nomad

commit 86c223f527f6a04c9be9c962f58ee7be6573a166
parent 843bd8d05df3ccb5d3f678c7a31ae8928d90faa2
Author: Andreas Gruhler <agruhl@gmx.ch>
Date:   Sun,  2 Nov 2025 21:41:25 +0100

feat(snapshot): bao leader & nomad acl

Diffstat:
M
hcl/infra/snapshots/nomad-snapshots.nomad
 | 
11
+++++++++++

1 file changed, 11 insertions(+), 0 deletions(-)
diff --git a/hcl/infra/snapshots/nomad-snapshots.nomad b/hcl/infra/snapshots/nomad-snapshots.nomad
@@ -44,6 +44,8 @@ job "snapshot" {
         # only save variables from default namespace
         NOMAD_NAMESPACE = "default"
         NOMAD_SKIP_VERIFY = 1
+        # Snapshots can only be taken from the leader node
+        VAULT_ADDR = "https://vault.in0rdr.ch"
         VAULT_SKIP_VERIFY = 1
       }
 
@@ -53,6 +55,15 @@ job "snapshot" {
         perms = 755
       }
 
+      template {
+        # export NOMAD_TOKEN for use in snapshot.sh script
+        destination = "${NOMAD_SECRETS_DIR}/NOMAD_TOKEN"
+        env         = true
+        data        = <<EOF
+NOMAD_TOKEN={{with secret "kv/snapshot"}}{{index .Data.data.NOMAD_TOKEN}}{{end}}
+EOF
+      }
+
       config {
         command = "${NOMAD_TASK_DIR}/snapshot.sh"
         # Note: This meta variable (the parametrized service name)