forked from mirrors/nixpkgs
vault: services.vault.storagePath for the file backend
This commit is contained in:
parent
ca16df17bd
commit
68bf28adaf
|
@ -16,7 +16,8 @@ let
|
||||||
${cfg.listenerExtraConfig}
|
${cfg.listenerExtraConfig}
|
||||||
}
|
}
|
||||||
storage "${cfg.storageBackend}" {
|
storage "${cfg.storageBackend}" {
|
||||||
${cfg.storageConfig}
|
${optionalString (cfg.storagePath != null) ''path = "${cfg.storagePath}"''}
|
||||||
|
${optionalString (cfg.storageConfig != null) cfg.storageConfig}
|
||||||
}
|
}
|
||||||
${optionalString (cfg.telemetryConfig != "") ''
|
${optionalString (cfg.telemetryConfig != "") ''
|
||||||
telemetry {
|
telemetry {
|
||||||
|
@ -61,18 +62,21 @@ in
|
||||||
};
|
};
|
||||||
|
|
||||||
storageBackend = mkOption {
|
storageBackend = mkOption {
|
||||||
type = types.enum ["inmem" "inmem_transactional" "inmem_ha" "inmem_transactional_ha" "file_transactional" "consul" "zookeeper" "file" "s3" "azure" "dynamodb" "etcd" "mssql" "mysql" "postgresql" "swift" "gcs"];
|
type = types.enum [ "inmem" "file" "consul" "zookeeper" "s3" "azure" "dynamodb" "etcd" "mssql" "mysql" "postgresql" "swift" "gcs" ];
|
||||||
default = "inmem";
|
default = "inmem";
|
||||||
description = "The name of the type of storage backend";
|
description = "The name of the type of storage backend";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
storagePath = mkOption {
|
||||||
|
type = types.nullOr types.path;
|
||||||
|
default = if cfg.storageBackend == "file" then "/var/lib/vault" else null;
|
||||||
|
description = "Data directory for file backend";
|
||||||
|
};
|
||||||
|
|
||||||
storageConfig = mkOption {
|
storageConfig = mkOption {
|
||||||
type = types.lines;
|
type = types.nullOr types.lines;
|
||||||
|
default = null;
|
||||||
description = "Storage configuration";
|
description = "Storage configuration";
|
||||||
default = if (cfg.storageBackend == "file" || cfg.storageBackend == "file_transactional") then ''
|
|
||||||
path = "/var/lib/vault"
|
|
||||||
'' else ''
|
|
||||||
'';
|
|
||||||
};
|
};
|
||||||
|
|
||||||
telemetryConfig = mkOption {
|
telemetryConfig = mkOption {
|
||||||
|
@ -83,18 +87,15 @@ in
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
config = let
|
config = mkIf cfg.enable {
|
||||||
localDir = if (cfg.storageBackend == "file" || cfg.storageBackend == "file_transactional") then
|
assertions = [
|
||||||
let
|
{ assertion = cfg.storageBackend == "inmem" -> (cfg.storagePath == null && cfg.storageConfig == null);
|
||||||
matched = builtins.match ''.*path[ ]*=[ ]*"([^"]+)".*'' (toString cfg.storageConfig);
|
message = ''The "inmem" storage expects no services.vault.storagePath nor services.vault.storageConfig'';
|
||||||
in
|
}
|
||||||
if matched == null then
|
{ assertion = (cfg.storageBackend == "file" -> (cfg.storagePath != null && cfg.storageConfig == null)) && (cfg.storagePath != null -> cfg.storageBackend == "file");
|
||||||
throw ''`storageBackend` "${cfg.storageBackend}" requires path in `storageConfig`''
|
message = ''You must set services.vault.storagePath only when using the "file" backend'';
|
||||||
else
|
}
|
||||||
head matched
|
];
|
||||||
else
|
|
||||||
null;
|
|
||||||
in mkIf cfg.enable {
|
|
||||||
|
|
||||||
users.extraUsers.vault = {
|
users.extraUsers.vault = {
|
||||||
name = "vault";
|
name = "vault";
|
||||||
|
@ -111,8 +112,8 @@ in
|
||||||
after = [ "network.target" ]
|
after = [ "network.target" ]
|
||||||
++ optional (config.services.consul.enable && cfg.storageBackend == "consul") "consul.service";
|
++ optional (config.services.consul.enable && cfg.storageBackend == "consul") "consul.service";
|
||||||
|
|
||||||
preStart = optionalString (localDir != null) ''
|
preStart = optionalString (cfg.storagePath != null) ''
|
||||||
install -d -m0700 -o vault -g vault "${localDir}"
|
install -d -m0700 -o vault -g vault "${cfg.storagePath}"
|
||||||
'';
|
'';
|
||||||
|
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
|
@ -133,7 +134,7 @@ in
|
||||||
StartLimitBurst = 3;
|
StartLimitBurst = 3;
|
||||||
};
|
};
|
||||||
|
|
||||||
unitConfig.RequiresMountsFor = optional (localDir != null) localDir;
|
unitConfig.RequiresMountsFor = optional (cfg.storagePath != null) cfg.storagePath;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue