feat: manage custom docker caps

defaults/main.yml

@@ -23,3 +23,4 @@ nomad_host_networks:
   #    reserved_ports:
 nomad_allow_privileged: False
 nomad_plugins_podman: False
+nomad_docker_allow_caps: []

templates/config.hcl.j2

@@ -41,6 +41,9 @@ plugin "docker"{
       enabled      = true
       selinuxlabel = "z"
     }
+    {%if 'nomad_docker_allow_caps' %}
+    allow_caps = [ "{{nomad_docker_default_caps|join('","')}}","{{nomad_docker_allow_caps|join('","')}}"]
+    {% endif %}
     allow_privileged = {{ nomad_allow_privileged|lower }}
   }
 }

vars/main.yml

@@ -0,0 +1,14 @@
+nomad_docker_default_caps:
+  - audit_write
+  - chown
+  - dac_override
+  - fowner
+  - fsetid
+  - kill
+  - mknod
+  - net_bind_service
+  - setfcap
+  - setgid
+  - setpcap
+  - setuid
+  - sys_chroot