homelab-nomad/services/nomad-fixers.tf

resource "nomad_job" "nomad-fixers" {
  jobspec = file("${path.module}/nomad-fixers.nomad")
}

resource "nomad_acl_policy" "nomad_fixers_workload" {
  name        = "nomad-fixers-workload"
  description = "Give nomad fixers access to the Nomad api for fixing things"
  rules_hcl   = <<EOH
namespace "default" {
  capabilities = [
    "list-jobs",
    "read-job",
    "submit-job",  # This allows deleting a service registeration
    "alloc-lifecycle",
  ]
}
  EOH

  job_acl {
    job_id = "fixers/*"
  }
}
Add read-only implementation of fixers as scheduled batches 2023-10-23 19:59:41 +00:00			`resource "nomad_job" "nomad-fixers" {`
			`jobspec = file("${path.module}/nomad-fixers.nomad")`
			`}`

			`resource "nomad_acl_policy" "nomad_fixers_workload" {`
			`name = "nomad-fixers-workload"`
			`description = "Give nomad fixers access to the Nomad api for fixing things"`
			`rules_hcl = <<EOH`
			`namespace "default" {`
			`capabilities = [`
			`"list-jobs",`
			`"read-job",`
			`"submit-job", # This allows deleting a service registeration`
			`"alloc-lifecycle",`
			`]`
			`}`
			`EOH`

			`job_acl {`
			`job_id = "fixers/*"`
			`}`
			`}`