From 970a9f740ec91c3ba795910a0cf119627f3fdb37 Mon Sep 17 00:00:00 2001
From: Ian Fijolek <ian@iamthefij.com>
Date: Mon, 21 Mar 2022 20:13:13 -0700
Subject: [PATCH] Update bootstrap for acls

---
 nomad/setup-cluster.yml | 18 +++++++++++-------
 1 file changed, 11 insertions(+), 7 deletions(-)

diff --git a/nomad/setup-cluster.yml b/nomad/setup-cluster.yml
index 4e1d909..390eb8a 100644
--- a/nomad/setup-cluster.yml
+++ b/nomad/setup-cluster.yml
@@ -84,7 +84,7 @@
           - "-address=http://127.0.0.1:8200/"
           - "{{ item }}"
       loop: "{{ vault_keys }}"
-      # no_log: true
+      no_log: true
       when: vault_keys is defined
 
 # Not on Ubuntu 20.04
@@ -158,13 +158,13 @@
         nomad_bind_address: 0.0.0.0
 
         # Default interface for binding tasks
-        nomad_network_interface: lo
+        # nomad_network_interface: lo
 
         # Create networks for binding task ports
         nomad_host_networks:
-          - name: public
-            interface: eth0
-            reserved_ports: "22"
+          # - name: public
+          #   interface: eth0
+          #   reserved_ports: "22"
           - name: nomad-bridge
             interface: nomad
             reserved_ports: "22"
@@ -172,8 +172,12 @@
             interface: lo
             reserved_ports: "22"
 
+        # Enable ACLs
+        nomad_acl_enabled: true
+
         # Enable vault integration
-        # nomad_vault_enabled: true
+        nomad_vault_enabled: "{{ vault_token is defined }}"
+        nomad_vault_token: "{{ vault_token | default('') }}"
 
         nomad_config_custom:
           ui:
@@ -183,7 +187,7 @@
             vault:
               ui_url: "http://{{ ansible_hostname }}:8200/ui"
           consul:
-            tag:
+            tags:
               - "traefik.enable=true"
               - "traefik.consulcatalog.connect=true"
               - "traefik.http.routers.nomadclient.entrypoints=websecure"