prod: nixos 23.11 and nomad 1.5

This commit is contained in:
Alex 2024-04-20 10:58:36 +02:00
parent 444306aa54
commit 972fc4ea7c
5 changed files with 5 additions and 7 deletions

View file

@ -77,8 +77,9 @@
};
};
# Keep using Nomad 1.4
services.nomad.package = pkgs.nomad_1_4;
# Pin Nomad version
services.nomad.package = pkgs.nomad_1_5;
nixpkgs.config.allowUnfree = true; # Accept nomad's BSL license
# Bootstrap IPs for Consul cluster,
# these are IPs on the Wireguard overlay

View file

@ -109,7 +109,6 @@
imports = [
## ---- Nix Nomad jobs using nomad-driver-nix2 ----
({ pkgs, ... }: {
services.nomad.dropPrivileges = false;
services.nomad.extraSettingsPlugins = [
(import ./nomad-driver-nix2.nix { inherit pkgs; })
];

View file

@ -27,9 +27,6 @@ for file in nomad-ca.crt nomad$YEAR.crt nomad$YEAR.key \
do
if pass $PKI/$file >/dev/null; then
write_pass $PKI/$file /var/lib/nomad/pki/$file
if [ ! "$CLUSTER" = "staging" ]; then
cmd "chown \$(stat -c %u /var/lib/private/nomad/) /var/lib/nomad/pki/$file"
fi
fi
done

View file

@ -330,6 +330,7 @@ in
};
services.nomad.enable = true;
services.nomad.dropPrivileges = false; # required starting with Nomad 1.5, otherwise Docker is not detected
systemd.services.nomad.after = [ "wg-quick-wg0.service" ];
services.nomad.extraPackages = [
pkgs.glibc

View file

@ -3,7 +3,7 @@
if [ "$CLUSTER" = "staging" ]; then
cmd nix-channel --add https://nixos.org/channels/nixos-23.11 nixos
else
cmd nix-channel --add https://nixos.org/channels/nixos-23.05 nixos
cmd nix-channel --add https://nixos.org/channels/nixos-23.11 nixos
fi
cmd nix-channel --update