26 lines
875 B
Nix
26 lines
875 B
Nix
# This should go into the setup of the vault server itself, as the vault server also needs stuff that depends on this.
|
|
{
|
|
khscodes.infrastructure.vault-loki-sender = {
|
|
terranixBackendName = "\${ vault_mount.loki-mtls.path }";
|
|
};
|
|
khscodes.infrastructure.provisioning.post.modules = [
|
|
(
|
|
{ config, ... }:
|
|
{
|
|
khscodes.vault.enable = true;
|
|
khscodes.vault.mount.loki-mtls = {
|
|
type = "pki";
|
|
path = "loki-mtls";
|
|
max_lease_ttl_seconds = 10 * 365 * 24 * 60 * 60;
|
|
default_lease_ttl_seconds = 60 * 60;
|
|
};
|
|
khscodes.vault.pki_secret_backend_root_cert.loki-mtls = {
|
|
backend = config.khscodes.vault.output.mount.loki-mtls.path;
|
|
type = "internal";
|
|
common_name = "loki.kaareskovgaard.net";
|
|
issuer_name = "loki-mtls-root-ca";
|
|
};
|
|
}
|
|
)
|
|
];
|
|
}
|