prod: nixos 23.11 and nomad 1.5

2024-04-20 10:58:36 +02:00 · 2024-04-20 10:58:36 +02:00 · 972fc4ea7c
parent 444306aa54
commit 972fc4ea7c
5 changed files with 5 additions and 7 deletions
--- a/cluster/prod/cluster.nix
+++ b/cluster/prod/cluster.nix
@ -77,8 +77,9 @@
    };
  };
-  # Keep using Nomad 1.4
+  # Pin Nomad version
-  services.nomad.package = pkgs.nomad_1_4;
+  services.nomad.package = pkgs.nomad_1_5;
  nixpkgs.config.allowUnfree = true; # Accept nomad's BSL license
  # Bootstrap IPs for Consul cluster,
  # these are IPs on the Wireguard overlay
--- a/cluster/staging/cluster.nix
+++ b/cluster/staging/cluster.nix
@ -109,7 +109,6 @@
  imports = [
    ## ---- Nix Nomad jobs using nomad-driver-nix2 ----
    ({ pkgs, ... }: {
      services.nomad.dropPrivileges = false;
      services.nomad.extraSettingsPlugins = [
        (import ./nomad-driver-nix2.nix { inherit pkgs; })
      ];
--- a/3
+++ b/3
@ -27,9 +27,6 @@ for file in nomad-ca.crt nomad$YEAR.crt nomad$YEAR.key \
 do
 	if pass $PKI/$file >/dev/null; then
 		write_pass $PKI/$file /var/lib/nomad/pki/$file
 		if [ ! "$CLUSTER" = "staging" ]; then
 			cmd "chown \$(stat -c %u /var/lib/private/nomad/) /var/lib/nomad/pki/$file"
 		fi
 	fi
 done
--- a/nix/deuxfleurs.nix
+++ b/nix/deuxfleurs.nix
@ -330,6 +330,7 @@ in
    };
    services.nomad.enable = true;
    services.nomad.dropPrivileges = false;  # required starting with Nomad 1.5, otherwise Docker is not detected
    systemd.services.nomad.after = [ "wg-quick-wg0.service" ];
    services.nomad.extraPackages = [
      pkgs.glibc
--- a/2
+++ b/2
@ -3,7 +3,7 @@
 if [ "$CLUSTER" = "staging" ]; then
 	cmd nix-channel --add https://nixos.org/channels/nixos-23.11 nixos
 else
-	cmd nix-channel --add https://nixos.org/channels/nixos-23.05 nixos
+	cmd nix-channel --add https://nixos.org/channels/nixos-23.11 nixos
 fi
 cmd nix-channel --update