---

# Version of Nomad to install
nomad_version: 1.3.3
# URL of the archive
nomad_archive_url: https://releases.hashicorp.com/nomad/{{ nomad_version }}/nomad_{{ nomad_version }}_linux_amd64.zip
# Expected sha256 of the archive
nomad_archive_sha256: d908811cebe2a8373e93c4ad3d09af5c706241878ff3f21ee0f182b4ecb571f2

# List of plugins to install
nomad_plugins:
  podman:
    archive_url: https://releases.hashicorp.com/nomad-driver-podman/0.4.0/nomad-driver-podman_0.4.0_linux_amd64.zip
    sha256: f905f9c38db8cec1542b92f69233488d5bf94e30fe9a0fae9ac03b30c1e2cfea
  containerd:
    archive_url: https://github.com/Roblox/nomad-driver-containerd/releases/download/v0.9.3/containerd-driver
    sha256: 7bbeda63a5e05724c8f8c6d05790fbc175acc89e4309c13839afc9716d4b39c2

# Root dir where Nomad will be installed
nomad_root_dir: /opt/nomad

# user under which nomad will run.
# Servers can run under an unprivileged user, while clients should run as root (or with equivalent privileges)
nomad_user: "{{ nomad_conf.client.enabled | ternary('root', 'nomad') }}"

# If ACL are enabled, you need to set a management token for ansible
# to be able to manage Nomad (eg snapshot before upgrades)
# nomad_mgm_token: XXXXXXXXX

# List of nomad servers (not clients !)
nomad_servers: []

# Nomad configuration
nomad_base_conf:
  log_level: INFO

  # You can define the datacenter in which this agent is running. The default value is dc1
  # datacenter: dc1

  # You can set the region here
  # region: eu

  # Node name, which should be uniq in the region. Default is the hostname
  # name: nomad-fr-zone-c

  # ACL
  acl:
    # Enable ACL
    enabled: False

    # For server in non authoritative regions, a token must be used to replicated policies
    # replication_token: ...


  # Client related settings
  # The default is to act as a client if the hostname is not listed in nomad servers
  client:
    # Should client be enabled
    enabled: "{{ (inventory_hostname in nomad_servers | map('regex_replace', ':\\d+$', '')) | ternary(False, True) }}"
    # host_volumes:
    #   - name: mysql
    #     path: /data/mysql
    #     read_only: False
    host_volumes: []

    # An arbitrary string which can be used for job placement
    # node_class: prod

    # Resource reservation for the host to work properly
    reserved:
      # Unit is MHz
      cpu: 200
      # can be expressed as number, in which case it'll be the amount of RAM to reserve in MB
      # or as a percentage, in which case it'll be a percentage of the total RAM
      memory: 15%
      # When memory is expressed as a percentage, you can set a minimum amount (in MB) which will be set
      # if the percentage is less than that
      memory_min: 500
      # Unit is MB
      disk: 500
      # List of reserved ports which won't be allocated on tasks
      reserved_ports: []

    # Custom metadata to add in Nomad's conf
    # meta:
    #   rack: 12-1
    #   cni: macvlan,ipvlan
    meta: {}

    # List of enabled drivers, and their options.
    task_drivers:
      exec:
        enabled: True
      docker:
        enabled: True
        allow_privileged: True
        # You can set a list of caps allowed for containers. The default is the same set of caps than Docker, minus net_raw
        # allow_caps: ["audit_write", "chown", "dac_override", "fowner", "fsetid", "kill", "mknod", "net_bind_service", "setfcap", "setgid", "setpcap", "setuid", "sys_chroot"]
      raw_exec:
        enabled: False
      java:
        enabled: False
      qemu:
        enabled: False
      podman:
        enabled: False # Note on EL8, it cannot be used with docker as there are package conflicts, see https://bugs.centos.org/view.php?id=16892
      containerd-driver:
        enabled: False
        containerd_runtime: io.containerd.runc.v2
        allow_privileged: True

  # Server related settings
  server:
    # Should server be enabled
    # The default is to act as a server if the hostname is listed in nomad_servers
    enabled: "{{ (inventory_hostname in nomad_servers | map('regex_replace', ':\\d+$', '')) | ternary(True, False) }}"

    # Expected number of servers to bootstrap the cluster. The default is to wait for all the servers
    # listed in nomad_servers to be ready, and then to do the bootstrap
    bootstrap_expect: "{{ nomad_servers | length }}"

    # Encryption key to use to encrypt inter-server communications
    # You can generate one with nomad operator keygen command. It must be the same
    # on all the servers of the cluster. If not defined (the default), the trafic will
    # not be encrypted
    # encrypt: NVlG6VKgsTbMim041S5nbWmmaQKS7YchV+9G3XxcZDs=

    # Name of the authoritative region from which policies will be pulled
    # authoritative_region: eu

    # Default scheduler config. Only used during cluster bootstrap
    # If you want to change it after, you have to use the API
    default_scheduler_config:
      # can be binpack or spread. SPread makes more sens when running on premise
      scheduler_algorithm: spread
      memory_oversubscription_enabled: True
      preemption_config:
        batch_scheduler_enabled: True
        system_scheduler_enabled: True
        service_scheduler_enabled: True
        sysbatch_scheduler_enabled: True


  # UI related settings
  ui:
    # Default is to enable the UI on server only
    enabled: "{{ (inventory_hostname in nomad_servers | map('regex_replace', ':\\d+$', '')) | ternary(True, False) }}"
    # Consul and vault optional URL. This is just to add a shortcut in Nomad's UI
    # consul_ui: https://consul.example.org
    # vault_ui: https://vault.example.org

  # Telemetry settings
  telemetry:
    prometheus_metrics: False
    disable_hostname: True
    publish_allocation_metrics: True
    publish_node_metrics: True

  # Consul integration
  # See https://www.nomadproject.io/docs/configuration/consul
  consul:
    # address: http://localhost:8500
    # allow_unauthenticated: True
    # tags: []



# You can override part of the default config without rewriting everything else
# the dict will get merged
nomad_extra_conf: {}
nomad_host_conf: {}
nomad_conf: "{{ nomad_base_conf | combine(nomad_extra_conf, recursive=True) | combine(nomad_host_conf, recursive=True) }}"

# Ports used by Nomad, the protocols, and the list of IP/CIDR for which the ports will be opened in the firewall
# You can also specify which address/port to advertise (not needed most of the time)
nomad_base_services:
  http:
    port: 4646
    proto: [tcp]
    src_ip: []
    # advertise: 10.11.12.13:4347
  rpc:
    port: 4647
    proto: [tcp]
    src_ip: []
    # advertise: y.y.y.y
  serf:
    port: 4648
    proto: [tcp,udp]
    src_ip: []
    # advertise: x.x.x.x
  dynamic:
    port: 20000:32000
    proto: [tcp,udp]
    src_ip: []
nomad_extra_services: {}
nomad_host_services: {}
nomad_services: "{{ nomad_base_services | combine(nomad_extra_services, recursive=True) | combine(nomad_host_services, recursive=True) }}"