This commit is contained in:
parent
42dbb13323
commit
27847f256b
@ -17,6 +17,10 @@ wireguard_postdown:
|
||||
- iptables -t nat -D POSTROUTING -o enp2s0 -j MASQUERADE
|
||||
consul_snapshot: True
|
||||
|
||||
vault_snapshot: true
|
||||
vault_backup_location: "/mnt/diskstation/git/backup/vault"
|
||||
vault_roleID: "{{ lookup('hashi_vault','secret=secrets/data/ansible/hashistack:vault-snapshot_approle') }}"
|
||||
vault_secretID: "{{ lookup('hashi_vault','secret=secrets/data/ansible/hashistack:vault-snapshot_secretID') }}"
|
||||
partition_table:
|
||||
- device: "/dev/sda"
|
||||
label: gpt
|
||||
|
@ -13,3 +13,7 @@ wireguard_postdown:
|
||||
- iptables -D FORWARD -o wg0 -j ACCEPT
|
||||
- iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
|
||||
consul_snapshot: True
|
||||
vault_snapshot: True
|
||||
vault_backup_location: "/mnt/diskstation/git/backup/vault"
|
||||
vault_roleID: "{{ lookup('hashi_vault','secret=secrets/data/ansible/hashistack:vault-snapshot_approle') }}"
|
||||
vault_secretID: "{{ lookup('hashi_vault','secret=secrets/data/ansible/hashistack:vault-snapshot_secretID') }}"
|
||||
|
@ -1,13 +1,3 @@
|
||||
data "vault_policy_document" "snapshot" {
|
||||
rule {
|
||||
path= "sys/storage/raft/snapshot"
|
||||
capabilities = ["read"]
|
||||
}
|
||||
}
|
||||
resource "vault_policy" "snapshot" {
|
||||
name = "snapshot"
|
||||
policy = data.vault_policy_document.snapshot.hcl
|
||||
}
|
||||
data "vault_policy_document" "nomad_server_policy" {
|
||||
rule {
|
||||
path = "auth/token/create/nomad-cluster"
|
||||
|
35
vault/vault-snapshot.tf
Normal file
35
vault/vault-snapshot.tf
Normal file
@ -0,0 +1,35 @@
|
||||
|
||||
resource "vault_approle_auth_backend_role" "vault-snapshot" {
|
||||
backend = vault_auth_backend.approle.path
|
||||
role_name = "vault-snapshot"
|
||||
token_policies = ["vault-snapshot"]
|
||||
}
|
||||
|
||||
|
||||
data "vault_approle_auth_backend_role_id" "vault-snapshot" {
|
||||
backend = vault_auth_backend.approle.path
|
||||
role_name = vault_approle_auth_backend_role.vault-snapshot.role_name
|
||||
}
|
||||
output "vault-snapshot-role-id" {
|
||||
value = data.vault_approle_auth_backend_role_id.vault-snapshot.role_id
|
||||
}
|
||||
|
||||
data "vault_policy_document" "vault-snapshot" {
|
||||
rule {
|
||||
path = "sys/storage/raft/snapshot"
|
||||
capabilities = ["read"]
|
||||
}
|
||||
}
|
||||
|
||||
resource "vault_policy" "vault-snapshot" {
|
||||
name = "vault-snapshot"
|
||||
policy = data.vault_policy_document.vault-snapshot.hcl
|
||||
}
|
||||
|
||||
|
||||
#resource "vault_approle_auth_backend_role_secret_id" "vault-snapshot" {
|
||||
# backend = vault_auth_backend.approle.path
|
||||
# role_name = vault_approle_auth_backend_role.vault-snapshot.role_name
|
||||
#}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user