Merge pull request #44848 from LnL7/vault-options

nixos/vault: make package configurable
This commit is contained in:
Sarah Brofeldt 2018-08-10 09:48:07 +02:00 committed by GitHub
commit ddde09d4f8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -1,6 +1,7 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.vault;
@ -24,15 +25,22 @@ let
${cfg.telemetryConfig}
}
''}
${cfg.extraConfig}
'';
in
{
options = {
services.vault = {
enable = mkEnableOption "Vault daemon";
package = mkOption {
type = types.package;
default = pkgs.vault;
defaultText = "pkgs.vault";
description = "This option specifies the vault package to use.";
};
address = mkOption {
type = types.str;
default = "127.0.0.1:8200";
@ -58,7 +66,7 @@ in
default = ''
tls_min_version = "tls12"
'';
description = "extra configuration";
description = "Extra text appended to the listener section.";
};
storageBackend = mkOption {
@ -84,6 +92,12 @@ in
default = "";
description = "Telemetry configuration";
};
extraConfig = mkOption {
type = types.lines;
default = "";
description = "Extra text appended to <filename>vault.hcl</filename>.";
};
};
};
@ -122,7 +136,7 @@ in
User = "vault";
Group = "vault";
PermissionsStartOnly = true;
ExecStart = "${pkgs.vault}/bin/vault server -config ${configFile}";
ExecStart = "${cfg.package}/bin/vault server -config ${configFile}";
PrivateDevices = true;
PrivateTmp = true;
ProtectSystem = "full";