add hashicorp vault
This commit is contained in:
parent
dc09b422bb
commit
6c8f89cd50
5 changed files with 38 additions and 0 deletions
1
.envrc
1
.envrc
|
@ -1,2 +1,3 @@
|
||||||
use nix
|
use nix
|
||||||
export SOPS_AGE_KEY_FILE="$(expand_path ./age.key)"
|
export SOPS_AGE_KEY_FILE="$(expand_path ./age.key)"
|
||||||
|
export VAULT_ADDR="http://10.1.1.61:8200"
|
||||||
|
|
|
@ -52,6 +52,7 @@ with config;
|
||||||
unstable.talosctl
|
unstable.talosctl
|
||||||
unstable.telegram-desktop
|
unstable.telegram-desktop
|
||||||
unstable.tidal-hifi
|
unstable.tidal-hifi
|
||||||
|
unstable.vault
|
||||||
vlc
|
vlc
|
||||||
|
|
||||||
# cli
|
# cli
|
||||||
|
|
|
@ -47,11 +47,21 @@
|
||||||
# System settings and services.
|
# System settings and services.
|
||||||
mySystem = {
|
mySystem = {
|
||||||
purpose = "Development";
|
purpose = "Development";
|
||||||
|
|
||||||
|
# System config
|
||||||
system = {
|
system = {
|
||||||
motd.networkInterfaces = [ "wlp1s0" ];
|
motd.networkInterfaces = [ "wlp1s0" ];
|
||||||
fingerprint-reader-on-laptop-lid.enable = true;
|
fingerprint-reader-on-laptop-lid.enable = true;
|
||||||
borg.pika-backup.enable = true;
|
borg.pika-backup.enable = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
# Services config
|
||||||
|
services = {
|
||||||
|
vault = {
|
||||||
|
enable = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
security._1password.enable = true;
|
security._1password.enable = true;
|
||||||
framework_wifi_swap.enable = true;
|
framework_wifi_swap.enable = true;
|
||||||
};
|
};
|
||||||
|
|
|
@ -15,5 +15,6 @@
|
||||||
./reboot-required-check.nix
|
./reboot-required-check.nix
|
||||||
./restic
|
./restic
|
||||||
./sanoid
|
./sanoid
|
||||||
|
./vault
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
25
nixos/modules/nixos/services/vault/default.nix
Normal file
25
nixos/modules/nixos/services/vault/default.nix
Normal file
|
@ -0,0 +1,25 @@
|
||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
let
|
||||||
|
cfg = config.mySystem.vault;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
options.vault = {
|
||||||
|
enable = lib.mkEnableOption "vault";
|
||||||
|
address = lib.mkOption {
|
||||||
|
type = lib.types.str;
|
||||||
|
default = "127.0.0.1:8200";
|
||||||
|
description = "Address of the Vault server";
|
||||||
|
example = "127.0.0.1:8200";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
config = lib.mkIf cfg.enable {
|
||||||
|
services.vault = {
|
||||||
|
enable = true;
|
||||||
|
package = pkgs.unstable.vault;
|
||||||
|
address = cfg.address;
|
||||||
|
dev = false;
|
||||||
|
storage = "raft";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
Loading…
Reference in a new issue