diff options
author | Sarah Brofeldt <sbrofeldt@gmail.com> | 2018-08-10 09:48:07 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-08-10 09:48:07 +0200 |
commit | ddde09d4f840dcc10ef31b4ffa10d2284ecd3b82 (patch) | |
tree | 534e4a402164e8cec67c7608530b91a712e53671 /nixos | |
parent | 6044c12bea9c1e80d5aec85fe0bbed9a7ed335b3 (diff) | |
parent | d113c02563a531622c782392357004dcb87dd69e (diff) | |
download | nixlib-ddde09d4f840dcc10ef31b4ffa10d2284ecd3b82.tar nixlib-ddde09d4f840dcc10ef31b4ffa10d2284ecd3b82.tar.gz nixlib-ddde09d4f840dcc10ef31b4ffa10d2284ecd3b82.tar.bz2 nixlib-ddde09d4f840dcc10ef31b4ffa10d2284ecd3b82.tar.lz nixlib-ddde09d4f840dcc10ef31b4ffa10d2284ecd3b82.tar.xz nixlib-ddde09d4f840dcc10ef31b4ffa10d2284ecd3b82.tar.zst nixlib-ddde09d4f840dcc10ef31b4ffa10d2284ecd3b82.zip |
Merge pull request #44848 from LnL7/vault-options
nixos/vault: make package configurable
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/modules/services/security/vault.nix | 22 |
1 files changed, 18 insertions, 4 deletions
diff --git a/nixos/modules/services/security/vault.nix b/nixos/modules/services/security/vault.nix index 47c70cf0687b..0b28bc894458 100644 --- a/nixos/modules/services/security/vault.nix +++ b/nixos/modules/services/security/vault.nix @@ -1,6 +1,7 @@ { config, lib, pkgs, ... }: with lib; + let cfg = config.services.vault; @@ -24,15 +25,22 @@ let ${cfg.telemetryConfig} } ''} + ${cfg.extraConfig} ''; in + { options = { - services.vault = { - enable = mkEnableOption "Vault daemon"; + package = mkOption { + type = types.package; + default = pkgs.vault; + defaultText = "pkgs.vault"; + description = "This option specifies the vault package to use."; + }; + address = mkOption { type = types.str; default = "127.0.0.1:8200"; @@ -58,7 +66,7 @@ in default = '' tls_min_version = "tls12" ''; - description = "extra configuration"; + description = "Extra text appended to the listener section."; }; storageBackend = mkOption { @@ -84,6 +92,12 @@ in default = ""; description = "Telemetry configuration"; }; + + extraConfig = mkOption { + type = types.lines; + default = ""; + description = "Extra text appended to <filename>vault.hcl</filename>."; + }; }; }; @@ -122,7 +136,7 @@ in User = "vault"; Group = "vault"; PermissionsStartOnly = true; - ExecStart = "${pkgs.vault}/bin/vault server -config ${configFile}"; + ExecStart = "${cfg.package}/bin/vault server -config ${configFile}"; PrivateDevices = true; PrivateTmp = true; ProtectSystem = "full"; |