nix: Allow all capabilities in Nomad

This will be necessary for the smartctl exporter since it needs Linux capabilities that are not allowed by default in Nomad. We only have trusted Nomad jobs, and we already allow privileged containers anyway, so there is no security impact.
2025-03-19 23:38:56 +01:00 · 2025-03-19 23:38:56 +01:00 · 5790453ff1
commit 5790453ff1
parent a2a470ac3d
1 changed files with 1 additions and 0 deletions
--- a/nix/deuxfleurs.nix
+++ b/nix/deuxfleurs.nix
@ -397,6 +397,7 @@ in
                {
                  volumes.enabled = true;
                  allow_privileged = true;
+                  allow_caps = ["all"];
                }
              ];
            }