torjus/nixos-servers
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity

fixup! vault: implement bootstrap integration

Browse Source
This commit is contained in:
Torjus Håkestad
2026-02-03 00:26:43 +01:00
parent 6638f2e818
commit 092f02b2ba
12 changed files with 25 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
docs/vault-bootstrap-implementation.md
View File

@@ -37,7 +37,7 @@ Phase 4d implements automatic Vault/OpenBao integration for new NixOS hosts, ena
│ Cloud-init (VM Provisioning) │
│ │
│ /etc/environment: │
│ VAULT_ADDR=https://vault.home.2rjus.net:8200 │
│ VAULT_ADDR=https://vault01.home.2rjus.net:8200 │
│ VAULT_WRAPPED_TOKEN=hvs.CAES... │
│ VAULT_SKIP_VERIFY=1 │
└─────────────────────────────────────────────────────────────┘
@@ -117,7 +117,7 @@ vault-fetch hosts/monitoring01/grafana /run/secrets/grafana
```
**Environment Variables**:
- `VAULT_ADDR`: Vault server (default: https://vault.home.2rjus.net:8200)
- `VAULT_ADDR`: Vault server (default: https://vault01.home.2rjus.net:8200)
- `VAULT_SKIP_VERIFY`: Skip TLS verification (default: 1)
**Error Handling**:
@@ -237,7 +237,7 @@ fi
write_files:
- path: /etc/environment
content: |
VAULT_ADDR=https://vault.home.2rjus.net:8200
VAULT_ADDR=https://vault01.home.2rjus.net:8200
VAULT_WRAPPED_TOKEN=${vault_wrapped_token}
VAULT_SKIP_VERIFY=1
```

6
docs/vault-bootstrap-testing.md
View File

@@ -6,7 +6,7 @@ This guide walks through testing the complete Vault bootstrap workflow implement
Before testing, ensure:
1. **Vault server is running**: vault01 (vault.home.2rjus.net:8200) is accessible
1. **Vault server is running**: vault01 (vault01.home.2rjus.net:8200) is accessible
2. **Vault access**: You have a Vault token with admin permissions (set `BAO_TOKEN` env var)
3. **Terraform installed**: OpenTofu is available in your PATH
4. **Git repository clean**: All Phase 4d changes are committed to a branch
@@ -172,7 +172,7 @@ tofu apply
**Verify the secret exists:**
```bash
export VAULT_ADDR=https://vault.home.2rjus.net:8200
export VAULT_ADDR=https://vault01.home.2rjus.net:8200
export VAULT_SKIP_VERIFY=1
vault kv get secret/hosts/vaulttest01/test-service
@@ -227,7 +227,7 @@ systemctl status vault-secret-test-service.service
journalctl -u vault-secret-test-service.service
# Should show successful secret fetch:
# [vault-fetch] Authenticating to Vault at https://vault.home.2rjus.net:8200
# [vault-fetch] Authenticating to Vault at https://vault01.home.2rjus.net:8200
# [vault-fetch] Successfully authenticated to Vault
# [vault-fetch] Fetching secret from path: hosts/vaulttest01/test-service
# [vault-fetch] Writing secrets to /run/secrets/test-service