feat: further adapt to openbao

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
main
Raito Bezarius 3 months ago
parent d4e31a9b0f
commit 5aa5a794fd

@ -1,5 +1,5 @@
#!/usr/bin/env hivemind
systemd-service: sleep 3 && systemd-run --user --collect -u vault-nixos3.service -p LoadCredential=foo:$(pwd)/tmp/sock --wait --pipe cat '${CREDENTIALS_DIRECTORY}/foo'
openbao: vault server -dev -dev-root-token-id secret
openbao: openbao server -dev -dev-root-token-id secret
openbao-agent: sleep 5 && ./tests/setup-vault && openbao agent -config ./tests/vault-agent-example.hcl
systemd-openbaod: go run . -secrets tmp/secrets -sock tmp/sock

@ -24,7 +24,8 @@
python3.pkgs.mypy
golangci-lint
# openbao
# OpenBao
(callPackage ./nix/package.nix { })
systemd
hivemind
go

@ -0,0 +1,51 @@
{ stdenv, lib, fetchFromGitHub, buildGoModule, installShellFiles, nixosTests
, makeWrapper
, gawk
, glibc
}:
buildGoModule rec {
pname = "openbao";
version = "2.0.2";
src = fetchFromGitHub {
owner = "openbao";
repo = "openbao";
rev = "v${version}";
hash = "sha256-7Dqrw00wjI/VCahY1+ANBMq9nPUQlb94HiBB3CKyhSQ=";
};
vendorHash = "sha256-qojDPhdCqnYCAFo5sc9mWyQxvHc/p/a1LYdW7MbOO5w=";
subPackages = [ "." ];
nativeBuildInputs = [ installShellFiles makeWrapper ];
tags = [ "openbao" ];
ldflags = [
"-s" "-w"
"-X github.com/openbao/openbao/sdk/version.GitCommit=${src.rev}"
"-X github.com/openbao/openbao/sdk/version.Version=${version}"
"-X github.com/openbao/openbao/sdk/version.VersionPrerelease="
];
postInstall = ''
echo "complete -C $out/bin/openbao openbao" > openbao.bash
installShellCompletion openbao.bash
'' + lib.optionalString stdenv.isLinux ''
wrapProgram $out/bin/openbao \
--prefix PATH ${lib.makeBinPath [ gawk glibc ]}
'';
# passthru.tests = { inherit (nixosTests) vault vault-postgresql vault-dev vault-agent; };
meta = with lib; {
homepage = "https://openbao.org/";
description = "Tool for managing secrets";
changelog = "https://github.com/openbao/openbao/blob/v${version}/CHANGELOG.md";
license = licenses.mpl20;
mainProgram = "openbao";
maintainers = with maintainers; [ raitobezarius ];
};
}

@ -3,7 +3,7 @@ set -eux -o pipefail
export BAO_ADDR=http://127.0.0.1:8200
export BAO_TOKEN=secret
while ! vault status; do
while ! openbao status; do
sleep 1
done

@ -2,8 +2,8 @@
address = "http://localhost:8200"
}
template = {
contents = "{{ with secret \"secret/my-secret\" }}{{ .Data.data.foo }}{{ end }}"
destination = "tmp/secrets/vault-nixos3.service-foo"
contents = "{{ with secret \"secret/my-secret\" }}{{ .Data.data | toJSON }}{{ end }}"
destination = "tmp/secrets/vault-nixos3.service.json"
}
auto_auth {

Loading…
Cancel
Save