From 9a5a78d657e0268f00a8b414651fe15175884040 Mon Sep 17 00:00:00 2001
From: Kazuhiro MUSASHI <simoom634@yahoo.co.jp>
Date: Mon, 14 Mar 2022 22:51:46 +0900
Subject: [PATCH] Deploy `/etc/nomad.d/policies/anonymous.hcl`.

---
 .../files/etc/nomad.d/policies/anonymous.hcl  | 24 +++++++++++++++++++
 cookbooks/nomad/setup.rb                      |  6 +++++
 2 files changed, 30 insertions(+)
 create mode 100644 cookbooks/nomad/files/etc/nomad.d/policies/anonymous.hcl

diff --git a/cookbooks/nomad/files/etc/nomad.d/policies/anonymous.hcl b/cookbooks/nomad/files/etc/nomad.d/policies/anonymous.hcl
new file mode 100644
index 0000000..9fe3564
--- /dev/null
+++ b/cookbooks/nomad/files/etc/nomad.d/policies/anonymous.hcl
@@ -0,0 +1,24 @@
+namespace "*" {
+  policy       = "write"
+  capabilities = ["alloc-node-exec"]
+}
+
+agent {
+  policy = "write"
+}
+
+operator {
+  policy = "write"
+}
+
+quota {
+  policy = "write"
+}
+
+node {
+  policy = "write"
+}
+
+host_volume "*" {
+  policy = "write"
+}
diff --git a/cookbooks/nomad/setup.rb b/cookbooks/nomad/setup.rb
index e32dd26..73c6c3d 100644
--- a/cookbooks/nomad/setup.rb
+++ b/cookbooks/nomad/setup.rb
@@ -24,6 +24,12 @@ if node['nomad']['manager']
   end
 
   directory '/etc/nomad.d/policies' do
+    owner 'nomad'
+    group 'nomad'
+    mode '755'
+  end
+
+  remote_file '/etc/nomad.d/policies/anonymous.hcl' do
     owner 'nomad'
     group 'nomad'
     mode '644'