3 files changed, 39 insertions, 0 deletions

diff --git a/nomad-agent-ca-key.pem.age b/nomad-agent-ca-key.pem.age
new file mode 100644
index 0000000..ce815d0
--- /dev/null
+++ b/nomad-agent-ca-key.pem.age
diff --git a/nomad-agent-ca.pem.age b/nomad-agent-ca.pem.age
new file mode 100644
index 0000000..149dcec
--- /dev/null
+++ b/nomad-agent-ca.pem.age
diff --git a/nomad.tmpl.hcl b/nomad.tmpl.hcl
new file mode 100644
index 0000000..f3626d3
--- /dev/null
+++ b/nomad.tmpl.hcl
@@ -0,0 +1,39 @@
+data_dir  = "/opt/nomad/data"
+bind_addr = "0.0.0.0"
+
+advertise {
+  http = "127.0.0.1"
+  rpc  = "127.0.0.1"
+  serf = "127.0.0.1"
+}
+
+server {
+  enabled          = true
+  bootstrap_expect = 1
+
+  encrypt = "{{ .secret }}" # why not?
+}
+
+client {
+  enabled = true
+  servers = ["127.0.0.1"]
+
+  host_volume "ca-certificates" {
+    path = "/var/local/ca-certificates"
+  }
+}
+
+acl {
+  enabled = true
+}
+
+tls {
+  http = true
+  rpc  = true
+
+  verify_https_client = false
+
+  ca_file = "/etc/nomad.d/nomad-agent-ca.pem"
+  cert_file = "/etc/nomad.d/global-server-nomad.pem"
+  key_file = "/etc/nomad.d/global-server-nomad-key.pem"
+}