resource "nomad_job" "lego" {
  jobspec = file("${path.module}/lego.nomad")
}

resource "nomad_acl_policy" "secrets_certs_write" {
  name        = "secrets-certs-write"
  description = "Write certs to secrets store"
  rules_hcl   = <<EOH
namespace "default" {
  variables {
    path "secrets/certs/*" {
      capabilities = ["write", "read"]
    }
    path "secrets/certs" {
      capabilities = ["write", "read"]
    }
  }
}
EOH
  job_acl {
    job_id = "lego/*"
  }
}