You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
|
|
|
{ pkgs
|
|
|
|
, ...
|
|
|
|
}:
|
|
|
|
let
|
|
|
|
systemd-vaultd = pkgs.callPackage ../../default.nix { };
|
|
|
|
in
|
|
|
|
{
|
|
|
|
imports = [
|
|
|
|
./vault-secrets.nix
|
|
|
|
];
|
|
|
|
|
|
|
|
systemd.package = pkgs.callPackage ../pkgs/systemd.nix { };
|
|
|
|
|
|
|
|
systemd.sockets.systemd-vaultd = {
|
|
|
|
description = "systemd-vaultd socket";
|
|
|
|
wantedBy = [ "sockets.target" ];
|
|
|
|
|
|
|
|
socketConfig = {
|
|
|
|
ListenStream = "/run/systemd-vaultd/sock";
|
|
|
|
SocketUser = "root";
|
|
|
|
SocketMode = "0600";
|
|
|
|
};
|
|
|
|
};
|
|
|
|
systemd.services.systemd-vaultd = {
|
|
|
|
description = "systemd-vaultd daemon";
|
|
|
|
requires = [ "systemd-vaultd.socket" ];
|
|
|
|
after = [ "systemd-vaultd.socket" ];
|
|
|
|
# Restarting can break services waiting for secrets
|
|
|
|
stopIfChanged = false;
|
|
|
|
serviceConfig = {
|
|
|
|
ExecStart = "${systemd-vaultd}/bin/systemd-vaultd";
|
|
|
|
};
|
|
|
|
};
|
|
|
|
}
|