fixup! vault: implement bootstrap integration

2026-02-02 22:59:46 +01:00
parent 1f4b7a6cbc
commit 1ae0e67e80
7 changed files with 150 additions and 2 deletions
--- a/terraform/variables.tf
+++ b/terraform/variables.tf
@@ -33,7 +33,8 @@ variable "default_target_node" {
 variable "default_template_name" {
  description = "Default template VM name to clone from"
  type        = string
-  default     = "nixos-25.11.20260128.fa83fd8"
+  # default     = "nixos-25.11.20260128.fa83fd8"
+  default     = "nixos-25.11.20260131.41e21c"
 }

 variable "default_ssh_public_key" {
--- a/terraform/vault/hosts-generated.tf
+++ b/terraform/vault/hosts-generated.tf
@@ -5,6 +5,12 @@
 # Each host gets access to its own secrets under hosts/<hostname>/*
 locals {
  generated_host_policies = {
+    "vaulttest01" = {
+      paths = [
+        "secret/data/hosts/vaulttest01/*",
+      ]
+    }
+  
  }

  # Placeholder secrets - user should add actual secrets manually or via tofu
--- a/terraform/vault/secrets.tf
+++ b/terraform/vault/secrets.tf
@@ -46,7 +46,11 @@ locals {
      auto_generate   = true
      password_length = 24
    }
-
+    # TODO: Remove after testing
+    "hosts/vaulttest01/test-service" = {
+      auto_generate = true
+      password_length = 24
+    }
  }
 }

--- a/terraform/vms.tf
+++ b/terraform/vms.tf
@@ -45,6 +45,12 @@ locals {
      disk_size    = "20G"
      flake_branch = "vault-setup" # Bootstrap from this branch instead of master
    }
+    "vaulttest01" = {
+      ip        = "10.69.13.150/24"
+      cpu_cores = 2
+      memory    = 2048
+      disk_size = "20G"
+    }
  }

  # Compute VM configurations with defaults applied