feat(vault): add a HashiCorp Vault role

2024-06-26 00:00:00 +00:00 · 2024-06-26 00:00:00 +00:00 · ddf406fd37
commit ddf406fd37
parent 688bdae6a1
17 changed files with 477 additions and 0 deletions
--- a/collections/ansible_collections/nullified/infrastructure/roles/vault/templates/config.hcl.j2
+++ b/collections/ansible_collections/nullified/infrastructure/roles/vault/templates/config.hcl.j2
@ -0,0 +1,18 @@
+{%- if not hc_vault_server_config %}
+ui = {% if hc_vault_enable_ui %}true{% else %}false{% endif +%}
+disable_mlock = false
+
+storage "file" {
+  path = "{{ hc_vault_root_dir }}/data"
+}
+
+# HTTPS listener
+listener "tcp" {
+  address         = "0.0.0.0:8200"
+  tls_cert_file   = "{{ hc_vault_root_dir }}/tls/tls.cert"
+  tls_key_file    = "{{ hc_vault_root_dir }}/tls/tls.key"
+  tls_min_version = "tls13"
+}
+{%- else %}
+{{ hc_vault_server_config }}
+{% endif %}