From 520e8a34e09e5cc3e75b9aee36566e5d1185711a Mon Sep 17 00:00:00 2001
From: Ben Vincent <ben@unkin.net>
Date: Sat, 24 May 2025 15:35:20 +1000
Subject: [PATCH] feat: add a nomad agent v2 role (#293)

- excludes ceph (will be passed from incus)
- excludes frrouting (will use host-networking)

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/293
---
 hieradata/roles/infra/nomad/agentv2.yaml    | 55 +++++++++++++++++++++
 site/roles/manifests/infra/nomad/agentv2.pp | 12 +++++
 2 files changed, 67 insertions(+)
 create mode 100644 hieradata/roles/infra/nomad/agentv2.yaml
 create mode 100644 site/roles/manifests/infra/nomad/agentv2.pp

diff --git a/hieradata/roles/infra/nomad/agentv2.yaml b/hieradata/roles/infra/nomad/agentv2.yaml
new file mode 100644
index 0000000..629a9be
--- /dev/null
+++ b/hieradata/roles/infra/nomad/agentv2.yaml
@@ -0,0 +1,55 @@
+---
+hiera_include:
+  - docker
+  - docker::networks
+  - profiles::nomad::node
+
+docker::version: latest
+docker::curl_ensure: false
+docker::root_dir: /data/docker
+docker::ip_forward: true
+#docker::ip_masq: false
+#docker::iptables: false
+
+systemd::manage_networkd: true
+systemd::manage_all_network_files: true
+networking::interfaces:
+  eth0:
+    type: physical
+    forwarding: true
+    dhcp: true
+
+profiles::packages::include:
+  nomad: {}
+  cni-plugins: {}
+
+profiles::nomad::node::client: true
+
+# additional altnames
+profiles::pki::vault::alt_names:
+  - client.global.nomad
+  - client.au-syd1.nomad
+  - nomad-client.service.consul
+  - nomad-client.query.consul
+  - "nomad-client.service.%{facts.country}-%{facts.region}.consul"
+
+# configure consul service
+profiles::consul::client::node_rules:
+  - resource: service
+    segment: nomad-client
+    disposition: write
+  - resource: agent_prefix
+    segment: ''
+    disposition: read
+  - resource: node_prefix
+    segment: ''
+    disposition: write
+  - resource: service_prefix
+    segment: ''
+    disposition: write
+  - resource: key_prefix
+    segment: "nomad"
+    disposition: write
+  - resource: session_prefix
+    segment: ""
+    disposition: write
diff --git a/site/roles/manifests/infra/nomad/agentv2.pp b/site/roles/manifests/infra/nomad/agentv2.pp
new file mode 100644
index 0000000..1a5a02e
--- /dev/null
+++ b/site/roles/manifests/infra/nomad/agentv2.pp
@@ -0,0 +1,12 @@
+# a role to deploy a nomad agent, second iteration
+# using host based networking
+class roles::infra::nomad::agentv2 {
+  if $facts['firstrun'] {
+    include profiles::defaults
+    include profiles::firstrun::init
+  }else{
+    include profiles::defaults
+    include profiles::base
+    include profiles::base::datavol
+  }
+}