homelab-nomad/acls/consul_vault.tf

resource "vault_consul_secret_backend" "config" {
  path        = "consul"
  description = "Manages the Consul backend"

  address = "http://127.0.0.1:8500"
  token   = var.consul_token
}

resource "consul_acl_policy" "server_policy" {
  name  = "consul-servers"
  rules = <<EOH
node_prefix "server-" {
  policy = "write"
}
node_prefix "" {
  policy = "read"
}
service_prefix "" {
  policy = "read"
}

  EOH
}