strato-infra/nixos/machines/vault/default.nix

{ config, pkgs, ... }: {
  imports = [ ../../common ../../common/lxc.nix ];
  networking.hostName = "vault";
  system.stateVersion = "21.11";
  networking.firewall.enable = true;
  networking.firewall.allowedTCPPorts = [ 8200 ];
  services.vault = {
    enable = true;
    address = "0.0.0.0:8200";
    storageBackend = "postgresql";
    storageConfig = ''
      connection_url = "postgres://vault:x@postgres.lxd:5432/vault?sslmode=disable"
    '';
    extraConfig = ''
      disable_mlock = true
    '';
  };
}