From b8eb6dbe77af93f9029c3ab8ea27a942afea3be9 Mon Sep 17 00:00:00 2001
From: Petru Paler <petru@paler.net>
Date: Sun, 9 Jul 2023 15:45:46 +0100
Subject: [PATCH] Switch to unstable package and enable all docker
 capabilities.

---
 hosts/common/nomad.nix | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/hosts/common/nomad.nix b/hosts/common/nomad.nix
index 1c40e75..2b437ac 100644
--- a/hosts/common/nomad.nix
+++ b/hosts/common/nomad.nix
@@ -7,6 +7,7 @@ in
 {
   services.nomad = {
     enable = true;
+    package = pkgs.unstable.nomad;
     # true breaks at least CSI volumes
     dropPrivileges = false;
 
@@ -30,7 +31,11 @@ in
   };
 
   environment.etc."nomad-alo.json".text = builtins.toJSON {
-    plugin.docker.config.allow_privileged = true;
+    plugin.docker.config = {
+      allow_privileged = true;
+      # for keepalived, though only really needing "NET_ADMIN","NET_BROADCAST","NET_RAW" on top of default
+      allow_caps = ["all"];
+    };
   };
 
   environment.persistence."/persist".directories = [