vault {
  address      = "{{ nomad_vault_secrets.vault_address }}"
  token        = "{{ nomad_vault_secrets.vault_token }}"
  unwrap_token = false
}

# Sleep 10 sec before sending nomad service a reload to prevent it from crashing as
# Nomad doesn't support getting a reload while it's still initializing
{% if nomad_vault_secrets.pki.enabled %}
template {
  source          = "{{ nomad_root_dir }}/consul-template/agent.crt.tpl"
  left_delimiter  = "[["
  right_delimiter = "]]"
  destination     = "{{ nomad_conf.tls.cert_file }}"
  perms           = 0644
  exec {
    command = "sh -c 'sleep 10 && systemctl reload nomad || true'"
  }
}

template {
  source          = "{{ nomad_root_dir }}/consul-template/agent.key.tpl"
  left_delimiter  = "[["
  right_delimiter = "]]"
  destination     = "{{ nomad_conf.tls.key_file }}"
  perms           = 0640
  exec {
    command = ["sh", "-c", "chgrp {{ nomad_user }} {{ nomad_conf.tls.key_file }} && sleep 10 && systemctl reload nomad || true"]
  }
}

template {
  source          = "{{ nomad_root_dir }}/consul-template/ca.crt.tpl"
  left_delimiter  = "[["
  right_delimiter = "]]"
  destination     = "{{ nomad_conf.tls.ca_file }}"
  perms           = 0644
  exec {
    command = "sh -c 'sleep 10 && systemctl reload nomad || true'"
  }
}

{% if nomad_conf.server.enabled %}
template {
  source          = "{{ nomad_root_dir }}/consul-template/cli.crt.tpl"
  left_delimiter  = "[["
  right_delimiter = "]]"
  destination     = "{{ nomad_root_dir }}/tls/cli.crt"
}

template {
  source          = "{{ nomad_root_dir }}/consul-template/cli.key.tpl"
  left_delimiter  = "[["
  right_delimiter = "]]"
  destination     = "{{ nomad_root_dir }}/tls/cli.key"
  perms           = 0640
}
{% endif %}
{% endif %}


{% if nomad_vault_secrets.consul_pki.enabled and nomad_conf.client.enabled and nomad_conf.consul.ssl %}
template {
  source          = "{{ nomad_root_dir }}/consul-template/consul.crt.tpl"
  left_delimiter  = "[["
  right_delimiter = "]]"
  destination     = "{{ nomad_conf.consul.cert_file }}"
  exec {
    command = "sh -c 'sleep 10 && systemctl reload nomad || true'"
  }
}

template {
  source          = "{{ nomad_root_dir }}/consul-template/consul.key.tpl"
  left_delimiter  = "[["
  right_delimiter = "]]"
  destination     = "{{ nomad_conf.consul.key_file }}"
  perms           = 0640
  exec {
    command = "sh -c 'sleep 10 && systemctl reload nomad || true'"
  }
}

template {
  source          = "{{ nomad_root_dir }}/consul-template/consul_ca.crt.tpl"
  left_delimiter  = "[["
  right_delimiter = "]]"
  destination     = "{{ nomad_conf.consul.ca_file }}"
  perms           = 0644
  exec {
    command = "sh -c 'sleep 10 && systemctl reload nomad || true'"
  }
}
{% endif %}