---
- name: ensure consul group
  group:
    name: consul
    state: present
    system: True

- name: ensure consul user
  user:
    name: consul
    state: present
    group: consul
    system: True

- name: ensure consul config dir
  file:
    path: /usr/local/etc/consul.d/
    state: directory
    owner: consul
    group: consul
    mode: 0755

- name: ensure consul config dir
  file:
    path: /usr/local/etc/consul.d/certs
    state: directory
    owner: consul
    group: consul
    mode: 0744

- name: ensure consul agent ca cert
  copy:
    src: files/consul-agent-ca.pem
    dest: /usr/local/etc/consul.d/certs/consul-agent-ca.pem
    owner: consul
    group: consul
    mode: 0644

- name: ensure consul server cert
  copy:
    src: files/consul-server.pem
    dest: /usr/local/etc/consul.d/certs/consul-server.pem
    owner: consul
    group: consul
    mode: 0600

- name: ensure consul server key
  template:
    src: templates/consul-server.key.j2
    dest: /usr/local/etc/consul.d/certs/consul-server.key
    owner: consul
    group: consul
    mode: 0600

- name: ensure consul data dir
  file:
    path: /opt/consul
    state: directory
    owner: consul
    group: consul
    mode: 0755

- name: check consul version
  shell:
    cmd: "consul --version | head -1 | cut -d'v' -f2"
  args:
    executable: /bin/bash
  changed_when: False
  failed_when: False
  register: installed_consul_version
  check_mode: False

- name: get consul
  pkgng:
    name: consul-{{ consul_version }}
    state: present

- name: template consul config
  template:
    src: templates/consul.hcl.j2
    dest: /usr/local/etc/consul.d/consul.hcl
    owner: root
    group: staff
    mode: 0755
  notify: restart_consul_fbsd

- name: enable and start consul
  service:
    name: consul
    state: started
    enabled: True