mirror of
https://git.sr.ht/~magic_rb/dotfiles
synced 2024-11-25 17:46:14 +01:00
9b1c305c3b
Signed-off-by: Magic_RB <magic_rb@redalder.org>
74 lines
1.9 KiB
Nix
74 lines
1.9 KiB
Nix
{ tflib, config, ... }:
|
|
let
|
|
inherit (tflib)
|
|
tf;
|
|
|
|
paths.consul = {
|
|
encryption_key = "do-1/toothpick/consul/encryption_key";
|
|
agent_token = "do-1/toothpick/consul/agent_token";
|
|
anonymous_token = "do-1/toothpick/consul/anonymous_token";
|
|
replication_token = "do-1/toothpick/consul/replication_token";
|
|
};
|
|
|
|
paths.nomad = {
|
|
encryption_key = "do-1/toothpick/nomad/encryption_key";
|
|
vault_token = "do-1/toothpick/nomad/vault_token";
|
|
consul_token = "do-1/toothpick/nomad/consul_token";
|
|
replication_token = "do-1/toothpick/nomad/replication_token";
|
|
};
|
|
|
|
vaultKvMount = config.resource."vault_mount"."kv".path;
|
|
in
|
|
{
|
|
prefab.consulAgent."toothpick" = {
|
|
datacenter = "do-1";
|
|
replicationDatacenters = [ "homelab-1" ];
|
|
|
|
inherit vaultKvMount;
|
|
|
|
paths = {
|
|
encryptionKey = paths.consul.encryption_key;
|
|
agentToken = paths.consul.agent_token;
|
|
anonymousToken = paths.consul.anonymous_token;
|
|
replicationToken = paths.consul.replication_token;
|
|
};
|
|
encryptionKey = tf "random_id.do-1_consul_encryption_key.b64_std";
|
|
|
|
anonymousToken = {
|
|
secret = tf "data.consul_acl_token_secret_id.anonymous.secret_id";
|
|
accessor = tf "consul_acl_token.anonymous.id";
|
|
};
|
|
};
|
|
|
|
prefab.nomadServer."toothpick" = {
|
|
datacenters = [ "do-1" ];
|
|
|
|
inherit vaultKvMount;
|
|
|
|
encryptionKey = tf "random_id.nomad_encryption_key.b64_std";
|
|
|
|
paths = {
|
|
encryptionKey = paths.nomad.encryption_key;
|
|
vaultToken = paths.nomad.vault_token;
|
|
consulToken = paths.nomad.consul_token;
|
|
replicationToken = paths.nomad.replication_token;
|
|
};
|
|
};
|
|
|
|
prefab.pushApproles."toothpick" = {
|
|
host = "10.64.0.1";
|
|
user = "main";
|
|
|
|
policies = [
|
|
(tf "vault_policy.toothpick_consul.name")
|
|
(tf "vault_policy.toothpick_nomad.name")
|
|
];
|
|
|
|
metadata = {
|
|
"ip_address" = "redalder.org";
|
|
};
|
|
|
|
approlePath = tf "vault_auth_backend.approle.path";
|
|
};
|
|
}
|