ryan
/
systemd-openbao
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat: further adapt to openbao

Browse Source 
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
main
Raito Bezarius 1 month ago
parent d4e31a9b0f
commit 5aa5a794fd
5 changed files with 57 additions and 5 deletions
Show Stats Download Patch File Download Diff File

2
Procfile
Unescape Escape View File

@ -1,5 +1,5 @@
#!/usr/bin/env hivemind #!/usr/bin/env hivemind
systemd-service: sleep 3 && systemd-run --user --collect -u vault-nixos3.service -p LoadCredential=foo:$(pwd)/tmp/sock --wait --pipe cat '${CREDENTIALS_DIRECTORY}/foo' systemd-service: sleep 3 && systemd-run --user --collect -u vault-nixos3.service -p LoadCredential=foo:$(pwd)/tmp/sock --wait --pipe cat '${CREDENTIALS_DIRECTORY}/foo'
openbao: vault server -dev -dev-root-token-id secret openbao: openbao server -dev -dev-root-token-id secret
openbao-agent: sleep 5 && ./tests/setup-vault && openbao agent -config ./tests/vault-agent-example.hcl openbao-agent: sleep 5 && ./tests/setup-vault && openbao agent -config ./tests/vault-agent-example.hcl
systemd-openbaod: go run . -secrets tmp/secrets -sock tmp/sock systemd-openbaod: go run . -secrets tmp/secrets -sock tmp/sock

3
default.nix
Unescape Escape View File

@ -24,7 +24,8 @@
python3.pkgs.mypy python3.pkgs.mypy
golangci-lint golangci-lint
# openbao # OpenBao
(callPackage ./nix/package.nix { })
systemd systemd
hivemind hivemind
go go

51
nix/package.nix
Unescape Escape View File

@ -0,0 +1,51 @@
{ stdenv, lib, fetchFromGitHub, buildGoModule, installShellFiles, nixosTests
, makeWrapper
, gawk
, glibc
}:
buildGoModule rec {
pname = "openbao";
version = "2.0.2";
src = fetchFromGitHub {
owner = "openbao";
repo = "openbao";
rev = "v${version}";
hash = "sha256-7Dqrw00wjI/VCahY1+ANBMq9nPUQlb94HiBB3CKyhSQ=";
};
vendorHash = "sha256-qojDPhdCqnYCAFo5sc9mWyQxvHc/p/a1LYdW7MbOO5w=";
subPackages = [ "." ];
nativeBuildInputs = [ installShellFiles makeWrapper ];
tags = [ "openbao" ];
ldflags = [
"-s" "-w"
"-X github.com/openbao/openbao/sdk/version.GitCommit=${src.rev}"
"-X github.com/openbao/openbao/sdk/version.Version=${version}"
"-X github.com/openbao/openbao/sdk/version.VersionPrerelease="
];
postInstall = ''
echo "complete -C $out/bin/openbao openbao" > openbao.bash
installShellCompletion openbao.bash
'' + lib.optionalString stdenv.isLinux ''
wrapProgram $out/bin/openbao \
--prefix PATH ${lib.makeBinPath [ gawk glibc ]}
'';
# passthru.tests = { inherit (nixosTests) vault vault-postgresql vault-dev vault-agent; };
meta = with lib; {
homepage = "https://openbao.org/";
description = "Tool for managing secrets";
changelog = "https://github.com/openbao/openbao/blob/v${version}/CHANGELOG.md";
license = licenses.mpl20;
mainProgram = "openbao";
maintainers = with maintainers; [ raitobezarius ];
};
}

2
tests/setup-vault
Unescape Escape View File

@ -3,7 +3,7 @@ set -eux -o pipefail
export BAO_ADDR=http://127.0.0.1:8200 export BAO_ADDR=http://127.0.0.1:8200
export BAO_TOKEN=secret export BAO_TOKEN=secret
while ! vault status; do while ! openbao status; do
sleep 1 sleep 1
done done

4
tests/vault-agent-example.hcl
Unescape Escape View File

@ -2,8 +2,8 @@
address = "http://localhost:8200" address = "http://localhost:8200"
} }
template = { template = {
contents = "{{ with secret \"secret/my-secret\" }}{{ .Data.data.foo }}{{ end }}" contents = "{{ with secret \"secret/my-secret\" }}{{ .Data.data | toJSON }}{{ end }}"
destination = "tmp/secrets/vault-nixos3.service-foo" destination = "tmp/secrets/vault-nixos3.service.json"
} }
auto_auth { auto_auth {

Write Preview
Loading…
Cancel
Save