = {
+            enabled = true;
+          };
+        };
+      };
+    };
+  };
+}