main
zimbatm 2 years ago
parent f1df228d66
commit 974032c41a
No known key found for this signature in database
GPG Key ID: 71BAF6D40C1D63D7

@ -25,10 +25,10 @@
packages.default = pkgs.callPackage ./default.nix {}; packages.default = pkgs.callPackage ./default.nix {};
devShells.default = pkgs.callPackage ./shell.nix {}; devShells.default = pkgs.callPackage ./shell.nix {};
checks = let checks = let
nixosTests = (pkgs.callPackages ./nix/checks/nixos-test.nix { nixosTests = pkgs.callPackages ./nix/checks/nixos-test.nix {
makeTest = import (pkgs.path + "/nixos/tests/make-test-python.nix"); makeTest = import (pkgs.path + "/nixos/tests/make-test-python.nix");
inherit (self.nixosModules) vaultAgent systemdVaultd; inherit (self.nixosModules) vaultAgent systemdVaultd;
}); };
in { in {
treefmt = pkgs.callPackage ./nix/checks/treefmt.nix {}; treefmt = pkgs.callPackage ./nix/checks/treefmt.nix {};
inherit (nixosTests) unittests vault-agent systemd-vaultd; inherit (nixosTests) unittests vault-agent systemd-vaultd;

@ -1,6 +1,9 @@
{ config, lib, pkgs, ... }:
{ {
config,
lib,
pkgs,
...
}: {
environment.systemPackages = [pkgs.vault]; environment.systemPackages = [pkgs.vault];
services.vault = { services.vault = {
enable = true; enable = true;

@ -1,9 +1,11 @@
{ config, lib, pkgs, ... }:
let
systemd-vaultd = pkgs.callPackage ../../default.nix {};
in
{ {
config,
lib,
pkgs,
...
}: let
systemd-vaultd = pkgs.callPackage ../../default.nix {};
in {
systemd.sockets.systemd-vaultd = { systemd.sockets.systemd-vaultd = {
description = "systemd-vaultd socket"; description = "systemd-vaultd socket";
wantedBy = ["sockets.target"]; wantedBy = ["sockets.target"];

@ -1,5 +1,9 @@
{ config, lib, pkgs, ... }: {
let config,
lib,
pkgs,
...
}: let
cfg = config.services.vault; cfg = config.services.vault;
settingsFormat = pkgs.formats.json {}; settingsFormat = pkgs.formats.json {};
@ -54,8 +58,7 @@ let
}; };
}; };
}; };
in in {
{
options.services.vault.agents = lib.mkOption { options.services.vault.agents = lib.mkOption {
default = {}; default = {};
description = "Instances of vault agent"; description = "Instances of vault agent";
@ -69,7 +72,8 @@ in
}); });
}; };
config = { config = {
systemd.services = lib.mapAttrs' (name: instanceCfg: lib.nameValuePair "vault-agent-${name}" ({ systemd.services = lib.mapAttrs' (name: instanceCfg:
lib.nameValuePair "vault-agent-${name}" {
after = ["network.target"]; after = ["network.target"];
wantedBy = ["multi-user.target"]; wantedBy = ["multi-user.target"];
# Needs getent in PATH # Needs getent in PATH
@ -78,6 +82,7 @@ in
Restart = "on-failure"; Restart = "on-failure";
ExecStart = "${pkgs.vault}/bin/vault agent -config=${settingsFormat.generate "agent.json" instanceCfg.settings}"; ExecStart = "${pkgs.vault}/bin/vault agent -config=${settingsFormat.generate "agent.json" instanceCfg.settings}";
}; };
})) cfg.agents; })
cfg.agents;
}; };
} }

Loading…
Cancel
Save