torjus/nixos-servers
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity

system: enable homelab-deploy listener for all vault hosts

Browse Source 
Add system/homelab-deploy.nix module that automatically enables the
listener on all hosts with vault.enable=true. Uses homelab.host.tier
and homelab.host.role for NATS subject subscriptions.

- Add homelab-deploy access to all host AppRole policies
- Remove manual listener config from vaulttest01 (now handled by system module)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
Torjus Håkestad
2026-02-07 06:41:03 +01:00
parent 13c3897e86
commit 7933127d77
4 changed files with 41 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
terraform/vault/approle.tf
View File

@@ -30,6 +30,7 @@ locals {
paths = [
"secret/data/hosts/ha1/*",
"secret/data/shared/backup/*",
"secret/data/shared/homelab-deploy/*",
]
}
@@ -38,6 +39,7 @@ locals {
"secret/data/hosts/monitoring01/*",
"secret/data/shared/backup/*",
"secret/data/shared/nats/*",
"secret/data/shared/homelab-deploy/*",
]
extra_policies = ["prometheus-metrics"]
}
@@ -46,18 +48,21 @@ locals {
"nats1" = {
paths = [
"secret/data/hosts/nats1/*",
"secret/data/shared/homelab-deploy/*",
]
}
"jelly01" = {
paths = [
"secret/data/hosts/jelly01/*",
"secret/data/shared/homelab-deploy/*",
]
}
"pgdb1" = {
paths = [
"secret/data/hosts/pgdb1/*",
"secret/data/shared/homelab-deploy/*",
]
}
@@ -66,6 +71,7 @@ locals {
paths = [
"secret/data/hosts/ns1/*",
"secret/data/shared/dns/*",
"secret/data/shared/homelab-deploy/*",
]
}
@@ -73,6 +79,7 @@ locals {
paths = [
"secret/data/hosts/ns2/*",
"secret/data/shared/dns/*",
"secret/data/shared/homelab-deploy/*",
]
}
@@ -80,6 +87,7 @@ locals {
"http-proxy" = {
paths = [
"secret/data/hosts/http-proxy/*",
"secret/data/shared/homelab-deploy/*",
]
}
@@ -87,10 +95,10 @@ locals {
"nix-cache01" = {
paths = [
"secret/data/hosts/nix-cache01/*",
"secret/data/shared/homelab-deploy/*",
]
}
# Vault test host with homelab-deploy access
"vaulttest01" = {
paths = [
"secret/data/hosts/vaulttest01/*",