added vault server module mvp
Some checks failed
Build / nix-build (native-aarch64, varda) (push) Successful in 1m48s
Build / nix-build (native-x86_64, gandalf) (push) Has been cancelled
Build / nix-build (native-x86_64, telchar) (push) Has been cancelled
Build / nix-build (native-x86_64, telperion) (push) Has been cancelled
Build / Nix Build Successful (push) Has been cancelled

This commit is contained in:
Joseph Hanson 2024-09-11 16:15:18 -05:00
parent 6c07f5ad50
commit f0fa47639b
Signed by: jahanson
SSH key fingerprint: SHA256:vy6dKBECV522aPAwklFM3ReKAVB086rT3oWwiuiFG7o
6 changed files with 39 additions and 16 deletions

2
.gitignore vendored
View file

@ -7,3 +7,5 @@ result*
.github .github
.profile .profile
.idea .idea
.secrets
.op

View file

@ -264,15 +264,16 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1725897020, "lastModified": 1726074731,
"narHash": "sha256-0mJ37QZpUz44d0uolv9XQKDHwxUwqslz5ZSgwbdxmlo=", "narHash": "sha256-FsJQbSW9MGndQr7xz49SHjculvRaJGeqBSOgQjHguBc=",
"owner": "brumhard", "owner": "ajgon",
"repo": "krewfile", "repo": "krewfile",
"rev": "e7773854b19a4288df5502946ccec79c4af57adf", "rev": "05183df6874c2ce479987872083017d7c1ddb546",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "brumhard", "owner": "ajgon",
"ref": "feat/indexes",
"repo": "krewfile", "repo": "krewfile",
"type": "github" "type": "github"
} }
@ -437,11 +438,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1725407940, "lastModified": 1725826545,
"narHash": "sha256-tiN5Rlg/jiY0tyky+soJZoRzLKbPyIdlQ77xVgREDNM=", "narHash": "sha256-L64N1rpLlXdc94H+F6scnrbuEu+utC03cDDVvvJGOME=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "6f6c45b5134a8ee2e465164811e451dcb5ad86e3", "rev": "f4c846aee8e1e29062aa8514d5e0ab270f4ec2f9",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -529,11 +530,11 @@
}, },
"nixpkgs-unstable_2": { "nixpkgs-unstable_2": {
"locked": { "locked": {
"lastModified": 1725432240, "lastModified": 1725634671,
"narHash": "sha256-+yj+xgsfZaErbfYM3T+QvEE2hU7UuE+Jf0fJCJ8uPS0=", "narHash": "sha256-v3rIhsJBOMLR8e/RNWxr828tB+WywYIoajrZKFM+0Gg=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "ad416d066ca1222956472ab7d0555a6946746a80", "rev": "574d1eac1c200690e27b8eb4e24887f8df7ac27c",
"type": "github" "type": "github"
}, },
"original": { "original": {

View file

@ -88,7 +88,8 @@
# krewfile - Declarative krew plugin management # krewfile - Declarative krew plugin management
krewfile = { krewfile = {
url = "github:brumhard/krewfile"; # url = "github:brumhard/krewfile";
url = "github:ajgon/krewfile?ref=feat/indexes";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };

View file

@ -58,7 +58,7 @@
# Services config # Services config
services = { services = {
vault = { vault = {
enable = true; enable = false;
}; };
}; };

View file

@ -1,9 +1,9 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
let let
cfg = config.mySystem.vault; cfg = config.mySystem.services.vault;
in in
{ {
options.vault = { options.mySystem.services.vault = {
enable = lib.mkEnableOption "vault"; enable = lib.mkEnableOption "vault";
address = lib.mkOption { address = lib.mkOption {
type = lib.types.str; type = lib.types.str;
@ -19,7 +19,12 @@ in
package = pkgs.unstable.vault; package = pkgs.unstable.vault;
address = cfg.address; address = cfg.address;
dev = false; dev = false;
storage = "raft"; storageBackend = "raft";
extraConfig = ''
api_addr = "http://127.0.0.1:8200"
cluster_addr = "http://127.0.0.1:8201"
ui = true
'';
}; };
}; };
} }

View file

@ -0,0 +1,14 @@
listener "tcp" {
address = "0.0.0.0:8200"
tls_disable = true
}
storage "raft" {
path = "/var/lib/vault/data"
node_id = "node1"
}
disable_mlock = true
api_addr = "http://localhost:8200"
cluster_addr = "http://localhost:8201"
ui = true