#!/usr/bin/env bash

SCRIPT "${JOBFILE_DIR}/common.sh";

COPY "../consul/server.hcl" "/tmp/server.hcl"

RUN "sudo mv /tmp/server.hcl /etc/consul/server.hcl";
RUN "sudo chown root:root /etc/consul/server.hcl";
RUN "sudo apt-get update";
RUN "sudo apt-get install --yes hashicorp-consul-systemd-server";

# TODO: Restrict these to the wesher subnet, and add 8500/tcp (the HTTP API)
# TODO: Do that for Nomad too
# RUN "sudo ufw allow 8301 comment consul-serf-lan";
# RUN "sudo ufw allow 8300/tcp comment consul-rpc";
# RUN "sudo ufw allow 8600 comment consul-dns";

# Commented out since we're now running over wgoverlay & allowing all traffic on that interface because dynamic ports
# Delete old ufw rules
RUN "sudo ufw delete allow 8301 comment consul-serf-lan";
RUN "sudo ufw delete allow 8300/tcp comment consul-rpc";
RUN "sudo ufw delete allow 8600 comment consul-dns";

RUN "sudo systemctl enable consul.service";
RUN "sudo systemctl restart consul.service";