terraform-certificate-automation/ansible/roles/consul_template-org/templates/consul-template-config.hcl.j2

vault {
  address      = "{{ vault_address }}"
  auth {
    method "approle" {
      config = {
        role_id   = "{{ vault_approle_role_id }}"
        secret_id = "{{ vault_approle_secret_id }}"
      }
    }
  }
  renew_token = true
}

template {
  source      = "/etc/consul-template/certificate.ctmpl"
  destination = "/etc/ssl/certs/{{ short_hostname }}.pem"
  command     = "systemctl reload nginx"
}

template {
  source      = "/etc/consul-template/private_key.ctmpl"
  destination = "/etc/ssl/private/{{ short_hostname }}.key"
  command     = "chmod 600 /etc/ssl/private/{{ short_hostname }}.key"
}

template {
  source      = "/etc/consul-template/chain_pem.ctmpl"
  destination = "/etc/ssl/private/le-chaincert.pem"
  command     = "chmod 600 /etc/ssl/private/le-chaincert.pem"
}