Nomad configuration.

hosts/common/compute-node.nix

@@ -2,6 +2,7 @@
 {
   imports = [
     ./impermanence.nix
+    ./nomad.nix
     ./sshd.nix
     ./user-ppetru.nix
     ./unattended-encryption.nix

hosts/common/nomad.nix

@@ -0,0 +1,42 @@
+# inspiration: https://github.com/astro/skyflake/blob/main/nixos-modules/nomad.nix
+{ pkgs, config, ... }:
+let
+  servers = [ "c1" "c2" "c3" ];
+  server_enabled = builtins.elem config.networking.hostName servers;
+in
+{
+  services.nomad = {
+    enable = true;
+
+    settings = {
+      datacenter = "alo";
+
+      client = {
+        enabled = true;
+        server_join.retry_join = servers;
+      };
+
+      server = {
+        enabled = server_enabled;
+        bootstrap_expect = (builtins.length servers + 2) / 2;
+        server_join.retry_join = servers;
+      };
+    };
+  };
+
+  environment.persistence."/persist".directories = [
+    "/var/lib/docker"
+    "/var/lib/private/nomad"
+  ];
+
+  environment.systemPackages = with pkgs; [
+    nomad
+    wander
+    damon
+  ];
+
+  networking.firewall = {
+    allowedTCPPorts = if server_enabled then [ 4646 4647 4648 ] else [ 4646 ];
+    allowedUDPPorts = if server_enabled then [ 4648 ] else [];
+  };
+}