feat(vault): add a HashiCorp Vault role

2024-06-26 00:00:00 +00:00 · 2024-06-26 00:00:00 +00:00 · ddf406fd37
commit ddf406fd37
parent 688bdae6a1
17 changed files with 477 additions and 0 deletions
--- a/collections/ansible_collections/nullified/infrastructure/roles/vault/tasks/security.yml
+++ b/collections/ansible_collections/nullified/infrastructure/roles/vault/tasks/security.yml
@ -0,0 +1,14 @@
+---
+- name: install firewall rules
+  become: true
+  ansible.builtin.template:
+    src: ../templates/vault.nft.j2
+    dest: /etc/nftables.d/vault.nft
+    mode: '0600'
+    owner: root
+    group: root
+  vars:
+    firewall_lb_ips: '{{ hc_vault_security_lb_ips | default({}, True) }}'
+    firewall_cluster_nodes_ips: '{{ hc_vault_security_cluster_nodes | default({}, True) }}'
+  notify:
+    - 'vault : load firewall rules'