Update to 2023-07-08 16:00

roles/nomad/templates/nomad.service.j2

@@ -5,10 +5,14 @@ Wants=network-online.target
 After=network-online.target
 After=vault.service
 After=consul.service
+After=nomad-vault-agent.service
 ConditionFileNotEmpty={{ nomad_root_dir }}/etc/nomad.hcl
 
+# Nomad version {{ nomad_current_version }}
 [Service]
 EnvironmentFile=-{{ nomad_root_dir }}/etc/nomad.env
+EnvironmentFile=-/run/nomad/vault.env
+EnvironmentFile=-/run/nomad/consul.env
 {% if nomad_conf.consul.ssl and nomad_conf.client.enabled %}
 Environment=CONSUL_HTTP_SSL=true
 Environment=CONSUL_HTTP_ADDR=localhost:{{ (consul_services is defined) | ternary(consul_services.https.port, '8501') }}
@@ -18,7 +22,7 @@ Environment=CONSUL_CLIENT_KEY={{ nomad_conf.consul.key_file }}
 {% endif %}
 User={{ nomad_user }}
 Group={{ nomad_user }}
-ExecStart={{ nomad_root_dir }}/bin/nomad agent -config={{ nomad_root_dir }}/etc/
+ExecStart=/usr/local/bin/nomad agent -config {{ nomad_root_dir }}/etc
 ExecReload=/bin/kill --signal HUP $MAINPID
 Restart=on-failure
 LimitNOFILE=65536

roles/nomad/templates/pre-backup.j2

@@ -5,8 +5,6 @@ set -eo pipefail
 {% if nomad_conf.tls.http %}
 NOMAD_ADDR=https://localhost:{{ nomad_services.http.port }} \
 NOMAD_CACERT={{ nomad_conf.tls.ca_file }} \
-{% endif %}
-{% if nomad_vault_secrets.pki.enabled %}
 NOMAD_CLIENT_CERT={{ nomad_root_dir }}/tls/cli.crt \
 NOMAD_CLIENT_KEY={{ nomad_root_dir }}/tls/cli.key \
 {% endif %}

roles/nomad/templates/profile.sh.j2

@@ -1,11 +1,9 @@
 {% if nomad_conf.tls.http and nomad_conf.server.enabled %}
 export NOMAD_ADDR=https://localhost:{{ nomad_services.http.port }}
 export NOMAD_CACERT={{ nomad_conf.tls.ca_file }}
-{% if nomad_vault_secrets.pki.enabled %}
 export NOMAD_CLIENT_CERT={{ nomad_root_dir }}/tls/cli.crt
 export NOMAD_CLIENT_KEY={{ nomad_root_dir }}/tls/cli.key
 export NOMAD_TLS_SERVER_NAME=server.{{ nomad_conf.region | default('global') }}.nomad
-{% endif %}
 {% else %}
 # TLS not enabled or not running in server mode
 {% endif %}