# {{ ansible_managed }}

# Logging
enable_syslog = true
log_level = "INFO"
disable_update_check = true

# Basics
data_dir = "{{ consul_data_dir }}"
datacenter = "{{ datacenter_id }}"
server = {{ 'false' if consul_server else 'true' }}
ui = true

# Network
{% if consul_bootstrap_expect > 0 %}
encrypt = "{{ consul_encrypt_key }}"
{% endif %}
client_addr = "{{ consul_client_addr }}"
bind_addr = "{{ network_private_ip }}"
advertise_addr = "{{ network_private_ip }}"
retry_join = [
{% for peer in consul_servers if peer != ansible_hostname and hostvars[peer].datacenter_id == datacenter_id %}
    "{{ hostvars[peer].network_private_ip }}"{{ ',' if not loop.last else '' }}
{% endfor %}
]
{% if consul_server %}
{%   if consul_bootstrap_expect > 0 %}
bootstrap_expect = {{ consul_bootstrap_expect }}
{%   endif %}
rejoin_after_leave = true
retry_join_wan = [
{%   for peer in consul_servers if hostvars[peer].datacenter_id != datacenter_id %}
   "{{ hostvars[peer].network_private_ip }}"{{ ',' if not loop.last else '' }}
{%   endfor %}
]
{% endif %}

# TLS
#ports {
#  https = 8501
#}
#key_file = "/etc/letsencrypt/live/{{ ansible_hostname }}.maruntiel.net/privkey1.pem"
#cert_file = "/etc/letsencrypt/live/{{ ansible_hostname }}.maruntiel.net/fullchain1.pem"
#ca_file = "/etc/letsencrypt/live/{{ ansible_hostname }}.maruntiel.net/chain1.pem"
#verify_incoming = true
#verify_outgoing = true
#tls_min_version = "tls12"

# Features
enable_script_checks = true
disable_remote_exec = true

# ACLs
#{% if consul_acl_datacenter is defined and consul_acl_datacenter %}
#acl_datacenter = "{{ consul_acl_datacenter }}"
#acl_default_policy = "deny"
#acl_down_policy = "extend-cache"
#acl_agent_token = "{{ consul_acl_agent_token }}"
#acl_token = "{{ consul_acl_token }}"
#{%   if datacenter_id != consul_acl_datacenter %}
#acl_replication_token = "{{ consul_acl_replication_token | default(consul_acl_master_token) }}"
#{%   endif %}
#{% endif %}

# DNS
dns_config {
  node_ttl = "60s"
  service_ttl {
    "*" = "15s"
  }
}

# Metadata
node_meta {
  architecture = "{{ ansible_userspace_architecture }}"
  product_name = "{{ ansible_system_vendor|replace(' Inc.', '') }} {{ ansible_product_name }}"
  virtualization_role = "{{ ansible_virtualization_role }}"
}

# Consul Stats
telemetry {
  disable_hostname = true
}