mirror of
https://git.lapiole.org/dani/ansible-roles.git
synced 2025-04-12 00:03:17 +02:00
59 lines
1.4 KiB
Django/Jinja
59 lines
1.4 KiB
Django/Jinja
vault {
|
|
address = "{{ vault_agent_vault_address }}"
|
|
}
|
|
|
|
auto_auth {
|
|
{% if vault_agent_auth == 'approle' %}
|
|
method {
|
|
type = "approle"
|
|
config {
|
|
role_id_file_path = "{{ vault_agent_root_dir }}/auth/role_id"
|
|
secret_id_file_path = "{{ vault_agent_root_dir }}/auth/secret_id"
|
|
remove_secret_id_file_after_reading = false
|
|
}
|
|
}
|
|
{% elif vault_agent_auth == 'token' %}
|
|
method {
|
|
type = "token_file"
|
|
config {
|
|
token_file_path = "{{ vault_agent_root_dir }}/auth/token"
|
|
}
|
|
}
|
|
{% endif %}
|
|
|
|
# Not used, but prevent service failing if there's not template yet
|
|
sink {
|
|
type = "file"
|
|
wrap_ttl = "1s"
|
|
config = {
|
|
path = "/run/vault_agent/vault.token"
|
|
mode = 600
|
|
}
|
|
}
|
|
}
|
|
|
|
{% for template in vault_agent_templates %}
|
|
template {
|
|
{% if template.source is defined %}
|
|
source = "{{ template.source }}"
|
|
{% elif template.contents is defined %}
|
|
contents = "{{ template.contents }}"
|
|
{% endif %}
|
|
destination = "{{ template.destination }}"
|
|
{% for prop in ['left_delimiter', 'right_delimiter', 'perms'] %}
|
|
{% if template[prop] is defined %}
|
|
{{ prop }} = "{{ template[prop] }}"
|
|
{% endif %}
|
|
{% endfor %}
|
|
|
|
{% if template.exec is defined and template.exec.command is defined %}
|
|
exec {
|
|
{% if template.exec.timeout is defined %}
|
|
timeout = "{{ template.exec.timeout }}"
|
|
{% endif %}
|
|
command = "template.exec.command"
|
|
}
|
|
{% endif %}
|
|
}
|
|
{% endfor %}
|