tangled.org
Tangled infrastructure definitions in Nix
spindle unholiness
Signed-off-by: oppiliappan <me@oppi.li>
oppi.li
+9
hosts/nixery/services/openbao/openbao.nix
+9
hosts/nixery/services/openbao/openbao.nix
···
1
+
{ config, pkgs, lib, ... }:
1
2
{
2
3
# Create openbao user and group
3
4
users.groups.openbao = {};
···
8
9
home = "/var/lib/openbao";
9
10
createHome = true;
10
11
description = "OpenBao service user";
12
+
};
13
+
14
+
systemd.services.openbao = {
15
+
serviceConfig = {
16
+
DynamicUser = lib.mkForce false;
17
+
User = "openbao";
18
+
Group = "openbao";
19
+
};
11
20
};
12
21
13
22
services.openbao = {
+12
-12
hosts/nixery/services/openbao/proxy.nix
+12
-12
hosts/nixery/services/openbao/proxy.nix
···
83
83
'';
84
84
85
85
# Create necessary directories and files
86
-
# systemd.tmpfiles.rules = [
87
-
# # Directories
88
-
# "d /var/lib/openbao 0755 root root -"
89
-
# "d /var/lib/openbao/cache 0755 root root -"
90
-
# "d /var/log/openbao 0755 root root -"
91
-
# "d /etc/openbao 0755 root root -"
86
+
systemd.tmpfiles.rules = [
87
+
# Directories
88
+
"d /var/lib/openbao 0755 root root -"
89
+
"d /var/lib/openbao/cache 0755 root root -"
90
+
"d /var/log/openbao 0755 root root -"
91
+
"d /etc/openbao 0755 root root -"
92
92
93
-
# # Credential files (content must be populated externally)
94
-
# "f /etc/openbao/role-id 0600 root root -"
95
-
# "f /etc/openbao/secret-id 0600 root root -"
93
+
# Credential files (content must be populated externally)
94
+
"f /etc/openbao/role-id 0600 root root -"
95
+
"f /etc/openbao/secret-id 0600 root root -"
96
96
97
-
# # Configuration file
98
-
# "f /etc/openbao/proxy.hcl 0644 root root -"
99
-
# ];
97
+
# Configuration file
98
+
"f /etc/openbao/proxy.hcl 0644 root root -"
99
+
];
100
100
}