terraform: add nixos-exporter shared policy
Some checks failed
Run nix flake check / flake-check (push) Has been cancelled
Some checks failed
Run nix flake check / flake-check (push) Has been cancelled
- Create shared policy granting all hosts access to nixos-exporter nkey - Add policy to both manual and generated host AppRoles - Remove duplicate kanidm01/monitoring02 entries from hosts-generated.tf Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
@@ -33,18 +33,6 @@ locals {
|
||||
"secret/data/shared/homelab-deploy/*",
|
||||
]
|
||||
}
|
||||
"kanidm01" = {
|
||||
paths = [
|
||||
"secret/data/hosts/kanidm01/*",
|
||||
"secret/data/kanidm/*",
|
||||
]
|
||||
}
|
||||
"monitoring02" = {
|
||||
paths = [
|
||||
"secret/data/hosts/monitoring02/*",
|
||||
]
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
# Placeholder secrets - user should add actual secrets manually or via tofu
|
||||
@@ -74,7 +62,7 @@ resource "vault_approle_auth_backend_role" "generated_hosts" {
|
||||
|
||||
backend = vault_auth_backend.approle.path
|
||||
role_name = each.key
|
||||
token_policies = ["host-${each.key}", "homelab-deploy"]
|
||||
token_policies = ["host-${each.key}", "homelab-deploy", "nixos-exporter"]
|
||||
secret_id_ttl = 0 # Never expire (wrapped tokens provide time limit)
|
||||
token_ttl = 3600
|
||||
token_max_ttl = 3600
|
||||
|
||||
Reference in New Issue
Block a user