change default nomad user to nomad instead of root

[H2so4]

nomad_user user is set to root and nomad_group is set to bin by default. Therefore, the code below will change the primary group for the root user to bin.

- name: Add Nomad user
  user:
    name: "{{ nomad_user }}"
    comment: "Nomad user"
    group: "{{ nomad_group }}"
    system: yes
  when:
    - nomad_manage_user | bool

This caused an issue with snap in my lab server because when I installed microk8s the commands failed with the following error

/snap/bin/microk8s
permanently dropping privs did not work: File exists

Took a while to figure out that the error above was caused because the GID for the root user was not 0. After setting the group for the root user back to root (gid 0) the issue was resolved.

The following shows how snap throws the error above when uid and gid are not 0. https://github.com/snapcore/snapd/blob/master/cmd/snap-confine/snap-confine.c#L503-L506

Proposal: Set nomad_user to nomad instead of root by default.

[lanefu]

Hi thanks for your feedback. I don't want to change the default and break existing deployments of this role.

Fortunately its a default so just override with host var, group var, environment, or playbook var.

[ppacher]

Hi,

I understand that you don't want to change the default for that. Though, I'd suggest to add a note in the README that warns about that fact. It might cause a lot of strange errors if the primary group of root isn't root anymore. Any files created by the root user will be owned by the bin group which might pose security risks depending on the umask. People will not immediately notice the primary group of root has been changed!

I can open a new issue for that discussion if you want.