data_dir = "{{ consul_root_dir }}/data"
bind_addr = "0.0.0.0"
client_addr = "0.0.0.0"

advertise_addr = "{{ consul_conf.advertise_addr }}"

{% if consul_conf.datacenter is defined %}
datacenter = "{{ consul_conf.datacenter }}"
{% endif %}

{% if consul_conf.primary_datacenter is defined %}
primary_datacenter = "{{ consul_conf.primary_datacenter }}"
{% endif %}

{% if consul_conf.node_name is defined %}
node_name = {{ consul_conf.node_name }}
{% endif %}

ports {
{% for service in consul_services.keys() | list %}
{% if service not in ['sidecar', 'expose'] and consul_services[service].port is defined %}
  {{ service }} = {{ consul_services[service].port }}
{% elif service in ['sidecar', 'expose'] %}
  {{ service }}_min_port = {{ consul_services[service].port | split(':') | first }}
  {{ service }}_max_port = {{ consul_services[service].port | split(':') | last }}
{% endif %}
{% endfor %}
}

retry_join = [
{% for server in consul_servers %}
  "{{ server }}",
{% endfor %}
]

{% if consul_conf.server %}
server = true
bootstrap_expect = {{ consul_conf.bootstrap_expect }}
performance {
  raft_multiplier = {{ consul_conf.performance.raft_multiplier }}
}
{% endif %}

{% if consul_conf.encrypt is defined %}
encrypt = "{{ consul_conf.encrypt }}"
{% endif %}

ui_config {
  enabled = {{ consul_conf.ui_config.enabled | ternary('true', 'false') }}
}

recursors = [
{% for dns in consul_conf.recursors %}
  "{{ dns }}",
{% endfor %}
]

{% if consul_conf.domain is defined %}
domain = "{{ consul_conf.domain }}"
{% if consul_conf.alt_domain is defined %}
alt_domain = "{{ consul_conf.alt_domain }}"
{% endif %}
{% endif %}

telemetry {
  prometheus_retention_time = "{{ consul_conf.telemetry.prometheus_retention_time }}"
}

{% if consul_conf.connect.enabled %}
connect {
  enabled = true
}
{% endif %}

acl {
{% for key in ['enabled', 'enable_token_persistence'] %}
{% if consul_conf.acl[key] is defined %}
  {{ key }} = {{ consul_conf.acl[key] | ternary('true', 'false') }}
{% endif %}
{% endfor %}
  default_policy = "{{ consul_conf.acl.default_policy }}"
  tokens {
{% for key in ['initial_management', 'default', 'agent', 'agent_recovery', 'replication'] %}
{% if consul_conf.acl.tokens[key] is defined %}
    {{ key }} = "{{ consul_conf.acl.tokens[key] }}"
{% endif %}
{% endfor %}
  }
}

{% if consul_conf.tls.enabled %}
# TLS settings
tls {
{% for section in ['defaults', 'grpc', 'https', 'internal_rpc'] %}
{% if consul_conf.tls[section] is defined %}
  {{ section }} {
{% for key in ['ca_file', 'ca_path', 'cert_file', 'key_file', 'tls_min_version', 'tls_cipher_suites'] %}
{% if consul_conf.tls[section][key] is defined %}
    {{ key }} = "{{ consul_conf.tls[section][key] }}"
{% endif %}
{% endfor %}
{% for key in ['verify_incoming', 'verify_outgoing', 'verify_server_hostname'] %}
{% if consul_conf.tls[section][key] is defined %}
    {{ key }} = {{ consul_conf.tls[section][key] | ternary('true', 'false') }}
{% endif %}
{% endfor %}
  }
{% endif %}
{% endfor %}
}

# auto_encrypt, to distribute certificates from servers to clients
{% if consul_conf.server %}
auto_encrypt {
  allow_tls = true
}
{% else %}
auto_encrypt {
  tls = true
}
{% endif %}
{% endif %}