diff options
author | Daiderd Jordan <daiderd@gmail.com> | 2018-08-09 23:22:53 +0200 |
---|---|---|
committer | Daiderd Jordan <daiderd@gmail.com> | 2018-08-09 23:22:53 +0200 |
commit | d113c02563a531622c782392357004dcb87dd69e (patch) | |
tree | 49bf1f893d19485820c023af2b526048492c6ff9 /nixos | |
parent | 3dbdc64abdad3e5beb929cd895fa17e9dba0c678 (diff) | |
download | nixlib-d113c02563a531622c782392357004dcb87dd69e.tar nixlib-d113c02563a531622c782392357004dcb87dd69e.tar.gz nixlib-d113c02563a531622c782392357004dcb87dd69e.tar.bz2 nixlib-d113c02563a531622c782392357004dcb87dd69e.tar.lz nixlib-d113c02563a531622c782392357004dcb87dd69e.tar.xz nixlib-d113c02563a531622c782392357004dcb87dd69e.tar.zst nixlib-d113c02563a531622c782392357004dcb87dd69e.zip |
services-vault: make package configurable and add extraConfig option
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/modules/services/security/vault.nix | 22 |
1 files changed, 18 insertions, 4 deletions
diff --git a/nixos/modules/services/security/vault.nix b/nixos/modules/services/security/vault.nix index 47c70cf0687b..0b28bc894458 100644 --- a/nixos/modules/services/security/vault.nix +++ b/nixos/modules/services/security/vault.nix @@ -1,6 +1,7 @@ { config, lib, pkgs, ... }: with lib; + let cfg = config.services.vault; @@ -24,15 +25,22 @@ let ${cfg.telemetryConfig} } ''} + ${cfg.extraConfig} ''; in + { options = { - services.vault = { - enable = mkEnableOption "Vault daemon"; + package = mkOption { + type = types.package; + default = pkgs.vault; + defaultText = "pkgs.vault"; + description = "This option specifies the vault package to use."; + }; + address = mkOption { type = types.str; default = "127.0.0.1:8200"; @@ -58,7 +66,7 @@ in default = '' tls_min_version = "tls12" ''; - description = "extra configuration"; + description = "Extra text appended to the listener section."; }; storageBackend = mkOption { @@ -84,6 +92,12 @@ in default = ""; description = "Telemetry configuration"; }; + + extraConfig = mkOption { + type = types.lines; + default = ""; + description = "Extra text appended to <filename>vault.hcl</filename>."; + }; }; }; @@ -122,7 +136,7 @@ in User = "vault"; Group = "vault"; PermissionsStartOnly = true; - ExecStart = "${pkgs.vault}/bin/vault server -config ${configFile}"; + ExecStart = "${cfg.package}/bin/vault server -config ${configFile}"; PrivateDevices = true; PrivateTmp = true; ProtectSystem = "full"; |