services-vault: make package configurable and add extraConfig option

This commit is contained in:
Daiderd Jordan 2018-08-09 23:22:53 +02:00
parent 3dbdc64abd
commit d113c02563
No known key found for this signature in database
GPG Key ID: D02435D05B810C96

View File

@ -1,6 +1,7 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
with lib; with lib;
let let
cfg = config.services.vault; cfg = config.services.vault;
@ -24,15 +25,22 @@ let
${cfg.telemetryConfig} ${cfg.telemetryConfig}
} }
''} ''}
${cfg.extraConfig}
''; '';
in in
{ {
options = { options = {
services.vault = { services.vault = {
enable = mkEnableOption "Vault daemon"; enable = mkEnableOption "Vault daemon";
package = mkOption {
type = types.package;
default = pkgs.vault;
defaultText = "pkgs.vault";
description = "This option specifies the vault package to use.";
};
address = mkOption { address = mkOption {
type = types.str; type = types.str;
default = "127.0.0.1:8200"; default = "127.0.0.1:8200";
@ -58,7 +66,7 @@ in
default = '' default = ''
tls_min_version = "tls12" tls_min_version = "tls12"
''; '';
description = "extra configuration"; description = "Extra text appended to the listener section.";
}; };
storageBackend = mkOption { storageBackend = mkOption {
@ -84,6 +92,12 @@ in
default = ""; default = "";
description = "Telemetry configuration"; description = "Telemetry configuration";
}; };
extraConfig = mkOption {
type = types.lines;
default = "";
description = "Extra text appended to <filename>vault.hcl</filename>.";
};
}; };
}; };
@ -122,7 +136,7 @@ in
User = "vault"; User = "vault";
Group = "vault"; Group = "vault";
PermissionsStartOnly = true; PermissionsStartOnly = true;
ExecStart = "${pkgs.vault}/bin/vault server -config ${configFile}"; ExecStart = "${cfg.package}/bin/vault server -config ${configFile}";
PrivateDevices = true; PrivateDevices = true;
PrivateTmp = true; PrivateTmp = true;
ProtectSystem = "full"; ProtectSystem = "full";