vault {
  address      = "{{ consul_vault_tls.address }}"
  token        = "{{ consul_vault_tls.token }}"
  unwrap_token = false
}

template {
  source          = "{{ consul_root_dir }}/consul-template/ca.crt.tpl"
  left_delimiter  = "[["
  right_delimiter = "]]"
  destination     = "{{ consul_conf.tls.defaults.ca_file }}"
  perms           = 0644
  exec {
    command = "systemctl reload consul"
  }
}

{% if consul_conf.server %}
template {
  source          = "{{ consul_root_dir }}/consul-template/agent.crt.tpl"
  left_delimiter  = "[["
  right_delimiter = "]]"
  destination     = "{{ consul_conf.tls.defaults.cert_file }}"
  perms           = 0644
  exec {
    command = "systemctl reload consul"
  }
}

template {
  source          = "{{ consul_root_dir }}/consul-template/agent.key.tpl"
  left_delimiter  = "[["
  right_delimiter = "]]"
  destination     = "{{ consul_conf.tls.defaults.key_file }}"
  perms           = 0640
  exec {
    command = ["sh", "-c", "chgrp {{ consul_user }} {{ consul_conf.tls.defaults.key_file }} && systemctl reload consul"]
  }
}

template {
  source          = "{{ consul_root_dir }}/consul-template/cli.crt.tpl"
  left_delimiter  = "[["
  right_delimiter = "]]"
  destination     = "{{ consul_root_dir }}/tls/cli.crt"
}

template {
  source          = "{{ consul_root_dir }}/consul-template/cli.key.tpl"
  left_delimiter  = "[["
  right_delimiter = "]]"
  destination     = "{{ consul_root_dir }}/tls/cli.key"
  perms           = 0640
}
{% endif %}