fixup! vault: implement bootstrap integration

terraform/vault/README.md

@@ -19,7 +19,7 @@ Manages the following OpenBao resources:
 
 2. **Edit `terraform.tfvars` with your OpenBao credentials:**
    ```hcl
-   vault_address         = "https://vault.home.2rjus.net:8200"
+   vault_address         = "https://vault01.home.2rjus.net:8200"
    vault_token           = "hvs.your-root-token-here"
    vault_skip_tls_verify = true
    ```
@@ -120,7 +120,7 @@ bao write pki_int/config/acme enabled=true
 
 ACME directory endpoint:
 ```
-https://vault.home.2rjus.net:8200/v1/pki_int/acme/directory
+https://vault01.home.2rjus.net:8200/v1/pki_int/acme/directory
 ```
 
 Use with ACME clients (lego, certbot, cert-manager, etc.):
@@ -128,7 +128,7 @@ Use with ACME clients (lego, certbot, cert-manager, etc.):
 # Example with lego
 lego --email admin@home.2rjus.net \
   --dns manual \
-  --server https://vault.home.2rjus.net:8200/v1/pki_int/acme/directory \
+  --server https://vault01.home.2rjus.net:8200/v1/pki_int/acme/directory \
   --accept-tos \
   run -d test.home.2rjus.net
 ```
@@ -239,18 +239,18 @@ After deploying this configuration, perform these one-time setup tasks:
 
 ### 1. Enable ACME
 ```bash
-export BAO_ADDR='https://vault.home.2rjus.net:8200'
+export BAO_ADDR='https://vault01.home.2rjus.net:8200'
 export BAO_TOKEN='your-root-token'
 export BAO_SKIP_VERIFY=1
 
 # Configure cluster path (required for ACME)
-bao write pki_int/config/cluster path=https://vault.home.2rjus.net:8200/v1/pki_int
+bao write pki_int/config/cluster path=https://vault01.home.2rjus.net:8200/v1/pki_int
 
 # Enable ACME on intermediate CA
 bao write pki_int/config/acme enabled=true
 
 # Verify ACME is enabled
-curl -k https://vault.home.2rjus.net:8200/v1/pki_int/acme/directory
+curl -k https://vault01.home.2rjus.net:8200/v1/pki_int/acme/directory
 ```
 
 ### 2. Download Root CA Certificate

terraform/vault/pki.tf

@@ -16,7 +16,7 @@
 #
 # 1. ACME (Automated Certificate Management Environment)
 #    - Services fetch certificates automatically using ACME protocol
-#    - ACME directory: https://vault.home.2rjus.net:8200/v1/pki_int/acme/directory
+#    - ACME directory: https://vault01.home.2rjus.net:8200/v1/pki_int/acme/directory
 #    - Enable ACME: bao write pki_int/config/acme enabled=true
 #    - Compatible with cert-manager, lego, certbot, etc.
 #
@@ -149,7 +149,7 @@ locals {
   static_certificates = {
     # Example: Issue a certificate for a specific service
     # "vault" = {
-    #   common_name = "vault.home.2rjus.net"
+    #   common_name = "vault01.home.2rjus.net"
     #   alt_names   = ["vault01.home.2rjus.net"]
     #   ip_sans     = ["10.69.13.19"]
     #   ttl         = "8760h"  # 1 year

terraform/vault/terraform.tfvars.example

@@ -1,6 +1,6 @@
 # Copy this file to terraform.tfvars and fill in your values
 # terraform.tfvars is gitignored to keep credentials safe
 
-vault_address         = "https://vault.home.2rjus.net:8200"
+vault_address         = "https://vault01.home.2rjus.net:8200"
 vault_token           = "hvs.XXXXXXXXXXXXXXXXXXXX"
 vault_skip_tls_verify = true

terraform/vault/variables.tf

@@ -1,7 +1,7 @@
 variable "vault_address" {
   description = "OpenBao server address"
   type        = string
-  default     = "https://vault.home.2rjus.net:8200"
+  default     = "https://vault01.home.2rjus.net:8200"
 }
 
 variable "vault_token" {