From 259107885b046f2250c3705c2bdd1ea76284d151 Mon Sep 17 00:00:00 2001
From: Mathias Magnusson <mathias@magnusson.space>
Date: Mon, 21 Aug 2023 19:26:31 +0200
Subject: Add Nomad config and CA

---
 nomad-agent-ca-key.pem.age | Bin 0 -> 545 bytes
 nomad-agent-ca.pem.age     | Bin 0 -> 1437 bytes
 nomad.tmpl.hcl             |  39 +++++++++++++++++++++++++++++++++++++++
 3 files changed, 39 insertions(+)
 create mode 100644 nomad-agent-ca-key.pem.age
 create mode 100644 nomad-agent-ca.pem.age
 create mode 100644 nomad.tmpl.hcl

diff --git a/nomad-agent-ca-key.pem.age b/nomad-agent-ca-key.pem.age
new file mode 100644
index 0000000..ce815d0
Binary files /dev/null and b/nomad-agent-ca-key.pem.age differ
diff --git a/nomad-agent-ca.pem.age b/nomad-agent-ca.pem.age
new file mode 100644
index 0000000..149dcec
Binary files /dev/null and b/nomad-agent-ca.pem.age differ
diff --git a/nomad.tmpl.hcl b/nomad.tmpl.hcl
new file mode 100644
index 0000000..f3626d3
--- /dev/null
+++ b/nomad.tmpl.hcl
@@ -0,0 +1,39 @@
+data_dir  = "/opt/nomad/data"
+bind_addr = "0.0.0.0"
+
+advertise {
+  http = "127.0.0.1"
+  rpc  = "127.0.0.1"
+  serf = "127.0.0.1"
+}
+
+server {
+  enabled          = true
+  bootstrap_expect = 1
+
+  encrypt = "{{ .secret }}" # why not?
+}
+
+client {
+  enabled = true
+  servers = ["127.0.0.1"]
+
+  host_volume "ca-certificates" {
+    path = "/var/local/ca-certificates"
+  }
+}
+
+acl {
+  enabled = true
+}
+
+tls {
+  http = true
+  rpc  = true
+
+  verify_https_client = false
+
+  ca_file = "/etc/nomad.d/nomad-agent-ca.pem"
+  cert_file = "/etc/nomad.d/global-server-nomad.pem"
+  key_file = "/etc/nomad.d/global-server-nomad-key.pem"
+}
-- 
cgit v1.2.3