tangled.org
anirudh.fi
+11
hosts/nixery/services/openbao/openbao.nix
+11
hosts/nixery/services/openbao/openbao.nix
···
1
{
2
+
# Create openbao user and group
3
+
users.groups.openbao = {};
4
+
5
+
users.users.openbao = {
6
+
isSystemUser = true;
7
+
group = "openbao";
8
+
home = "/var/lib/openbao";
9
+
createHome = true;
10
+
description = "OpenBao service user";
11
+
};
12
+
13
services.openbao = {
14
enable = true;
15
settings = {
+12
-12
hosts/nixery/services/openbao/proxy.nix
+12
-12
hosts/nixery/services/openbao/proxy.nix
···
83
'';
84
85
# Create necessary directories and files
86
-
systemd.tmpfiles.rules = [
87
-
# Directories
88
-
"d /var/lib/openbao 0755 root root -"
89
-
"d /var/lib/openbao/cache 0755 root root -"
90
-
"d /var/log/openbao 0755 root root -"
91
-
"d /etc/openbao 0755 root root -"
92
93
-
# Credential files (content must be populated externally)
94
-
"f /etc/openbao/role-id 0600 root root -"
95
-
"f /etc/openbao/secret-id 0600 root root -"
96
97
-
# Configuration file
98
-
"f /etc/openbao/proxy.hcl 0644 root root -"
99
-
];
100
}
···
83
'';
84
85
# Create necessary directories and files
86
+
# systemd.tmpfiles.rules = [
87
+
# # Directories
88
+
# "d /var/lib/openbao 0755 root root -"
89
+
# "d /var/lib/openbao/cache 0755 root root -"
90
+
# "d /var/log/openbao 0755 root root -"
91
+
# "d /etc/openbao 0755 root root -"
92
93
+
# # Credential files (content must be populated externally)
94
+
# "f /etc/openbao/role-id 0600 root root -"
95
+
# "f /etc/openbao/secret-id 0600 root root -"
96
97
+
# # Configuration file
98
+
# "f /etc/openbao/proxy.hcl 0644 root root -"
99
+
# ];
100
}