# data_dir tends to be environment specific.
data_dir = "<%= @data_dir %>"
bind_addr = "0.0.0.0"
datacenter = "<%= scope['facts']['country'] %>-<%= scope['facts']['region'] %>"

<% if @server -%>
# Manage Servers
advertise {
  http = "<%= @facts['networking']['ip'] %>"
  rpc = "<%= @facts['networking']['ip'] %>"
  serf = "<%= @facts['networking']['ip'] %>"
}

server {
  enabled          = true
  bootstrap_expect = <%= @bootstrap_expect %>
}
<% end -%>

<% if @client -%>
# Manage clients/agents
client {
  enabled = true
}
<% end -%>

# Require TLS
tls {
  http = true
  rpc  = true

  ca_file   = "/etc/pki/ca-trust/source/anchors/vaultcaroot.pem"
  cert_file = "/etc/pki/tls/vault/certificate.crt"
  key_file  = "/etc/pki/tls/vault/private.key"

  verify_server_hostname = true
  verify_https_client    = false
}