public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

create directory only for "file" storage

Browse Source
This commit is contained in:
Volth 2017-06-27 19:32:11 +00:00
parent 4c428b4a6f
commit d016ef1f5b
1 changed files with 17 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
nixos/modules/services/security/vault.nix
View File

@ -57,7 +57,7 @@ in
}; };
storageBackend = mkOption { storageBackend = mkOption {
type = types.enum ["inmem" "consul" "zookeeper" "file" "s3" "azure" "dynamodb" "etcd" "mssql" "mysql" "postgresql" "swift" "gcs"]; type = types.enum ["inmem" "inmem_transactional" "inmem_ha" "inmem_transactional_ha" "file_transactional" "consul" "zookeeper" "file" "s3" "azure" "dynamodb" "etcd" "mssql" "mysql" "postgresql" "swift" "gcs"];
default = "inmem"; default = "inmem";
description = "The name of the type of storage backend"; description = "The name of the type of storage backend";
}; };
@ -65,7 +65,10 @@ in
storageConfig = mkOption { storageConfig = mkOption {
type = types.lines; type = types.lines;
description = "Storage configuration"; description = "Storage configuration";
default = ""; default = if (cfg.storageBackend == "file" || cfg.storageBackend == "file_transactional") then ''
path = "/var/lib/vault"
'' else ''
'';
}; };
telemetryConfig = mkOption { telemetryConfig = mkOption {
@ -92,10 +95,18 @@ in
wantedBy = ["multi-user.target"]; wantedBy = ["multi-user.target"];
after = [ "network.target" ]; after = [ "network.target" ];
preStart = '' preStart =
mkdir -m 0755 -p /var/lib/vault optionalString (cfg.storageBackend == "file" || cfg.storageBackend == "file_transactional")
chown -R vault:vault /var/lib/vault (let
matched = builtins.match ''.*path[ ]*=[ ]*"([^"]+)".*'' (toString cfg.storageConfig);
path = if matched == null then
throw ''`storageBackend` "${cfg.storageBackend}" requires path in `storageConfig`''
else
head matched;
in ''
[ -d "${path}"] || install -d -m0700 -o vault -g vault "${path}"
'') +
''
# generate a self-signed certificate, you will have to set environment variable "VAULT_SKIP_VERIFY=1" in the client # generate a self-signed certificate, you will have to set environment variable "VAULT_SKIP_VERIFY=1" in the client
if [ ! -s ${cfg.tlsCertFile} -o ! -s ${cfg.tlsKeyFile} ]; then if [ ! -s ${cfg.tlsCertFile} -o ! -s ${cfg.tlsKeyFile} ]; then
mkdir -p $(dirname ${cfg.tlsCertFile}) || true mkdir -p $(dirname ${cfg.tlsCertFile}) || true