From 43afc23535013fd7e4de47b829420098d7dfcb0f Mon Sep 17 00:00:00 2001
From: Ben Vincent <ben@unkin.net>
Date: Sun, 28 Apr 2024 14:06:49 +1000
Subject: [PATCH] feat: deploy consul services

- add vault.service.consul
---
 hieradata/common.yaml                            |  9 +++++++++
 .../au/region/syd1/infra/storage/vault.yaml      | 16 ++++++++++++++++
 2 files changed, 25 insertions(+)

diff --git a/hieradata/common.yaml b/hieradata/common.yaml
index 8be8ee2..301a017 100644
--- a/hieradata/common.yaml
+++ b/hieradata/common.yaml
@@ -63,6 +63,15 @@ lookup_options:
   profiles::dns::master::keys:
     merge:
       strategy: deep
+  consul::services:
+    merge:
+      strategy: deep
+  consul::watch:
+    merge:
+      strategy: deep
+  consul::check:
+    merge:
+      strategy: deep
 
 facts_path: '/opt/puppetlabs/facter/facts.d'
 
diff --git a/hieradata/country/au/region/syd1/infra/storage/vault.yaml b/hieradata/country/au/region/syd1/infra/storage/vault.yaml
index 2feaac4..28f1a9d 100644
--- a/hieradata/country/au/region/syd1/infra/storage/vault.yaml
+++ b/hieradata/country/au/region/syd1/infra/storage/vault.yaml
@@ -1,2 +1,18 @@
 ---
 profiles::vault::server::primary_datacenter: 'au-syd1'
+consul::services:
+  vault:
+    service_name: 'vault'
+    tags:
+      - 'https'
+      - 'secure'
+    address: "%{facts.networking.ip}"  # Dynamically set from the networking facts
+    port: 443
+    checks:
+      - check_id: 'vault_https_check'
+        name: 'Vault HTTPS Check'
+        http: "https://%{facts.networking.fqdn}:443/v1/sys/health"
+        method: 'GET'
+        tls_skip_verify: true  # Set to false in production for security
+        interval: '10s'
+        timeout: '1s'