From d95414c6d3ee7237708d168a1da2524b699464bf Mon Sep 17 00:00:00 2001
From: Daniel Berteaud <dbd@ehtrace.com>
Date: Fri, 5 Aug 2022 10:00:16 +0200
Subject: [PATCH] Update to 2022-08-05 10:00

---
 roles/nomad/defaults/main.yml      | 19 ++++++++++++++++++-
 roles/nomad/templates/nomad.hcl.j2 | 14 ++++++++++++++
 2 files changed, 32 insertions(+), 1 deletion(-)

diff --git a/roles/nomad/defaults/main.yml b/roles/nomad/defaults/main.yml
index 1ffcd4b..fd2293e 100644
--- a/roles/nomad/defaults/main.yml
+++ b/roles/nomad/defaults/main.yml
@@ -31,8 +31,20 @@ nomad_base_conf:
   # You can define the datacenter in which this agent is running. The default value is dc1
   # datacenter: dc1
 
+  # You can set the region here
+  # region: eu
+
   # Node name, which should be uniq in the region. Default is the hostname
-  # name: nomade-fr-zone-c
+  # name: nomad-fr-zone-c
+
+  # ACL
+  acl:
+    # Enable ACL
+    enabled: False
+
+    # For server in non authoritative regions, a token must be used to replicated policies
+    # replication_token: ...
+
 
   # Client related settings
   # The default is to act as a client if the hostname is not listed in nomad servers
@@ -92,15 +104,20 @@ nomad_base_conf:
     # Should server be enabled
     # The default is to act as a server if the hostname is listed in nomad_servers
     enabled: "{{ (inventory_hostname in nomad_servers) | ternary(True, False) }}"
+
     # Expected number of servers to bootstrap the cluster. The default is to wait for all the servers
     # listed in nomad_servers to be ready, and then to do the bootstrap
     bootstrap_expect: "{{ nomad_servers | length }}"
+
     # Encryption key to use to encrypt inter-server communications
     # You can generate one with nomad operator keygen command. It must be the same
     # on all the servers of the cluster. If not defined (the default), the trafic will
     # not be encrypted
     # encrypt: NVlG6VKgsTbMim041S5nbWmmaQKS7YchV+9G3XxcZDs=
 
+    # Name of the authoritative region from which policies will be pulled
+    # authoritative_region: eu
+
   # UI related settings
   ui:
     # Default is to enable the UI on server only
diff --git a/roles/nomad/templates/nomad.hcl.j2 b/roles/nomad/templates/nomad.hcl.j2
index 57ca1ed..8b3f94e 100644
--- a/roles/nomad/templates/nomad.hcl.j2
+++ b/roles/nomad/templates/nomad.hcl.j2
@@ -7,6 +7,10 @@ bind_addr = "0.0.0.0"
 datacenter = "{{ nomad_conf.datacenter }}"
 {% endif %}
 
+{% if nomad_conf.region is defined %}
+region = "{{ nomad_conf.region }}"
+{% endif %}
+
 {% if nomad_conf.name is defined %}
 name = {{ nomad_conf.name }}
 {% endif %}
@@ -27,6 +31,13 @@ ports {
 {% endfor %}
 }
 
+acl {
+  enabled = {{ nomad_conf.acl.enabled | ternary('true', 'false') }}
+{% if nomad_conf.acl.replication_token is defined and nomad_conf.region is defined and nomad_conf.server.authoritative_region is defined and nomad_conf.region != nomad_conf.server.authoritative_region %}
+  replication_token = "{{ nomad_conf.acl.replication_token }}"
+{% endif %}
+}
+
 server {
   enabled = {{ nomad_conf.server.enabled | ternary('true', 'false') }}
   bootstrap_expect = {{ nomad_conf.server.bootstrap_expect }}
@@ -40,6 +51,9 @@ server {
 {% endfor %}
     ]
   }
+{% if nomad_conf.server.authoritative_region is defined %}
+  authoritative_region = "{{ nomad_conf.server.authoritative_region }}"
+{% endif %}
 }
 
 {% if nomad_conf.client.enabled %}