mirror of
https://gitlab.durp.info/durfy/homelab/gitops.git
synced 2026-05-09 08:41:30 -05:00
update
This commit is contained in:
parent
4087eb7aaf
commit
91001c230e
1 changed files with 10 additions and 8 deletions
|
|
@ -60,7 +60,7 @@ vault:
|
||||||
enabled: true
|
enabled: true
|
||||||
|
|
||||||
standalone:
|
standalone:
|
||||||
enabled: false
|
enabled: true
|
||||||
|
|
||||||
config: |
|
config: |
|
||||||
disable_mlock = true
|
disable_mlock = true
|
||||||
|
|
@ -68,10 +68,12 @@ vault:
|
||||||
listener "tcp" {
|
listener "tcp" {
|
||||||
address = "[::]:8200"
|
address = "[::]:8200"
|
||||||
cluster_address = "[::]:8201"
|
cluster_address = "[::]:8201"
|
||||||
|
tls_cert_file = "/vault/userconfig/vault-server-tls/vault.crt"
|
||||||
|
tls_key_file = "/vault/userconfig/vault-server-tls/vault.key"
|
||||||
}
|
}
|
||||||
|
|
||||||
seal "transit" {
|
seal "transit" {
|
||||||
address = "http://192.168.20.253:8201"
|
address = "https://root-vault.internal.durp.info"
|
||||||
disable_renewal = "false"
|
disable_renewal = "false"
|
||||||
key_name = "autounseal"
|
key_name = "autounseal"
|
||||||
mount_path = "transit/"
|
mount_path = "transit/"
|
||||||
|
|
@ -84,10 +86,10 @@ vault:
|
||||||
|
|
||||||
# Run Vault in "HA" mode.
|
# Run Vault in "HA" mode.
|
||||||
ha:
|
ha:
|
||||||
enabled: true
|
enabled: false
|
||||||
replicas: 3
|
replicas: 3
|
||||||
raft:
|
raft:
|
||||||
enabled: true
|
enabled: false
|
||||||
setNodeId: true
|
setNodeId: true
|
||||||
|
|
||||||
config: |
|
config: |
|
||||||
|
|
@ -101,7 +103,7 @@ vault:
|
||||||
}
|
}
|
||||||
|
|
||||||
seal "transit" {
|
seal "transit" {
|
||||||
address = "http://192.168.20.253:8201"
|
address = "https://192.168.20.253:8201"
|
||||||
disable_renewal = "false"
|
disable_renewal = "false"
|
||||||
key_name = "autounseal"
|
key_name = "autounseal"
|
||||||
mount_path = "transit/"
|
mount_path = "transit/"
|
||||||
|
|
@ -111,19 +113,19 @@ vault:
|
||||||
storage "raft" {
|
storage "raft" {
|
||||||
path = "/vault/data"
|
path = "/vault/data"
|
||||||
retry_join {
|
retry_join {
|
||||||
leader_api_addr = "http://vault-0.vault-internal:8200"
|
leader_api_addr = "https://vault-0.vault-internal:8200"
|
||||||
leader_ca_cert_file = "/vault/userconfig/vault-server-tls/vault.ca"
|
leader_ca_cert_file = "/vault/userconfig/vault-server-tls/vault.ca"
|
||||||
leader_client_cert_file = "/vault/userconfig/vault-server-tls/vault.crt"
|
leader_client_cert_file = "/vault/userconfig/vault-server-tls/vault.crt"
|
||||||
leader_client_key_file = "/vault/userconfig/vault-server-tls/vault.key"
|
leader_client_key_file = "/vault/userconfig/vault-server-tls/vault.key"
|
||||||
}
|
}
|
||||||
retry_join {
|
retry_join {
|
||||||
leader_api_addr = "http://vault-1.vault-internal:8200"
|
leader_api_addr = "https://vault-1.vault-internal:8200"
|
||||||
leader_ca_cert_file = "/vault/userconfig/vault-server-tls/vault.ca"
|
leader_ca_cert_file = "/vault/userconfig/vault-server-tls/vault.ca"
|
||||||
leader_client_cert_file = "/vault/userconfig/vault-server-tls/vault.crt"
|
leader_client_cert_file = "/vault/userconfig/vault-server-tls/vault.crt"
|
||||||
leader_client_key_file = "/vault/userconfig/vault-server-tls/vault.key"
|
leader_client_key_file = "/vault/userconfig/vault-server-tls/vault.key"
|
||||||
}
|
}
|
||||||
retry_join {
|
retry_join {
|
||||||
leader_api_addr = "http://vault-2.vault-internal:8200"
|
leader_api_addr = "https://vault-2.vault-internal:8200"
|
||||||
leader_ca_cert_file = "/vault/userconfig/vault-server-tls/vault.ca"
|
leader_ca_cert_file = "/vault/userconfig/vault-server-tls/vault.ca"
|
||||||
leader_client_cert_file = "/vault/userconfig/vault-server-tls/vault.crt"
|
leader_client_cert_file = "/vault/userconfig/vault-server-tls/vault.crt"
|
||||||
leader_client_key_file = "/vault/userconfig/vault-server-tls/vault.key"
|
leader_client_key_file = "/vault/userconfig/vault-server-tls/vault.key"
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue