data_dir = "{{ nomad_root_dir }}/data"
plugin_dir = "{{ nomad_root_dir }}/plugins"
bind_addr = "0.0.0.0"

{% if nomad_conf.datacenter is defined %}
datacenter = "{{ nomad_conf.datacenter }}"
{% endif %}

{% if nomad_conf.region is defined %}
region = "{{ nomad_conf.region }}"
{% endif %}

{% if nomad_conf.name is defined %}
name = {{ nomad_conf.name }}
{% endif %}

disable_update_check = true

advertise {
{% for service in ['http', 'rpc', 'serf' ] %}
{% if nomad_services[service].advertise is defined %}
  {{ service }} = {{ nomad_services[service].advertise }}
{% endif %}
{% endfor %}
}

ports {
{% for service in ['http', 'rpc', 'serf' ] %}
  {{ service }} = {{ nomad_services[service].port }}
{% endfor %}
}

acl {
  enabled = {{ nomad_conf.acl.enabled | ternary('true', 'false') }}
{% if nomad_conf.acl.replication_token is defined and nomad_conf.region is defined and nomad_conf.server.authoritative_region is defined and nomad_conf.region != nomad_conf.server.authoritative_region %}
  replication_token = "{{ nomad_conf.acl.replication_token }}"
{% endif %}
}

server {
  enabled = {{ nomad_conf.server.enabled | ternary('true', 'false') }}
  bootstrap_expect = {{ nomad_conf.server.bootstrap_expect }}
{% if nomad_conf.server.encrypt is defined %}
  encrypt = "{{ nomad_conf.server.encrypt }}"
{% endif %}
  server_join {
    retry_join = [
{% for server in nomad_servers %}
      "{{ server }}",
{% endfor %}
    ]
  }
{% if nomad_conf.server.authoritative_region is defined %}
  authoritative_region = "{{ nomad_conf.server.authoritative_region }}"
{% endif %}

  default_scheduler_config {
    scheduler_algorithm = "{{ nomad_conf.server.default_scheduler_config.scheduler_algorithm }}"
    memory_oversubscription_enabled = {{ nomad_conf.server.default_scheduler_config.memory_oversubscription_enabled | ternary('true', 'false') }}
    preemption_config {
{% for type in ['batch', 'system', 'sysbatch', 'service'] %}
      {{ type }}_scheduler_enabled = {{ nomad_conf.server.default_scheduler_config.preemption_config[type ~ '_scheduler_enabled'] | ternary('true', 'false') }}
{% endfor %}
    }
  }
}

{% if nomad_conf.client.enabled %}
client {
  enabled = true
  servers = [
{% for server in nomad_servers %}
    "{{ server }}",
{% endfor %}
  ]
{% for volume in nomad_conf.client.host_volumes %}
  host_volume "{{ volume.name }}" {
    path = "{{ volume.path }}"
{% if volume.read_only is defined %}
    read_only = "{{ volume.read_only | ternary('true', 'false') }}"
{% endif %}
  }
{% endfor %}

  reserved {
    cpu = {{ nomad_conf.client.reserved.cpu }}
    memory = {{ (nomad_conf.client.reserved.memory is search('%$')) | ternary([((nomad_conf.client.reserved.memory | regex_replace('%$', '') | int) * ansible_memtotal_mb * 0.01), nomad_conf.client.reserved.memory_min] | max | int, nomad_conf.client.reserved.memory) }}
    disk = {{ nomad_conf.client.reserved.disk }}
    reserved_ports = "{{ nomad_conf.client.reserved.reserved_ports | join(',') }}"
  }

  meta {
{% for meta in nomad_conf.client.meta.keys() | list %}
    {{ meta }} = "{{ nomad_conf.client.meta[meta] }}"
{% endfor %}
  }

{% if nomad_conf.client.node_class is defined %}
  node_class = "{{ nomad_conf.client.node_class }}"
{% endif %}

  options {
    "driver.allowlist" = "{{ nomad_enabled_task_drivers | join(',') }}"
  }
}

{% if nomad_conf.client.enabled %}
{% if 'docker' in nomad_enabled_task_drivers %}
plugin "docker" {
  config {
    allow_privileged = {{ nomad_conf.client.task_drivers.docker.allow_privileged | ternary('true', 'false') }}
{% if nomad_conf.client.task_drivers.docker.allow_caps is defined %}
    allow_caps = [
{% for cap in nomad_conf.client.task_drivers.docker.allow_caps %}
      "{{ cap }}",
{% endfor %}
    ]
{% endif %}
  }
}
{% endif %}

{% if 'raw_exec' in nomad_enabled_task_drivers %}
plugin "raw_exec" {
  config {
    enabled = true
  }
}
{% endif %}

{% if 'containerd-driver' in nomad_enabled_task_drivers %}
plugin "containerd-driver" {
  config {
    enabled = true
    containerd_runtime = "{{ nomad_conf.client.task_drivers['containerd-driver'].containerd_runtime }}"
    allow_privileged = {{ nomad_conf.client.task_drivers['containerd-driver'].allow_privileged | ternary('true', 'false') }}
  }
}
{% endif %}

{% endif %}
{% else %}
client {
  enabled = false
}
{% endif %}
ui {
  enabled = {{ nomad_conf.ui.enabled | ternary('true', 'false') }}
{% if nomad_conf.ui.consul_ui is defined %}
  consul {
    ui_url = "{{ nomad_conf.ui.consul_ui }}"
  }
{% endif %}
{% if nomad_conf.ui.vault_ui is defined %}
  vault {
    ui_url = "{{ nomad_conf.ui.vault_ui }}"
  }
{% endif %}
}

telemetry {
  prometheus_metrics = {{ nomad_conf.telemetry.prometheus_metrics | ternary('true', 'false') }}
  disable_hostname = {{ nomad_conf.telemetry.disable_hostname | ternary('true', 'false') }}
  publish_allocation_metrics = {{ nomad_conf.telemetry.publish_allocation_metrics | ternary('true', 'false') }}
  publish_node_metrics = {{ nomad_conf.telemetry.publish_node_metrics | ternary('true', 'false') }}
}

consul {
{% if nomad_conf.consul.address is defined %}
  address = "{{ nomad_conf.consul.address }}"
{% endif %}
{% if nomad_conf.consul.allow_unauthenticated is defined %}
  allow_unauthenticated = {{ nomad_conf.consul.allow_unauthenticated | ternary('true', 'false') }}
{% endif %}
{% if nomad_conf.consul.tags is defined and nomad_conf.consul.tags is iterable %}
  tags = [
{% for tag in nomad_conf.consul.tags %}
    "{{ tag }}"
  ]
{% endfor %}
{% endif %}
}