vault: implement bootstrap integration

terraform/vault/README.md

@@ -19,7 +19,7 @@ Manages the following OpenBao resources:
 
 2. **Edit `terraform.tfvars` with your OpenBao credentials:**
    ```hcl
-   vault_address         = "https://vault.home.2rjus.net:8200"
+   vault_address         = "https://vault01.home.2rjus.net:8200"
    vault_token           = "hvs.your-root-token-here"
    vault_skip_tls_verify = true
    ```
@@ -120,7 +120,7 @@ bao write pki_int/config/acme enabled=true
 
 ACME directory endpoint:
 ```
-https://vault.home.2rjus.net:8200/v1/pki_int/acme/directory
+https://vault01.home.2rjus.net:8200/v1/pki_int/acme/directory
 ```
 
 Use with ACME clients (lego, certbot, cert-manager, etc.):
@@ -128,7 +128,7 @@ Use with ACME clients (lego, certbot, cert-manager, etc.):
 # Example with lego
 lego --email admin@home.2rjus.net \
   --dns manual \
-  --server https://vault.home.2rjus.net:8200/v1/pki_int/acme/directory \
+  --server https://vault01.home.2rjus.net:8200/v1/pki_int/acme/directory \
   --accept-tos \
   run -d test.home.2rjus.net
 ```
@@ -239,18 +239,18 @@ After deploying this configuration, perform these one-time setup tasks:
 
 ### 1. Enable ACME
 ```bash
-export BAO_ADDR='https://vault.home.2rjus.net:8200'
+export BAO_ADDR='https://vault01.home.2rjus.net:8200'
 export BAO_TOKEN='your-root-token'
 export BAO_SKIP_VERIFY=1
 
 # Configure cluster path (required for ACME)
-bao write pki_int/config/cluster path=https://vault.home.2rjus.net:8200/v1/pki_int
+bao write pki_int/config/cluster path=https://vault01.home.2rjus.net:8200/v1/pki_int
 
 # Enable ACME on intermediate CA
 bao write pki_int/config/acme enabled=true
 
 # Verify ACME is enabled
-curl -k https://vault.home.2rjus.net:8200/v1/pki_int/acme/directory
+curl -k https://vault01.home.2rjus.net:8200/v1/pki_int/acme/directory
 ```
 
 ### 2. Download Root CA Certificate