flakes/modules/programs/nomad/default.nix
Chinmay D. Pai 508b46b1da
chore: add cacert to nomad
Signed-off-by: Chinmay D. Pai <chinmay.pai@zerodha.com>
2023-10-20 16:32:18 +05:30

61 lines
1.4 KiB
Nix

{pkgs, ...}: {
services = {
nomad = {
enable = true;
dropPrivileges = false;
enableDocker = true;
extraPackages = with pkgs; [cni-plugins cacert];
package = pkgs.nomad_1_6;
settings = {
datacenter = "trench";
bind_addr = "{{ GetInterfaceIP \"enp6s0\" }}";
advertise = {
http = "{{ GetInterfaceIP \"enp6s0\" }}";
rpc = "{{ GetInterfaceIP \"enp6s0\" }}";
serf = "{{ GetInterfaceIP \"enp6s0\" }}";
};
acl = {
enabled = true;
};
consul = {
auto_advertise = false;
server_auto_join = false;
client_auto_join = false;
};
telemetry = {
collection_interval = "15s";
disable_hostname = true;
prometheus_metrics = true;
publish_allocation_metrics = true;
publish_node_metrics = true;
};
server = {
enabled = true;
bootstrap_expect = 1;
encrypt = "I5aj2gi4NYNvaUWuuaEDQVMtiu6G8PogWw3Oo2TplnI=";
};
client = {
enabled = true;
cni_path = "${pkgs.cni-plugins}/bin";
artifact = {
disable_filesystem_isolation = true;
};
};
plugin."docker".config = {
allow_privileged = true;
volumes = {
enabled = true;
};
};
};
};
};
}