vault { address = "{{ nomad_vault_tls.address }}" token = "{{ nomad_vault_tls.token }}" unwrap_token = false } template { source = "{{ nomad_root_dir }}/consul-template/agent.crt.tpl" left_delimiter = "[[" right_delimiter = "]]" destination = "{{ nomad_conf.tls.cert_file }}" perms = 0644 exec { command = "systemctl reload nomad" } } template { source = "{{ nomad_root_dir }}/consul-template/agent.key.tpl" left_delimiter = "[[" right_delimiter = "]]" destination = "{{ nomad_conf.tls.key_file }}" perms = 0640 exec { command = ["sh", "-c", "chgrp {{ nomad_user }} {{ nomad_conf.tls.key_file }} && systemctl reload nomad"] } } template { source = "{{ nomad_root_dir }}/consul-template/ca.crt.tpl" left_delimiter = "[[" right_delimiter = "]]" destination = "{{ nomad_conf.tls.ca_file }}" perms = 0644 exec { command = "systemctl reload nomad" } } {% if nomad_conf.server.enabled %} template { source = "{{ nomad_root_dir }}/consul-template/cli.crt.tpl" left_delimiter = "[[" right_delimiter = "]]" destination = "{{ nomad_root_dir }}/tls/cli.crt" } template { source = "{{ nomad_root_dir }}/consul-template/cli.key.tpl" left_delimiter = "[[" right_delimiter = "]]" destination = "{{ nomad_root_dir }}/tls/cli.key" perms = 0640 } {% endif %} {% if nomad_conf.client.enabled and nomad_conf.consul.ssl %} template { source = "{{ nomad_root_dir }}/consul-template/consul.crt.tpl" left_delimiter = "[[" right_delimiter = "]]" destination = "{{ nomad_conf.consul.cert_file }}" } template { source = "{{ nomad_root_dir }}/consul-template/consul.key.tpl" left_delimiter = "[[" right_delimiter = "]]" destination = "{{ nomad_conf.consul.key_file }}" perms = 0640 } template { source = "{{ nomad_root_dir }}/consul-template/consul_ca.crt.tpl" left_delimiter = "[[" right_delimiter = "]]" destination = "{{ nomad_conf.consul.ca_file }}" perms = 0644 exec { command = "systemctl reload nomad" } } {% endif %}