more vault work

2025-03-23 11:13:19 -06:00
parent a1903f3ab9
commit 1c3277c497
3 changed files with 95 additions and 0 deletions
--- a/files/vault/Alpine/openrc
+++ b/files/vault/Alpine/openrc
@@ -0,0 +1,50 @@
+#!/sbin/openrc-run
+
+capabilities="cap_ipd_lock=+ep"
+command="/usr/local/bin/vault"
+command_group="vault"
+command_user="vault"
+
+# args
+config_args="-config=/etc/$RC_SVCNAME/config.hcl"
+log_file="-log-file=/var/log/$RC_SVCNAME/vault.log"
+log_format="-log-format=json"
+log_level="-log-level=info"
+log_rotate="-log-rotate-bytes=10000 -log-rotate-max-files=10"
+log_args="$log_file $log_format $log_level $log_rotate"
+command_args="server $config_args $log_args -non-interactive"
+
+depend() {
+  need net
+}
+
+start_pre() {
+  checkpath --directory \
+    --owner $command_user:$command_group \
+    --mode 0755 \
+    /run/$RC_SVCNAME /var/log/$RC_SVCNAME
+}
+
+start() {
+  ebegin "Starting $RC_SVCNAME"
+  start-stop-daemon --start \
+    --exec $command \
+    --capabilities $capabilities \
+    --make-pidfile \
+    --pidfile /var/run/$RC_SVCNAME.pid \
+    --user $command_user:$command_group \
+    -- \
+    $command_args
+
+  eend$?
+}
+
+stop() {
+  ebegin "Stopping $RC_SVCNAME"
+  start-stop-daemon --stop \
+    --exec $command \
+    --pidfile /var/run/$RC_SVCNAME.pid
+
+  eend $?
+}
+# vim: set filetype=sh :
--- a/files/vault/config.hcl
+++ b/files/vault/config.hcl
@@ -0,0 +1,9 @@
+ui = {{ ui | default(true) }}
+cluster_addr = "https://{{ ansible_default_ipv4.address }}:{{ cluster_port | default('8201') }}"
+api_addr = "https://{{ansible_default_ipv4.address }}:{{ api_port | default('8200') }}"
+disable_mlock = {{ disable_mlock | default(true) }}
+
+storage "raft" {
+  path = "{{ raft_path | default('/var/lib/vault/data') }}"
+  node_id = "{{ raft_node_id | default(ansible_hostname) }}"
+}