30 lines
647 B
Nix
30 lines
647 B
Nix
{ ... }:
|
|
{
|
|
services.openbao = {
|
|
enable = true;
|
|
|
|
settings = {
|
|
ui = true;
|
|
|
|
storage.file.path = "/var/lib/openbao";
|
|
listener.default = {
|
|
type = "tcp";
|
|
address = "0.0.0.0:8200";
|
|
tls_cert_file = "/run/credentials/openbao.service/cert.pem";
|
|
tls_key_file = "/run/credentials/openbao.service/key.pem";
|
|
};
|
|
listener.socket = {
|
|
type = "unix";
|
|
address = "/run/openbao/openbao.sock";
|
|
};
|
|
};
|
|
};
|
|
|
|
systemd.services.openbao.serviceConfig = {
|
|
LoadCredential = [
|
|
"key.pem:/var/lib/openbao/key.pem"
|
|
"cert.pem:/var/lib/openbao/cert.pem"
|
|
];
|
|
};
|
|
}
|