diff --git a/common/nomad.nix b/common/nomad.nix
index 24f3cd3..279493e 100644
--- a/common/nomad.nix
+++ b/common/nomad.nix
@@ -59,7 +59,21 @@ in
     extraSettingsPaths = [ "/etc/nomad-alo.json" ];
   };
 
-  systemd.services.nomad.wants = [ "network-online.target" ];
+  # Fix race condition between NFS automount and Docker bind mounts:
+  # Without this, Docker can bind-mount the empty automount stub directory
+  # before NFS actually mounts, causing permission errors and missing data.
+  # - RequiresMountsFor: tells systemd that Nomad depends on /data/services
+  # - ExecStartPre: triggers the automount before Nomad starts
+  # Note: boot will still succeed if NFS is unavailable (Nomad just won't start)
+  # TODO: NFS mount uses Consul DNS which resolves to an IP at mount time.
+  #       If the NFS server moves to a different IP, the mount becomes stale
+  #       and needs to be remounted. Consider using a VIP or implementing
+  #       a health check that remounts on staleness detection.
+  systemd.services.nomad = {
+    wants = [ "network-online.target" ];
+    unitConfig.RequiresMountsFor = [ "/data/services" ];
+    serviceConfig.ExecStartPre = "${pkgs.coreutils}/bin/ls /data/services";
+  };
 
   environment.etc."nomad-alo.json".text = builtins.toJSON {
     plugin.docker.config = {