Page MenuHomeDevCentral
Files F3910007

D2624.diff
No OneTemporary
Actions

D2624.diff
View Options

diff --git a/roles/vault/init.sls b/roles/vault/init.sls
new file mode 100644
--- /dev/null
+++ b/roles/vault/init.sls
@@ -0,0 +1,9 @@
+# -------------------------------------------------------------
+# Salt — Vault
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# License: Trivial work, not eligible to copyright
+# -------------------------------------------------------------
+
+include:
+ - .vault
diff --git a/roles/vault/vault/files/vault.hcl b/roles/vault/vault/files/vault.hcl
new file mode 100644
--- /dev/null
+++ b/roles/vault/vault/files/vault.hcl
@@ -0,0 +1,35 @@
+# -------------------------------------------------------------
+# Vault configuration
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# License: Trivial work, not eligible to copyright
+# Source file: roles/vault/vault/files/vault.hcl
+# -------------------------------------------------------------
+#
+# <auto-generated>
+# This file is managed by our rOPS SaltStack repository.
+#
+# Changes to this file may cause incorrect behavior
+# and will be lost if the state is redeployed.
+# </auto-generated>
+
+listener "tcp" {
+ address = "{{ ip }}:8200"
+{% if certificates_available %}
+ tls_cert_file: "/usr/local/etc/certificates/vault/fullchain.pem"
+ tls_key_file: "/usr/local/etc/certificates/vault/private.key"
+{% else %}
+ tls_disable = 1
+{% endif %}
+}
+
+storage "raft" {
+ path = "/var/db/vault"
+ node_id = "{{ id }}"
+}
+
+disable_mlock = true
+
+cluster_addr = "http://{{ ip }}:8201"
+api_addr = "http://{{ ip }}:8200"
+ui = true
diff --git a/roles/vault/vault/init.sls b/roles/vault/vault/init.sls
new file mode 100644
--- /dev/null
+++ b/roles/vault/vault/init.sls
@@ -0,0 +1,59 @@
+# -------------------------------------------------------------
+# Salt — Vault
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# License: Trivial work, not eligible to copyright
+# -------------------------------------------------------------
+
+{% from "map.jinja" import dirs with context %}
+{% set network = salt['node.resolve_network']() %}
+
+# -------------------------------------------------------------
+# Software
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+vault:
+ pkg.installed
+
+# -------------------------------------------------------------
+# Configuration
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+{{ dirs.etc }}/vault.hcl:
+ file.managed:
+ - source: salt://roles/vault/vault/files/vault.hcl
+ - mode: 644
+ - template: jinja
+ - context:
+ id: {{ grains['id'] }}
+ ip: {{ network['ipv4_address'] }}
+ certificates_available: {{ salt["file.file_exists"]("/usr/local/etc/certificates/vault") }}
+
+# -------------------------------------------------------------
+# Storage
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+/var/db/vault:
+ file.directory:
+ - mode: 700
+ - user: vault
+ - group: vault
+
+# -------------------------------------------------------------
+# Service
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+{% if grains["os"] == "FreeBSD" %}
+/etc/rc.conf.d/vault/vault:
+ file.managed:
+ - makedirs: True
+ - mode: 644
+ - contents: |
+ vault_enable="YES"
+ vault_syslog_output_enable="YES"
+{% endif %}
+
+service_vault:
+ service.running:
+ - name: vault
+ - enable: true

File Metadata

Mime Type
text/plain
Expires
Thu, Dec 19, 22:39 (20 h, 56 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
2306961
Default Alt Text
D2624.diff (3 KB)

Event Timeline

Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator