nixos/nomad: init

Co-authored-by: Niklas Hambüchen <mail@nh2.me>
author: Bernardo Meurer <bernardo@meurer.org> 2020-12-02 17:05:48 -0800
committer: Bernardo Meurer <bernardo@meurer.org> 2021-01-17 15:11:16 -0800
commit: 1f8d0d771c27e5c3497d2c753c12b8384476255d (patch)
tree: 583d9c509f3e4915d766db427e6ab62d26635528 /nixos/modules
parent: 3f5d6b2e85bcbaaa279a7608ad2e01d2624e4fb2 (diff)
2 files changed, 127 insertions, 0 deletions
diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix
index a71c804428da..1ccfba684536 100644
--- a/nixos/modules/module-list.nix
+++ b/nixos/modules/module-list.nix
@@ -633,6 +633,7 @@
   ./services/networking/dnsdist.nix
   ./services/networking/dnsmasq.nix
   ./services/networking/ncdns.nix
+  ./services/networking/nomad.nix
   ./services/networking/ejabberd.nix
   ./services/networking/epmd.nix
   ./services/networking/ergo.nix
diff --git a/nixos/modules/services/networking/nomad.nix b/nixos/modules/services/networking/nomad.nix
new file mode 100644
index 000000000000..4bf9313758f2
--- /dev/null
+++ b/nixos/modules/services/networking/nomad.nix
@@ -0,0 +1,126 @@
+{ config, lib, pkgs, ... }:
+with lib;
+let
+  cfg = config.services.nomad;
+  format = pkgs.formats.json { };
+in
+{
+  ##### interface
+  options = {
+    services.nomad = {
+      enable = mkEnableOption "Nomad, a distributed, highly available, datacenter-aware scheduler";
+
+      package = mkOption {
+        type = types.package;
+        default = pkgs.nomad;
+        defaultText = "pkgs.nomad";
+        description = ''
+          The package used for the Nomad agent and CLI.
+        '';
+      };
+
+      extraPackages = mkOption {
+        type = types.listOf types.package;
+        default = [ ];
+        description = ''
+          Extra packages to add to <envar>PATH</envar> for the Nomad agent process.
+        '';
+        example = literalExample ''
+          with pkgs; [ cni-plugins ]
+        '';
+      };
+
+      dropPrivileges = mkOption {
+        type = types.bool;
+        default = true;
+        description = ''
+          Whether the nomad agent should be run as a non-root nomad user.
+        '';
+      };
+
+      enableDocker = mkOption {
+        type = types.bool;
+        default = false;
+        description = ''
+          Enable Docker support. Needed for Nomad's docker driver.
+
+          Note that the docker group membership is effectively equivalent
+          to being root, see https://github.com/moby/moby/issues/9976.
+        '';
+      };
+
+      settings = mkOption {
+        type = format.type;
+        default = {
+          # Agrees with `StateDirectory = "nomad"` set below.
+          data_dir = "/var/lib/nomad";
+        };
+        description = ''
+          Configuration for Nomad. See the <link xlink:href="https://www.nomadproject.io/docs/configuration">documentation</link>
+          for supported values.
+        '';
+        example = literalExample ''
+          {
+            # A minimal config example:
+            server = {
+              enabled = true;
+              bootstrap_expect = 1; # for demo; no fault tolerance
+            };
+            client = {
+              enabled = true;
+            };
+          }
+        '';
+      };
+    };
+  };
+
+  ##### implementation
+  config = mkIf cfg.enable {
+    environment = {
+      etc."nomad.json".source = format.generate "nomad.json" cfg.settings;
+      systemPackages = [ cfg.package ];
+    };
+
+    systemd.services.nomad = {
+      description = "Nomad";
+      wantedBy = [ "multi-user.target" ];
+      wants = [ "network-online.target" ];
+      after = [ "network-online.target" ];
+      restartTriggers = [ config.environment.etc."nomad.json".source ];
+
+      path = cfg.extraPackages ++ (with pkgs; [
+        # Client mode requires at least the following:
+        coreutils
+        iproute
+        iptables
+      ]);
+
+      serviceConfig = {
+        DynamicUser = cfg.dropPrivileges;
+        ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
+        ExecStart = "${cfg.package}/bin/nomad agent -config=/etc/nomad.json";
+        KillMode = "process";
+        KillSignal = "SIGINT";
+        LimitNOFILE = 65536;
+        LimitNPROC = "infinity";
+        OOMScoreAdjust = -1000;
+        Restart = "on-failure";
+        RestartSec = 2;
+        # Agrees with the default `data_dir = "/var/lib/nomad"` in `settings` above.
+        StateDirectory = "nomad";
+        TasksMax = "infinity";
+        User = optionalString cfg.dropPrivileges "nomad";
+      } // (optionalAttrs cfg.enableDocker {
+        SupplementaryGroups = "docker"; # space-separated string
+      });
+      unitConfig = {
+        StartLimitIntervalSec = 10;
+        StartLimitBurst = 3;
+      };
+    };
+
+    # Docker support requires the Docker daemon to be running.
+    virtualisation.docker.enable = mkIf cfg.enableDocker true;
+  };
+}
author	Bernardo Meurer <bernardo@meurer.org>	2020-12-02 17:05:48 -0800
committer	Bernardo Meurer <bernardo@meurer.org>	2021-01-17 15:11:16 -0800
commit	1f8d0d771c27e5c3497d2c753c12b8384476255d (patch)
tree	583d9c509f3e4915d766db427e6ab62d26635528 /nixos/modules
parent	3f5d6b2e85bcbaaa279a7608ad2e01d2624e4fb2 (diff)