diff --git a/nixos/modules/services/networking/nomad.nix b/nixos/modules/services/networking/nomad.nix
index 6c151175e5b..dafdae0c327 100644
--- a/nixos/modules/services/networking/nomad.nix
+++ b/nixos/modules/services/networking/nomad.nix
@@ -49,6 +49,17 @@ in
         '';
       };
 
+      extraSettingsPaths = mkOption {
+        type = types.listOf types.path;
+        default = [];
+        description = ''
+          Additional settings paths used to configure nomad. These can be files or directories.
+        '';
+        example = literalExample ''
+          [ "/etc/nomad-mutable.json" "/run/keys/nomad-with-secrets.json" "/etc/nomad/config.d" ]
+        '';
+      };
+
       settings = mkOption {
         type = format.type;
         default = {};
@@ -101,7 +112,8 @@ in
       serviceConfig = {
         DynamicUser = cfg.dropPrivileges;
         ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
-        ExecStart = "${cfg.package}/bin/nomad agent -config=/etc/nomad.json";
+        ExecStart = "${cfg.package}/bin/nomad agent -config=/etc/nomad.json" +
+          concatMapStrings (path: " -config=${path}") cfg.extraSettingsPaths;
         KillMode = "process";
         KillSignal = "SIGINT";
         LimitNOFILE = 65536;
diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix
index 966c7844657..523d3c051e0 100644
--- a/nixos/tests/all-tests.nix
+++ b/nixos/tests/all-tests.nix
@@ -272,6 +272,7 @@ in
   nginx-variants = handleTest ./nginx-variants.nix {};
   nix-ssh-serve = handleTest ./nix-ssh-serve.nix {};
   nixos-generate-config = handleTest ./nixos-generate-config.nix {};
+  nomad = handleTest ./nomad.nix {};
   novacomd = handleTestOn ["x86_64-linux"] ./novacomd.nix {};
   nsd = handleTest ./nsd.nix {};
   nzbget = handleTest ./nzbget.nix {};
diff --git a/nixos/tests/nomad.nix b/nixos/tests/nomad.nix
new file mode 100644
index 00000000000..bd052152bd6
--- /dev/null
+++ b/nixos/tests/nomad.nix
@@ -0,0 +1,53 @@
+import ./make-test-python.nix (
+  { lib, ... }: {
+    name = "nomad";
+    nodes = {
+      server = { pkgs, lib, ... }: {
+        networking = {
+          interfaces.eth1.ipv4.addresses = lib.mkOverride 0 [{
+            address = "192.168.1.1";
+            prefixLength = 16;
+          }];
+        };
+
+        environment.etc."nomad.custom.json".source =
+          (pkgs.formats.json { }).generate "nomad.custom.json" {
+            region = "universe";
+            datacenter = "earth";
+          };
+
+        services.nomad = {
+          enable = true;
+
+          settings = {
+            server = {
+              enabled = true;
+              bootstrap_expect = 1;
+            };
+          };
+
+          extraSettingsPaths = [ "/etc/nomad.custom.json" ];
+          enableDocker = false;
+        };
+      };
+    };
+
+    testScript = ''
+      server.wait_for_unit("nomad.service")
+
+      # wait for healthy server
+      server.wait_until_succeeds(
+          "[ $(nomad operator raft list-peers | grep true | wc -l) == 1 ]"
+      )
+
+      # wait for server liveness
+      server.succeed("[ $(nomad server members | grep -o alive | wc -l) == 1 ]")
+
+      # check the region
+      server.succeed("nomad server members | grep -o universe")
+
+      # check the datacenter
+      server.succeed("[ $(nomad server members | grep -o earth | wc -l) == 1 ]")
+    '';
+  }
+)