From 7ab3e82c38f36f41fa7cc081b810f3fabfefbc00 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Torjus=20H=C3=A5kestad?= Date: Tue, 11 Jan 2022 15:33:19 +0100 Subject: [PATCH] Fix vault service file --- project/roles/vault/tasks/main.yml | 2 ++ .../roles/vault/templates/vault.service.j2 | 27 +++++++++++++++++++ 2 files changed, 29 insertions(+) diff --git a/project/roles/vault/tasks/main.yml b/project/roles/vault/tasks/main.yml index 22742d3..3a5f7a0 100644 --- a/project/roles/vault/tasks/main.yml +++ b/project/roles/vault/tasks/main.yml @@ -6,6 +6,8 @@ notify: - reload systemd +- meta: flush_handlers + - name: Ensure service is started ansible.builtin.systemd: state: started diff --git a/project/roles/vault/templates/vault.service.j2 b/project/roles/vault/templates/vault.service.j2 index e69de29..9e4a795 100644 --- a/project/roles/vault/templates/vault.service.j2 +++ b/project/roles/vault/templates/vault.service.j2 @@ -0,0 +1,27 @@ +[Unit] +Description=Vault Container +After=docker.service +After=dockerdata.mount +Requires=docker.service +Requires=dockerdata.mount + +[Service] +TimeoutStartSec=0 +Restart=always +ExecStartPre=-/usr/bin/docker stop vault +ExecStartPre=-/usr/bin/docker rm vault +ExecStartPre=-/usr/bin/docker pull vault:latest +ExecStart=/usr/bin/docker run \ + -e VAULT_DISABLE_MLOCK=true \ + -e 'VAULT_LOCAL_CONFIG={"backend": {"file": {"path": "/vault/file"}}, "default_lease_ttl": "168h", "max_lease_ttl": "720h", "ui": "true"}' \ + -e "VAULT_API_ADDR=https://vault.t-juice.club" \ + -l "traefik.enable=true" \ + -l "traefik.http.routers.vault.rule=Host(`vault.t-juice.club`)" \ + -l "traefik.http.routers.vault.tls=true" \ + -l "traefik.http.routers.vault.tls.certresolver=le" \ + -v /dockerdata/vault:/vault/file \ + --network proxy \ + --name vault vault:latest server + +[Install] +WantedBy=multi-user.target