Switch to unstable package and enable all docker capabilities.

2023-07-09 15:45:46 +01:00
parent b528f7e3aa
commit b8eb6dbe77
1 changed files with 6 additions and 1 deletions
--- a/hosts/common/nomad.nix
+++ b/hosts/common/nomad.nix
@@ -7,6 +7,7 @@ in
 {
  services.nomad = {
    enable = true;
+    package = pkgs.unstable.nomad;
    # true breaks at least CSI volumes
    dropPrivileges = false;

@@ -30,7 +31,11 @@ in
  };

  environment.etc."nomad-alo.json".text = builtins.toJSON {
-    plugin.docker.config.allow_privileged = true;
+    plugin.docker.config = {
+      allow_privileged = true;
+      # for keepalived, though only really needing "NET_ADMIN","NET_BROADCAST","NET_RAW" on top of default
+      allow_caps = ["all"];
+    };
  };

  environment.persistence."/persist".directories = [