added vault server module mvp

.gitignore

@@ -7,3 +7,5 @@ result*
 .github
 .profile
 .idea
+.secrets
+.op

flake.lock

@@ -264,15 +264,16 @@
         ]
       },
       "locked": {
-        "lastModified": 1725897020,
+        "lastModified": 1726074731,
-        "narHash": "sha256-0mJ37QZpUz44d0uolv9XQKDHwxUwqslz5ZSgwbdxmlo=",
+        "narHash": "sha256-FsJQbSW9MGndQr7xz49SHjculvRaJGeqBSOgQjHguBc=",
-        "owner": "brumhard",
+        "owner": "ajgon",
         "repo": "krewfile",
-        "rev": "e7773854b19a4288df5502946ccec79c4af57adf",
+        "rev": "05183df6874c2ce479987872083017d7c1ddb546",
         "type": "github"
       },
       "original": {
-        "owner": "brumhard",
+        "owner": "ajgon",
+        "ref": "feat/indexes",
         "repo": "krewfile",
         "type": "github"
       }
@@ -437,11 +438,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1725407940,
+        "lastModified": 1725826545,
-        "narHash": "sha256-tiN5Rlg/jiY0tyky+soJZoRzLKbPyIdlQ77xVgREDNM=",
+        "narHash": "sha256-L64N1rpLlXdc94H+F6scnrbuEu+utC03cDDVvvJGOME=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "6f6c45b5134a8ee2e465164811e451dcb5ad86e3",
+        "rev": "f4c846aee8e1e29062aa8514d5e0ab270f4ec2f9",
         "type": "github"
       },
       "original": {
@@ -529,11 +530,11 @@
     },
     "nixpkgs-unstable_2": {
       "locked": {
-        "lastModified": 1725432240,
+        "lastModified": 1725634671,
-        "narHash": "sha256-+yj+xgsfZaErbfYM3T+QvEE2hU7UuE+Jf0fJCJ8uPS0=",
+        "narHash": "sha256-v3rIhsJBOMLR8e/RNWxr828tB+WywYIoajrZKFM+0Gg=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "ad416d066ca1222956472ab7d0555a6946746a80",
+        "rev": "574d1eac1c200690e27b8eb4e24887f8df7ac27c",
         "type": "github"
       },
       "original": {

flake.nix

@@ -88,7 +88,8 @@
 
     # krewfile - Declarative krew plugin management
     krewfile = {
-      url = "github:brumhard/krewfile";
+      # url = "github:brumhard/krewfile";
+      url = "github:ajgon/krewfile?ref=feat/indexes";
       inputs.nixpkgs.follows = "nixpkgs";
     };
 

nixos/hosts/telchar/default.nix

@@ -58,7 +58,7 @@
     # Services config
     services = {
       vault = {
-        enable = true;
+        enable = false;
       };
     };
 

nixos/modules/nixos/services/vault/default.nix

@@ -1,9 +1,9 @@
 { config, lib, pkgs, ... }:
 let
-  cfg = config.mySystem.vault;
+  cfg = config.mySystem.services.vault;
 in
 {
-  options.vault = {
+  options.mySystem.services.vault = {
     enable = lib.mkEnableOption "vault";
     address = lib.mkOption {
       type = lib.types.str;
@@ -19,7 +19,12 @@ in
       package = pkgs.unstable.vault;
       address = cfg.address;
       dev = false;
-      storage = "raft";
+      storageBackend = "raft";
+      extraConfig = ''
+        api_addr = "http://127.0.0.1:8200"
+        cluster_addr = "http://127.0.0.1:8201"
+        ui = true
+      '';
     };
   };
 }

nixos/modules/nixos/services/vault/resources/vault-config.hcl

@@ -0,0 +1,14 @@
+listener "tcp" {
+    address = "0.0.0.0:8200"
+    tls_disable = true
+}
+
+storage "raft" {
+    path = "/var/lib/vault/data"
+    node_id = "node1"
+}
+
+disable_mlock = true
+api_addr = "http://localhost:8200"
+cluster_addr = "http://localhost:8201"
+ui = true