---
##########
# Consul #
##########

hashistack_default_consul_config_dir: "{{ hashistack_remote_config_dir }}/consul.d"
consul_config_dir: "{{ hashistack_consul_config_dir | default(hashistack_default_consul_config_dir) }}"

hashistack_default_consul_data_dir: "/opt/consul"
consul_data_dir: "{{ hashistack_consul_data_dir | default(hashistack_default_consul_data_dir)}}"

hashistack_default_consul_certs_dir: "{{ consul_config_dir }}/tls"
consul_certs_dir: "{{ hashistack_consul_certs_dir | default(hashistack_default_consul_certs_dir) }}"

hashistack_default_consul_logs_dir: "{{ hashistack_remote_log_dir }}/consul"
consul_logs_dir: "{{ hashistack_consul_logs_dir | default(hashistack_default_consul_logs_dir) }}"

hashistack_default_consul_envoy_install: false
consul_envoy_install: "{{ hashistack_consul_envoy_install | default(hashistack_default_consul_envoy_install) }}"

hashistack_default_consul_envoy_version: latest
consul_envoy_version: "{{ hashistack_consul_envoy_version | default(hashistack_default_consul_envoy_version) }}"

consul_extra_files: true

hashistack_default_consul_extra_files_list: []
consul_extra_files_list: "{{ hashistack_consul_extra_files_list | default(hashistack_default_consul_extra_files_list) }}"

hashistack_default_consul_env_variables: {}
consul_env_variables: "{{ hashistack_consul_env_variables | default(hashistack_default_consul_env_variables) }}"

#######################
# extra configuration #
#######################

# You should prioritize adding configuration
# to the configuration entries below, this
# option should be used to add pieces of configuration not
# available through standard variables.

hashistack_default_consul_extra_configuration: {}
consul_extra_configuration: >-
  {{
    hashistack_default_consul_extra_configuration |
    combine((hashistack_consul_extra_configuration | default({})), recursive=true)
  }}

###########
# general #
###########

hashistack_default_consul_domain: consul
consul_domain: "{{ hashistack_consul_domain | default(hashistack_default_consul_domain) }}"

hashistack_default_consul_datacenter: dc1
consul_datacenter: "{{ hashistack_consul_datacenter | default(hashistack_default_consul_datacenter) }}"

hashistack_default_consul_primary_datacenter: "{{ consul_datacenter }}"
consul_primary_datacenter: "{{ hashistack_consul_primary_datacenter | default(hashistack_default_consul_primary_datacenter) }}"

hashistack_default_consul_gossip_encryption_key: "{{ _credentials.consul.gossip_encryption_key }}"
consul_gossip_encryption_key: "{{ hashistack_consul_gossip_encryption_key | default(hashistack_default_consul_gossip_encryption_key) }}"

hashistack_default_consul_enable_script_checks: false
consul_enable_script_checks: "{{ hashistack_consul_enable_script_checks | default(hashistack_default_consul_enable_script_checks) }}"

#######################
# leave configuration #
#######################

hashistack_default_consul_leave_on_terminate: true
consul_leave_on_terminate: "{{ hashistack_consul_leave_on_terminate | default(hashistack_default_consul_leave_on_terminate) }}"

hashistack_default_consul_rejoin_after_leave: true
consul_rejoin_after_leave: "{{ hashistack_consul_rejoin_after_leave | default(hashistack_default_consul_rejoin_after_leave) }}"

######################
# join configuration #
######################

hashistack_default_consul_join_configuration:
  retry_join: |
    {{
      groups['consul_servers'] |
      map('extract', hostvars, ['consul_address_configuration', 'bind_addr']) |
      list |
      to_json |
      from_json
    }}
  retry_interval: 30s
  retry_max: 0
consul_join_configuration: >-
  {{
    hashistack_default_consul_join_configuration |
    combine((hashistack_consul_join_configuration | default({})), recursive=true)
  }}

########################
# server configuration #
########################

hashistack_default_consul_enable_server: "{{ 'consul_servers' in group_names }}"
consul_enable_server: "{{ hashistack_consul_enable_server | default(hashistack_default_consul_enable_server) }}"

hashistack_default_consul_bootstrap_expect: "{{ (groups['consul_servers'] | length) }}"
consul_bootstrap_expect: "{{ hashistack_consul_bootstrap_expect | default(hashistack_default_consul_bootstrap_expect) }}"

####################
# ui configuration #
####################

hashistack_default_consul_ui_configuration:
  enabled: "{{ consul_enable_server }}"
consul_ui_configuration: >-
  {{
    hashistack_default_consul_ui_configuration |
    combine((hashistack_consul_ui_configuration | default({})), recursive=true)
  }}

#########################
# address configuration #
#########################

hashistack_default_consul_bind_addr: "0.0.0.0"
consul_bind_addr: "{{ hashistack_consul_bind_addr | default(hashistack_default_consul_bind_addr) }}"

hashistack_default_consul_advertise_addr: "{{ api_interface_address }}"
consul_advertise_addr: "{{ hashistack_consul_advertise_addr | default(hashistack_default_consul_advertise_addr) }}"

hashistack_default_consul_address_configuration:
  client_addr: "{{ consul_bind_addr }}"
  bind_addr: "{{ consul_advertise_addr }}"
  advertise_addr: "{{ consul_advertise_addr }}"
consul_address_configuration: >-
  {{
    hashistack_default_consul_address_configuration |
    combine((hashistack_consul_address_configuration | default({})), recursive=true)
  }}

#####################
# ACL configuration #
#####################

hashistack_default_consul_acl_configuration:
  enabled: true
  default_policy: "deny"
  enable_token_persistence: true
  tokens:
    agent: "{{ _credentials.consul.tokens.agent.secret_id }}"
consul_acl_configuration: >-
  {{
    hashistack_default_consul_acl_configuration |
    combine((hashistack_consul_acl_configuration | default({})), recursive=true)
  }}

consul_default_agent_policy: |
  node_prefix "" {
    policy = "write"
  }
  service_prefix "" {
    policy = "read"
  }

##############################
# service mesh configuration #
##############################

hashistack_default_consul_mesh_configuration:
  enabled: true
consul_mesh_configuration: >-
  {{
    hashistack_default_consul_mesh_configuration |
    combine((hashistack_consul_mesh_configuration | default({})), recursive=true)
  }}

#####################
# DNS configuration #
#####################

hashistack_default_consul_dns_configuration:
  allow_stale: true
  enable_truncate: true
  only_passing: true
consul_dns_configuration: >-
  {{
    hashistack_default_consul_dns_configuration |
    combine((hashistack_consul_dns_configuration | default({})), recursive=true)
  }}

################
# internal tls #
################

hashistack_default_consul_enable_tls: "{{ enable_tls_internal }}"
consul_enable_tls: "{{ hashistack_consul_enable_tls | default(hashistack_default_consul_enable_tls) }}"

hashistack_default_consul_tls_configuration:
  defaults:
    ca_file: "/etc/ssl/certs/ca-certificates.crt"
    cert_file: "{{ consul_certs_dir }}/fullchain.crt"
    key_file: "{{ consul_certs_dir }}/cert.key"
    verify_incoming: false
    verify_outgoing: true
  internal_rpc:
    verify_server_hostname: true
consul_tls_configuration: >-
  {{
    hashistack_default_consul_tls_configuration |
    combine((hashistack_consul_tls_configuration | default({})), recursive=true)
  }}

consul_certificates_extra_files_dir: >
  {{
    [] if internal_tls_externally_managed_certs | bool else
    [{
      'src': "{{ hashistack_sub_configuration_directories['certificates'] }}/consul/{{ inventory_hostname }}",
      'dest': "{{ consul_certs_dir }}"
    }]
  }}

###########################
# telemetry configuration #
###########################

hashistack_default_consul_enable_prometheus_metrics: false
consul_enable_prometheus_metrics: "{{ hashistack_consul_enable_prometheus_metrics | default(hashistack_default_consul_enable_prometheus_metrics) }}"

hashistack_default_consul_prometheus_retention_time: 60s
consul_prometheus_retention_time: "{{ hashistack_consul_prometheus_retention_time | default(hashistack_default_consul_prometheus_retention_time) }}"

hashistack_default_consul_telemetry_configuration: {}
consul_telemetry_configuration: "{{ hashistack_consul_telemetry_configuration | default(hashistack_default_consul_telemetry_configuration) }}"

###########
# logging #
###########

hashistack_default_consul_log_level: info
consul_log_level: "{{ hashistack_consul_log_level | default(hashistack_default_consul_log_level) }}"

hashistack_default_consul_enable_log_to_file: "{{ enable_log_to_file | bool }}"
consul_enable_log_to_file: "{{ hashistack_consul_enable_log_to_file | default(hashistack_default_consul_enable_log_to_file) }}"

hashistack_default_consul_log_to_file_configuration:
  log_file: "{{ consul_logs_dir }}/consul.log"
  log_rotate_duration: 24h
  log_rotate_max_files: 30
consul_log_to_file_configuration: >-
  {{
    hashistack_default_consul_log_to_file_configuration |
    combine((hashistack_consul_log_to_file_configuration | default({})), recursive=true)
  }}