K3s did not work, add vault
This commit is contained in:
parent
e0a07970d6
commit
3caf4d3f10
GPG key ID:
AF241B0AA237BBA2
|
|
@ -70,13 +70,21 @@
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
k3s = {
|
vault = {
|
||||||
imports = [ ./machines/k3s ];
|
imports = [ ./machines/vault ];
|
||||||
deployment = {
|
deployment = {
|
||||||
targetHost = "k3s.lxd";
|
targetHost = "vault.lxd";
|
||||||
tags = [ "k3s" ];
|
tags = [ "website" "system" ];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
# k3s = {
|
||||||
|
# imports = [ ./machines/k3s ];
|
||||||
|
# deployment = {
|
||||||
|
# targetHost = "k3s.lxd";
|
||||||
|
# tags = [ "k3s" ];
|
||||||
|
# };
|
||||||
|
# };
|
||||||
};
|
};
|
||||||
|
|
||||||
devShells.x86_64-linux.default = pkgs.mkShell {
|
devShells.x86_64-linux.default = pkgs.mkShell {
|
||||||
|
|
|
||||||
|
|
@ -26,6 +26,15 @@
|
||||||
proxyWebsockets = true;
|
proxyWebsockets = true;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
virtualHosts."vault.asraphiel.dev" = {
|
||||||
|
forceSSL = true;
|
||||||
|
enableACME = true;
|
||||||
|
http2 = true;
|
||||||
|
locations."/" = {
|
||||||
|
proxyPass = "http://vault.lxd:8200/";
|
||||||
|
proxyWebsockets = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
};
|
};
|
||||||
security.acme.email = "acme@voidcorp.nl";
|
security.acme.email = "acme@voidcorp.nl";
|
||||||
security.acme.acceptTerms = true;
|
security.acme.acceptTerms = true;
|
||||||
|
|
|
||||||
|
|
@ -17,12 +17,17 @@
|
||||||
host all all 10.0.0.0/8 trust
|
host all all 10.0.0.0/8 trust
|
||||||
host all all fd42:14c:5baf:51ec:216:3eff:fe6e:32a7/96 trust
|
host all all fd42:14c:5baf:51ec:216:3eff:fe6e:32a7/96 trust
|
||||||
'';
|
'';
|
||||||
ensureDatabases = [ "gitea" ];
|
ensureDatabases = [ "gitea" "vault" ];
|
||||||
ensureUsers = [
|
ensureUsers = [
|
||||||
{
|
{
|
||||||
name = "gitea";
|
name = "gitea";
|
||||||
ensurePermissions = { "DATABASE \"gitea\"" = "ALL PRIVILEGES"; };
|
ensurePermissions = { "DATABASE \"gitea\"" = "ALL PRIVILEGES"; };
|
||||||
}
|
}
|
||||||
|
|
||||||
|
{
|
||||||
|
name = "vault";
|
||||||
|
ensurePermissions = { "DATABASE \"vault\"" = "ALL PRIVILEGES"; };
|
||||||
|
}
|
||||||
];
|
];
|
||||||
|
|
||||||
enableTCPIP = true;
|
enableTCPIP = true;
|
||||||
|
|
|
||||||
19
nixos/machines/vault/default.nix
Normal file
19
nixos/machines/vault/default.nix
Normal file
|
|
@ -0,0 +1,19 @@
|
||||||
|
{ config, pkgs, ... }: {
|
||||||
|
imports = [ ../../common ../../common/lxc.nix ];
|
||||||
|
networking.hostName = "vault";
|
||||||
|
system.stateVersion = "21.11";
|
||||||
|
networking.firewall.enable = true;
|
||||||
|
networking.firewall.allowedTCPPorts = [ 8200 ];
|
||||||
|
services.vault = {
|
||||||
|
enable = true;
|
||||||
|
address = "0.0.0.0:8200";
|
||||||
|
storageBackend = "postgresql";
|
||||||
|
storageConfig = ''
|
||||||
|
connection_url = "postgres://vault:x@postgres.lxd:5432/vault?sslmode=disable"
|
||||||
|
'';
|
||||||
|
extraConfig = ''
|
||||||
|
ui = true
|
||||||
|
disable_mlock = true
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
}
|
||||||
Loading…
Reference in a new issue