#cloud-config
package_update: true
package_upgrade: true

packages:
  - wget
  - unzip
  - curl

users:
  - name: consul
    system: true
    shell: /bin/false
    home: /opt/consul

write_files:
  - path: /etc/consul.d/consul.json
    content: |
      {
        "datacenter": "dc1",
        "data_dir": "/opt/consul/data",
        "log_level": "INFO",
        "server": true,
        "bind_addr": "0.0.0.0",
        "client_addr": "0.0.0.0",
        "retry_join": ["127.0.0.1"],
        "ui_config": {
          "enabled": true
        },
        "connect": {
          "enabled": true
        },
        "ports": {
          "grpc": 8502
        },
        "bootstrap_expect": 1
      }
    permissions: '0640'
    owner: consul:consul

  - path: /etc/systemd/system/consul.service
    content: |
      [Unit]
      Description=Consul
      Documentation=https://www.consul.io/
      Requires=network-online.target
      After=network-online.target
      ConditionFileNotEmpty=/etc/consul.d/consul.json

      [Service]
      Type=notify
      User=consul
      Group=consul
      ExecStart=/usr/local/bin/consul agent -config-dir=/etc/consul.d/
      ExecReload=/bin/kill -HUP $MAINPID
      KillMode=process
      Restart=on-failure
      LimitNOFILE=65536

      [Install]
      WantedBy=multi-user.target

runcmd:
  # Download and install Consul
  - cd /tmp
  - wget https://releases.hashicorp.com/consul/1.16.0/consul_1.16.0_linux_amd64.zip
  - unzip consul_1.16.0_linux_amd64.zip
  - mv consul /usr/local/bin/
  - chmod +x /usr/local/bin/consul
  # Create directories
  - mkdir -p /opt/consul/data
  - mkdir -p /etc/consul.d
  - chown -R consul:consul /opt/consul /etc/consul.d
  # Enable and start Consul
  - systemctl enable consul
  - systemctl start consul
  # Configure firewall
  - ufw allow 8300:8302/tcp
  - ufw allow 8500/tcp
  - ufw allow 8600/tcp
  - ufw allow 8600/udp