add hashicorp vault

This commit is contained in:
Joseph Hanson 2024-09-10 13:43:35 -05:00
parent dc09b422bb
commit 6c8f89cd50
Signed by: jahanson
SSH key fingerprint: SHA256:vy6dKBECV522aPAwklFM3ReKAVB086rT3oWwiuiFG7o
5 changed files with 38 additions and 0 deletions

1
.envrc
View file

@ -1,2 +1,3 @@
use nix use nix
export SOPS_AGE_KEY_FILE="$(expand_path ./age.key)" export SOPS_AGE_KEY_FILE="$(expand_path ./age.key)"
export VAULT_ADDR="http://10.1.1.61:8200"

View file

@ -52,6 +52,7 @@ with config;
unstable.talosctl unstable.talosctl
unstable.telegram-desktop unstable.telegram-desktop
unstable.tidal-hifi unstable.tidal-hifi
unstable.vault
vlc vlc
# cli # cli

View file

@ -47,11 +47,21 @@
# System settings and services. # System settings and services.
mySystem = { mySystem = {
purpose = "Development"; purpose = "Development";
# System config
system = { system = {
motd.networkInterfaces = [ "wlp1s0" ]; motd.networkInterfaces = [ "wlp1s0" ];
fingerprint-reader-on-laptop-lid.enable = true; fingerprint-reader-on-laptop-lid.enable = true;
borg.pika-backup.enable = true; borg.pika-backup.enable = true;
}; };
# Services config
services = {
vault = {
enable = true;
};
};
security._1password.enable = true; security._1password.enable = true;
framework_wifi_swap.enable = true; framework_wifi_swap.enable = true;
}; };

View file

@ -15,5 +15,6 @@
./reboot-required-check.nix ./reboot-required-check.nix
./restic ./restic
./sanoid ./sanoid
./vault
]; ];
} }

View file

@ -0,0 +1,25 @@
{ config, lib, pkgs, ... }:
let
cfg = config.mySystem.vault;
in
{
options.vault = {
enable = lib.mkEnableOption "vault";
address = lib.mkOption {
type = lib.types.str;
default = "127.0.0.1:8200";
description = "Address of the Vault server";
example = "127.0.0.1:8200";
};
};
config = lib.mkIf cfg.enable {
services.vault = {
enable = true;
package = pkgs.unstable.vault;
address = cfg.address;
dev = false;
storage = "raft";
};
};
}