diff --git a/flake.nix b/flake.nix index 2bcabe4..c0dde99 100644 --- a/flake.nix +++ b/flake.nix @@ -25,10 +25,10 @@ packages.default = pkgs.callPackage ./default.nix {}; devShells.default = pkgs.callPackage ./shell.nix {}; checks = let - nixosTests = (pkgs.callPackages ./nix/checks/nixos-test.nix { + nixosTests = pkgs.callPackages ./nix/checks/nixos-test.nix { makeTest = import (pkgs.path + "/nixos/tests/make-test-python.nix"); inherit (self.nixosModules) vaultAgent systemdVaultd; - }); + }; in { treefmt = pkgs.callPackage ./nix/checks/treefmt.nix {}; inherit (nixosTests) unittests vault-agent systemd-vaultd; diff --git a/nix/checks/dev-vault-server.nix b/nix/checks/dev-vault-server.nix index 2a60ede..d103d6f 100644 --- a/nix/checks/dev-vault-server.nix +++ b/nix/checks/dev-vault-server.nix @@ -1,7 +1,10 @@ -{ config, lib, pkgs, ... }: - { - environment.systemPackages = [ pkgs.vault ]; + config, + lib, + pkgs, + ... +}: { + environment.systemPackages = [pkgs.vault]; services.vault = { enable = true; dev = true; @@ -11,7 +14,7 @@ environment.variables.VAULT_TOKEN = config.services.vault.devRootTokenID; systemd.services.setup-vault-agent-approle = { - path = [ pkgs.jq pkgs.vault pkgs.systemd ]; + path = [pkgs.jq pkgs.vault pkgs.systemd]; wantedBy = ["multi-user.target"]; serviceConfig = { @@ -48,7 +51,7 @@ # Make sure our setup service is started before our vault-agent systemd.services.vault-agent-test = { - wants = [ "setup-vault-agent-approle.service" ]; - after = [ "setup-vault-agent-approle.service" ]; + wants = ["setup-vault-agent-approle.service"]; + after = ["setup-vault-agent-approle.service"]; }; } diff --git a/nix/modules/systemd-vaultd.nix b/nix/modules/systemd-vaultd.nix index ccdff6a..3d176d5 100644 --- a/nix/modules/systemd-vaultd.nix +++ b/nix/modules/systemd-vaultd.nix @@ -1,12 +1,14 @@ -{ config, lib, pkgs, ... }: - -let - systemd-vaultd = pkgs.callPackage ../../default.nix {}; -in { + config, + lib, + pkgs, + ... +}: let + systemd-vaultd = pkgs.callPackage ../../default.nix {}; +in { systemd.sockets.systemd-vaultd = { description = "systemd-vaultd socket"; - wantedBy = [ "sockets.target" ]; + wantedBy = ["sockets.target"]; socketConfig = { ListenStream = "/run/systemd-vaultd/sock"; @@ -16,8 +18,8 @@ in }; systemd.services.systemd-vaultd = { description = "systemd-vaultd daemon"; - requires = [ "systemd-vaultd.socket" ]; - after = [ "systemd-vaultd.socket" ]; + requires = ["systemd-vaultd.socket"]; + after = ["systemd-vaultd.socket"]; serviceConfig = { ExecStart = "${systemd-vaultd}/bin/systemd-vaultd"; }; diff --git a/nix/modules/vault-agent.nix b/nix/modules/vault-agent.nix index 5851805..e6fd453 100644 --- a/nix/modules/vault-agent.nix +++ b/nix/modules/vault-agent.nix @@ -1,5 +1,9 @@ -{ config, lib, pkgs, ... }: -let +{ + config, + lib, + pkgs, + ... +}: let cfg = config.services.vault; settingsFormat = pkgs.formats.json {}; @@ -23,7 +27,7 @@ let options = { method = lib.mkOption { type = lib.types.listOf autoAuthMethodModule; - default = [ ]; + default = []; }; }; }; @@ -45,17 +49,16 @@ let options = { auto_auth = lib.mkOption { type = autoAuthModule; - default = { }; + default = {}; }; template_config = lib.mkOption { type = templateConfigModule; - default = { }; + default = {}; }; }; }; -in -{ +in { options.services.vault.agents = lib.mkOption { default = {}; description = "Instances of vault agent"; @@ -69,15 +72,17 @@ in }); }; config = { - systemd.services = lib.mapAttrs' (name: instanceCfg: lib.nameValuePair "vault-agent-${name}" ({ - after = [ "network.target" ]; - wantedBy = [ "multi-user.target" ]; - # Needs getent in PATH - path = [ pkgs.glibc ]; - serviceConfig = { - Restart = "on-failure"; - ExecStart = "${pkgs.vault}/bin/vault agent -config=${settingsFormat.generate "agent.json" instanceCfg.settings}"; - }; - })) cfg.agents; + systemd.services = lib.mapAttrs' (name: instanceCfg: + lib.nameValuePair "vault-agent-${name}" { + after = ["network.target"]; + wantedBy = ["multi-user.target"]; + # Needs getent in PATH + path = [pkgs.glibc]; + serviceConfig = { + Restart = "on-failure"; + ExecStart = "${pkgs.vault}/bin/vault agent -config=${settingsFormat.generate "agent.json" instanceCfg.settings}"; + }; + }) + cfg.agents; }; }