datacenter = "{{ nomad_datacenter_name }}"
data_dir = "/opt/consul"
encrypt = "{{ consul_generated_encrypt_key }}"
verify_incoming = true
verify_outgoing = true
verify_server_hostname = true
bind_addr = "{{ GetPrivateInterfaces | include \"network\" \"10.10.0.0/24\" | attr \"address\" }}"
client_addr = "0.0.0.0"

ca_file = "/etc/consul.d/consul-agent-ca.pem"
cert_file = "/etc/consul.d/{{ nomad_datacenter_name }}-server-consul-0.pem"
key_file = "/etc/consul.d/{{ nomad_datacenter_name }}-server-consul-0-key.pem"

auto_encrypt {
  allow_tls = true
}

# TODO: add jinja template to add all except destination host address here
retry_join = []

acl {
  enabled = false
  default_policy = "allow"
  enable_token_persistence = true
}

performance {
  raft_multiplier = 1
}

# TODO: change once DNS is running on a host
recursors = [] # adds DNS forwarding for non-`.consul` domains