#+title: Consul
* ACLs
** Policies
*** Node Policy
Policy for agent tokens
#+begin_src hcl
agent_prefix "" {
  policy = "write"
}
node_prefix "" {
  policy = "write"
}
service_prefix "" {
  policy = "read"
}
session_prefix "" {
  policy = "read"
}
#+end_src
*** Nomad client
Policy for nomad clients (to be added in the consul.token field in the nomad config)
#+begin_src hcl
agent_prefix "" {
  policy = "read"
}

node_prefix "" {
  policy = "read"
}

service_prefix "" {
  policy = "write"
}
#+end_src
*** Nomad server
Policy for nomad servers (to be added in the consul.token field in the nomad config)
#+begin_src hcl
agent_prefix "" {
  policy = "read"
}

node_prefix "" {
  policy = "read"
}

service_prefix "" {
  policy = "write"
}

acl = "write"
#+end_src
** Node Agent Token
Create a token at http://hvannadal:8500/ui/samfelag/acls/tokens with the node policy.
Create the consul config file and encrypt it via agenix:
#+begin_src bash
agenix -e consul.d/agent-token-<host>.json.age
#+end_src
JSON config:
#+begin_src json
{
  "acl": {
    "tokens": {
      "default": "<AGENT_TOKEN>",
      "agent": "<AGENT_TOKEN>"
    }
  }
}
#+end_src