2022-12-04 13:45:43 +00:00
|
|
|
{pkgs, ...}: {
|
|
|
|
|
services.vault = {
|
|
|
|
|
enable = true;
|
|
|
|
|
package = pkgs.vault-bin;
|
|
|
|
|
address = "127.0.0.1:8200";
|
|
|
|
|
storageBackend = "file";
|
|
|
|
|
extraConfig = ''
|
|
|
|
|
ui = true
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
services.nginx.virtualHosts."vault.owo.monster" = {
|
|
|
|
|
forceSSL = true;
|
|
|
|
|
enableACME = true;
|
2023-09-20 18:04:33 +01:00
|
|
|
locations = {
|
|
|
|
|
"/".proxyPass = "http://127.0.0.1:8200";
|
|
|
|
|
};
|
2022-12-04 13:45:43 +00:00
|
|
|
};
|
2023-10-07 10:57:15 +01:00
|
|
|
|
|
|
|
|
security.acme.certs."vault.genderfucked.monster" = {
|
|
|
|
|
server = "https://internal-ca.genderfucked.monster:8443/acme/acme/directory";
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
services.nginx.virtualHosts."vault.genderfucked.monster" = {
|
|
|
|
|
forceSSL = true;
|
|
|
|
|
enableACME = true;
|
|
|
|
|
locations = {
|
|
|
|
|
"/".proxyPass = "http://127.0.0.1:8200";
|
|
|
|
|
};
|
|
|
|
|
};
|
2022-12-04 13:45:43 +00:00
|
|
|
}
|
