diff options
-rw-r--r-- | cluster/prod/cluster.nix | 5 | ||||
-rw-r--r-- | cluster/staging/cluster.nix | 1 | ||||
-rwxr-xr-x | deploy_pki | 3 | ||||
-rw-r--r-- | nix/deuxfleurs.nix | 1 | ||||
-rwxr-xr-x | upgrade_nixos | 2 |
5 files changed, 5 insertions, 7 deletions
diff --git a/cluster/prod/cluster.nix b/cluster/prod/cluster.nix index ab3395e..52a9bd7 100644 --- a/cluster/prod/cluster.nix +++ b/cluster/prod/cluster.nix @@ -77,8 +77,9 @@ }; }; - # Keep using Nomad 1.4 - services.nomad.package = pkgs.nomad_1_4; + # Pin Nomad version + services.nomad.package = pkgs.nomad_1_5; + nixpkgs.config.allowUnfree = true; # Accept nomad's BSL license # Bootstrap IPs for Consul cluster, # these are IPs on the Wireguard overlay diff --git a/cluster/staging/cluster.nix b/cluster/staging/cluster.nix index b696ee5..184092f 100644 --- a/cluster/staging/cluster.nix +++ b/cluster/staging/cluster.nix @@ -109,7 +109,6 @@ imports = [ ## ---- Nix Nomad jobs using nomad-driver-nix2 ---- ({ pkgs, ... }: { - services.nomad.dropPrivileges = false; services.nomad.extraSettingsPlugins = [ (import ./nomad-driver-nix2.nix { inherit pkgs; }) ]; @@ -27,9 +27,6 @@ for file in nomad-ca.crt nomad$YEAR.crt nomad$YEAR.key \ do if pass $PKI/$file >/dev/null; then write_pass $PKI/$file /var/lib/nomad/pki/$file - if [ ! "$CLUSTER" = "staging" ]; then - cmd "chown \$(stat -c %u /var/lib/private/nomad/) /var/lib/nomad/pki/$file" - fi fi done diff --git a/nix/deuxfleurs.nix b/nix/deuxfleurs.nix index 6020339..7b9065e 100644 --- a/nix/deuxfleurs.nix +++ b/nix/deuxfleurs.nix @@ -330,6 +330,7 @@ in }; services.nomad.enable = true; + services.nomad.dropPrivileges = false; # required starting with Nomad 1.5, otherwise Docker is not detected systemd.services.nomad.after = [ "wg-quick-wg0.service" ]; services.nomad.extraPackages = [ pkgs.glibc diff --git a/upgrade_nixos b/upgrade_nixos index e3d753e..5f0ec3a 100755 --- a/upgrade_nixos +++ b/upgrade_nixos @@ -3,7 +3,7 @@ if [ "$CLUSTER" = "staging" ]; then cmd nix-channel --add https://nixos.org/channels/nixos-23.11 nixos else - cmd nix-channel --add https://nixos.org/channels/nixos-23.05 nixos + cmd nix-channel --add https://nixos.org/channels/nixos-23.11 nixos fi cmd nix-channel --update |