From 3e00482ba879e3b061d0dcf3f37d3263c48bfa34 Mon Sep 17 00:00:00 2001
From: Phillip Cloud <cloud@standard.ai>
Date: Mon, 18 Jan 2021 09:02:05 -0500
Subject: [PATCH] nixos/nomad: add assertion for the value of dropPrivileges
 and its relation to data_dir

---
 nixos/modules/services/networking/nomad.nix | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/nixos/modules/services/networking/nomad.nix b/nixos/modules/services/networking/nomad.nix
index dafdae0c327..04f15fe1366 100644
--- a/nixos/modules/services/networking/nomad.nix
+++ b/nixos/modules/services/networking/nomad.nix
@@ -135,6 +135,13 @@ in
       };
     };
 
+    assertions = [
+      {
+        assertion = cfg.dropPrivileges -> cfg.settings.data_dir == "/var/lib/nomad";
+        message = "settings.data_dir must be equal to \"/var/lib/nomad\" if dropPrivileges is true";
+      }
+    ];
+
     # Docker support requires the Docker daemon to be running.
     virtualisation.docker.enable = mkIf cfg.enableDocker true;
   };