datacenter = "{{ main_dc_name }}" data_dir = "/opt/nomad" client { enabled = true options { "docker.volumes.enabled" = true } meta { {% for nomad_meta in nomad_meta_values %} "{{ nomad_meta.name }}" = "{{ nomad_meta.value }}" {% endfor %} } } consul { token = "{{ lookup('hashi_vault', 'secret=kv/data/nomad:consul-acl-client ca_cert=/etc/pki/certs/MaskedName_Root_CA.crt') }}" } vault { enabled = true ca_file = "/etc/pki/certs/{{ vault_ca_cert_name }}" token = "{{ lookup('hashi_vault', 'secret=kv/data/nomad:vault-token ca_cert=/etc/pki/certs/MaskedName_Root_CA.crt') }}" address = "https://vault.service.{{ consul_domain }}:8200" create_from_role = "nomad-cluster" unwrap_token = true } tls { http = true rpc = true ca_file = "/etc/pki/certs/{{ vault_ca_cert_name }}" cert_file = "/etc/nomad.d/certs/nomad.pem" key_file = "/etc/nomad.d/certs/nomad.key" } plugin_dir = "/opt/nomad_plugins" plugin "nomad-driver-podman" { enabled = true config { socket_path = "unix:///run/user/{{ getent_passwd.podman[1] }}/podman/podman.sock" } }