torjus/nrec-ansible
1
0
Fork 0
Code Issues Pull Requests Releases Activity

Fix vault service file

Browse Source
This commit is contained in:
Torjus Håkestad 2022-01-11 15:33:19 +01:00
parent 1f89e315a0
commit 7ab3e82c38
2 changed files with 29 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
project/roles/vault/tasks/main.yml
View File

@ -6,6 +6,8 @@
notify:
- reload systemd
- meta: flush_handlers
- name: Ensure service is started
ansible.builtin.systemd:
state: started

27
project/roles/vault/templates/vault.service.j2
View File

@ -0,0 +1,27 @@
[Unit]
Description=Vault Container
After=docker.service
After=dockerdata.mount
Requires=docker.service
Requires=dockerdata.mount
[Service]
TimeoutStartSec=0
Restart=always
ExecStartPre=-/usr/bin/docker stop vault
ExecStartPre=-/usr/bin/docker rm vault
ExecStartPre=-/usr/bin/docker pull vault:latest
ExecStart=/usr/bin/docker run \
-e VAULT_DISABLE_MLOCK=true \
-e 'VAULT_LOCAL_CONFIG={"backend": {"file": {"path": "/vault/file"}}, "default_lease_ttl": "168h", "max_lease_ttl": "720h", "ui": "true"}' \
-e "VAULT_API_ADDR=https://vault.t-juice.club" \
-l "traefik.enable=true" \
-l "traefik.http.routers.vault.rule=Host(`vault.t-juice.club`)" \
-l "traefik.http.routers.vault.tls=true" \
-l "traefik.http.routers.vault.tls.certresolver=le" \
-v /dockerdata/vault:/vault/file \
--network proxy \
--name vault vault:latest server
[Install]
WantedBy=multi-user.target