datacenter = "{{ main_dc_name }}"
data_dir = "/opt/nomad"

server {
  enabled = true
  bootstrap_expect = 1
}

vault {
  enabled           = true
  ca_file           = "/etc/pki/certs/{{ vault_ca_cert_name }}"
  token             = "{{ lookup('hashi_vault', 'secret=kv/data/nomad:vault-token ca_cert=/etc/pki/certs/MaskedName_Root_CA.crt') }}"
  address           = "https://vault.service.{{ consul_domain }}:8200"
  create_from_role  = "nomad-cluster"
  unwrap_token      = true
}

consul {
  token     = "{{ lookup('hashi_vault', 'secret=kv/data/nomad:consul-acl-server ca_cert=/etc/pki/certs/MaskedName_Root_CA.crt') }}"
}

tls {
  http      = true
  rpc       = true
  ca_file   = "/etc/pki/certs/{{ vault_ca_cert_name }}"
  cert_file = "/etc/nomad.d/certs/nomad.pem"
  key_file  = "/etc/nomad.d/certs/nomad.key"
}