mirror of
https://github.com/NixOS/nixpkgs.git
synced 2024-11-28 09:53:10 +00:00
services-vault: make package configurable and add extraConfig option
This commit is contained in:
parent
3dbdc64abd
commit
d113c02563
@ -1,6 +1,7 @@
|
|||||||
{ config, lib, pkgs, ... }:
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
with lib;
|
with lib;
|
||||||
|
|
||||||
let
|
let
|
||||||
cfg = config.services.vault;
|
cfg = config.services.vault;
|
||||||
|
|
||||||
@ -24,15 +25,22 @@ let
|
|||||||
${cfg.telemetryConfig}
|
${cfg.telemetryConfig}
|
||||||
}
|
}
|
||||||
''}
|
''}
|
||||||
|
${cfg.extraConfig}
|
||||||
'';
|
'';
|
||||||
in
|
in
|
||||||
|
|
||||||
{
|
{
|
||||||
options = {
|
options = {
|
||||||
|
|
||||||
services.vault = {
|
services.vault = {
|
||||||
|
|
||||||
enable = mkEnableOption "Vault daemon";
|
enable = mkEnableOption "Vault daemon";
|
||||||
|
|
||||||
|
package = mkOption {
|
||||||
|
type = types.package;
|
||||||
|
default = pkgs.vault;
|
||||||
|
defaultText = "pkgs.vault";
|
||||||
|
description = "This option specifies the vault package to use.";
|
||||||
|
};
|
||||||
|
|
||||||
address = mkOption {
|
address = mkOption {
|
||||||
type = types.str;
|
type = types.str;
|
||||||
default = "127.0.0.1:8200";
|
default = "127.0.0.1:8200";
|
||||||
@ -58,7 +66,7 @@ in
|
|||||||
default = ''
|
default = ''
|
||||||
tls_min_version = "tls12"
|
tls_min_version = "tls12"
|
||||||
'';
|
'';
|
||||||
description = "extra configuration";
|
description = "Extra text appended to the listener section.";
|
||||||
};
|
};
|
||||||
|
|
||||||
storageBackend = mkOption {
|
storageBackend = mkOption {
|
||||||
@ -84,6 +92,12 @@ in
|
|||||||
default = "";
|
default = "";
|
||||||
description = "Telemetry configuration";
|
description = "Telemetry configuration";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
extraConfig = mkOption {
|
||||||
|
type = types.lines;
|
||||||
|
default = "";
|
||||||
|
description = "Extra text appended to <filename>vault.hcl</filename>.";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
@ -122,7 +136,7 @@ in
|
|||||||
User = "vault";
|
User = "vault";
|
||||||
Group = "vault";
|
Group = "vault";
|
||||||
PermissionsStartOnly = true;
|
PermissionsStartOnly = true;
|
||||||
ExecStart = "${pkgs.vault}/bin/vault server -config ${configFile}";
|
ExecStart = "${cfg.package}/bin/vault server -config ${configFile}";
|
||||||
PrivateDevices = true;
|
PrivateDevices = true;
|
||||||
PrivateTmp = true;
|
PrivateTmp = true;
|
||||||
ProtectSystem = "full";
|
ProtectSystem = "full";
|
||||||
|
Loading…
Reference in New Issue
Block a user