Add Nomad config and CA

author: Mathias Magnusson <mathias@magnusson.space> 2023-08-21 19:26:31 +0200
committer: Mathias Magnusson <mathias@magnusson.space> 2023-08-21 19:40:38 +0200
commit: 259107885b046f2250c3705c2bdd1ea76284d151 (patch)
tree: daea6f409a216e266ca4eabc885630af3c2ed0c4 /nomad.tmpl.hcl
parent: 581c75acaf8cd65877f65ac98f66c9f3b6ef2a72 (diff)
download: garm-259107885b046f2250c3705c2bdd1ea76284d151.tar.gz
1 files changed, 39 insertions, 0 deletions
diff --git a/nomad.tmpl.hcl b/nomad.tmpl.hcl
new file mode 100644
index 0000000..f3626d3
--- /dev/null
+++ b/nomad.tmpl.hcl
@@ -0,0 +1,39 @@
+data_dir  = "/opt/nomad/data"
+bind_addr = "0.0.0.0"
+
+advertise {
+  http = "127.0.0.1"
+  rpc  = "127.0.0.1"
+  serf = "127.0.0.1"
+}
+
+server {
+  enabled          = true
+  bootstrap_expect = 1
+
+  encrypt = "{{ .secret }}" # why not?
+}
+
+client {
+  enabled = true
+  servers = ["127.0.0.1"]
+
+  host_volume "ca-certificates" {
+    path = "/var/local/ca-certificates"
+  }
+}
+
+acl {
+  enabled = true
+}
+
+tls {
+  http = true
+  rpc  = true
+
+  verify_https_client = false
+
+  ca_file = "/etc/nomad.d/nomad-agent-ca.pem"
+  cert_file = "/etc/nomad.d/global-server-nomad.pem"
+  key_file = "/etc/nomad.d/global-server-nomad-key.pem"
+}
author	Mathias Magnusson <mathias@magnusson.space>	2023-08-21 19:26:31 +0200
committer	Mathias Magnusson <mathias@magnusson.space>	2023-08-21 19:40:38 +0200
commit	259107885b046f2250c3705c2bdd1ea76284d151 (patch)
tree	daea6f409a216e266ca4eabc885630af3c2ed0c4 /nomad.tmpl.hcl
parent	581c75acaf8cd65877f65ac98f66c9f3b6ef2a72 (diff)
download	garm-259107885b046f2250c3705c2bdd1ea76284d151.tar.gz