diff --git a/.gitignore b/.gitignore index 67f40c8..ca6943e 100644 --- a/.gitignore +++ b/.gitignore @@ -7,3 +7,5 @@ result* .github .profile .idea +.secrets +.op diff --git a/flake.lock b/flake.lock index e213908..cbc2a8e 100644 --- a/flake.lock +++ b/flake.lock @@ -264,15 +264,16 @@ ] }, "locked": { - "lastModified": 1725897020, - "narHash": "sha256-0mJ37QZpUz44d0uolv9XQKDHwxUwqslz5ZSgwbdxmlo=", - "owner": "brumhard", + "lastModified": 1726074731, + "narHash": "sha256-FsJQbSW9MGndQr7xz49SHjculvRaJGeqBSOgQjHguBc=", + "owner": "ajgon", "repo": "krewfile", - "rev": "e7773854b19a4288df5502946ccec79c4af57adf", + "rev": "05183df6874c2ce479987872083017d7c1ddb546", "type": "github" }, "original": { - "owner": "brumhard", + "owner": "ajgon", + "ref": "feat/indexes", "repo": "krewfile", "type": "github" } @@ -437,11 +438,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1725407940, - "narHash": "sha256-tiN5Rlg/jiY0tyky+soJZoRzLKbPyIdlQ77xVgREDNM=", + "lastModified": 1725826545, + "narHash": "sha256-L64N1rpLlXdc94H+F6scnrbuEu+utC03cDDVvvJGOME=", "owner": "nixos", "repo": "nixpkgs", - "rev": "6f6c45b5134a8ee2e465164811e451dcb5ad86e3", + "rev": "f4c846aee8e1e29062aa8514d5e0ab270f4ec2f9", "type": "github" }, "original": { @@ -529,11 +530,11 @@ }, "nixpkgs-unstable_2": { "locked": { - "lastModified": 1725432240, - "narHash": "sha256-+yj+xgsfZaErbfYM3T+QvEE2hU7UuE+Jf0fJCJ8uPS0=", + "lastModified": 1725634671, + "narHash": "sha256-v3rIhsJBOMLR8e/RNWxr828tB+WywYIoajrZKFM+0Gg=", "owner": "nixos", "repo": "nixpkgs", - "rev": "ad416d066ca1222956472ab7d0555a6946746a80", + "rev": "574d1eac1c200690e27b8eb4e24887f8df7ac27c", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index fee27b2..43ce6c1 100644 --- a/flake.nix +++ b/flake.nix @@ -88,7 +88,8 @@ # krewfile - Declarative krew plugin management krewfile = { - url = "github:brumhard/krewfile"; + # url = "github:brumhard/krewfile"; + url = "github:ajgon/krewfile?ref=feat/indexes"; inputs.nixpkgs.follows = "nixpkgs"; }; diff --git a/nixos/hosts/telchar/default.nix b/nixos/hosts/telchar/default.nix index ab204de..665e8f2 100644 --- a/nixos/hosts/telchar/default.nix +++ b/nixos/hosts/telchar/default.nix @@ -58,7 +58,7 @@ # Services config services = { vault = { - enable = true; + enable = false; }; }; diff --git a/nixos/modules/nixos/services/vault/default.nix b/nixos/modules/nixos/services/vault/default.nix index 199e988..220cf02 100644 --- a/nixos/modules/nixos/services/vault/default.nix +++ b/nixos/modules/nixos/services/vault/default.nix @@ -1,9 +1,9 @@ { config, lib, pkgs, ... }: let - cfg = config.mySystem.vault; + cfg = config.mySystem.services.vault; in { - options.vault = { + options.mySystem.services.vault = { enable = lib.mkEnableOption "vault"; address = lib.mkOption { type = lib.types.str; @@ -19,7 +19,12 @@ in package = pkgs.unstable.vault; address = cfg.address; dev = false; - storage = "raft"; + storageBackend = "raft"; + extraConfig = '' + api_addr = "http://127.0.0.1:8200" + cluster_addr = "http://127.0.0.1:8201" + ui = true + ''; }; }; } diff --git a/nixos/modules/nixos/services/vault/resources/vault-config.hcl b/nixos/modules/nixos/services/vault/resources/vault-config.hcl new file mode 100644 index 0000000..9890359 --- /dev/null +++ b/nixos/modules/nixos/services/vault/resources/vault-config.hcl @@ -0,0 +1,14 @@ +listener "tcp" { + address = "0.0.0.0:8200" + tls_disable = true +} + +storage "raft" { + path = "/var/lib/vault/data" + node_id = "node1" +} + +disable_mlock = true +api_addr = "http://localhost:8200" +cluster_addr = "http://localhost:8201" +ui = true