more vault work

2025-03-23 11:13:19 -06:00
parent a1903f3ab9
commit 1c3277c497
3 changed files with 95 additions and 0 deletions
--- a/tasks/pkgs/vault.yml
+++ b/tasks/pkgs/vault.yml
@@ -36,6 +36,42 @@
      ansible.builtin.set_fact:
        pkg_archive: "{{ pkg_archive + ['vault'] }}"

+    - name: Create group for vault
+      become: true
+      when:
+        - ansible_os_family == 'Alpine'
+      ansible.builtin.group:
+        name: vault
+        system: true
+        state: present
+
+    - name: Create user for vault
+      become: true
+      when:
+        - ansible_os_family == 'Alpine'
+      ansible.builtin.user:
+        comment: hashicorp vault user
+        generate_ssh_key: true
+        home: /var/lib/vault
+        name: vault
+        group: vault
+        ssh_key_file: .ssh/id_ed25519
+        ssh_key_type: ed25519
+        state: present
+        system: true
+
+    - name: Install vault openrc script
+      become: true
+      when:
+        - ansible_os_family == 'Alpine'
+      ansible.builtin.copy:
+        backup: false
+        dest: /etc/init.d/vault
+        owner: root
+        group: root
+        mode: '0755'
+        src: vault/Alpine/openrc
+
    - name: Set vault_configured
      ansible.builtin.set_fact:
        vault_configured: true