vault

2024-11-05 15:36:23 +01:00 · 2023-05-22 19:02:49 +02:00 · 2023-05-22 19:02:49 +02:00 · ad663f501e
parent 928f970d55
commit ad663f501e
3 changed files with 25 additions and 1 deletions
--- a/flake.nix
+++ b/flake.nix
@ -15,7 +15,8 @@
      hostPkgs = import nixpkgs { system = "x86_64-linux"; };
    in {
      devShell."x86_64-linux" = with hostPkgs; mkShell {
-        buildInputs = [ colmena ];
+        buildInputs = [ colmena vault ];
        VAULT_ADDR = "https://hc-vault.katzen.cafe";
      };
      colmena = {
        meta = {
@ -50,6 +51,7 @@
            ./modules/mumble.nix
            ./modules/modded-mc.nix
            #./modules/prosody.nix
            ./modules/vault.nix
          ];
          system.stateVersion = "22.11";
--- a/modules/proxy.nix
+++ b/modules/proxy.nix
@ -35,6 +35,10 @@
        group = "murmur";
        keyType = "rsa4096";
      };
      "hc-vault.katzen.cafe" = {
        group = "nginx";
        keyType = "rsa4096";
      };
      # "prosody.katzen.cafe" = {
      #   group = "prosody";
      #   keyType = "rsa4096";
@ -110,6 +114,13 @@
          proxyPass = "http://127.0.0.2:8081";
        };
      };
      "hc-vault.katzen.cafe" = {
        forceSSL = true;
        enableACME = true;
        locations."/" = {
          proxyPass = "http://127.0.0.1:8200";
        };
      };
    };
  };
 }
--- a/modules/vault.nix
+++ b/modules/vault.nix
@ -0,0 +1,11 @@
 { pkgs, ... }:
 {
  services.vault = {
    enable = true;
    package = pkgs.vault-bin;
    storageBackend = "file";
    extraConfig = ''
      ui = true
    '';
  };
 }