lukegb/depot
1
0
Fork 0
Code Issues 1 Pull requests Projects Packages Activity Actions

ops/vault: bump ACME TTL

Browse source
This commit is contained in:
Luke Granger-Brown 2022-04-20 23:47:09 +01:00
parent ae18357a64
commit e51d58fac6
2 changed files with 6 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
ops/nixos/default.nix
View file

@ -50,7 +50,8 @@ let
rebuilder = system: (import ./lib/rebuilder.nix (args // { system = system; })); rebuilder = system: (import ./lib/rebuilder.nix (args // { system = system; }));
systemCfgs = lib.genAttrs systems systemCfgs = lib.genAttrs systems
(name: import (./. + "/${name}")); (name: import (./. + "/${name}"));
evaledSystems = lib.filterAttrs (n: v: v.config.my.systemType == system) (mapAttrs systemFor systemCfgs); allEvaledSystems = mapAttrs systemFor systemCfgs;
evaledSystems = lib.filterAttrs (n: v: v.config.my.systemType == system) allEvaledSystems;
systemDrvs = mapAttrs (_: sys: sys.config.system.build.toplevel) evaledSystems; systemDrvs = mapAttrs (_: sys: sys.config.system.build.toplevel) evaledSystems;
systemTailscaleIPs = lib.mapAttrs' (n: v: lib.nameValuePair v [n]) (lib.filterAttrs (n: v: v != null) (mapAttrs (_: sys: sys.config.my.ip.tailscale) evaledSystems)); systemTailscaleIPs = lib.mapAttrs' (n: v: lib.nameValuePair v [n]) (lib.filterAttrs (n: v: v != null) (mapAttrs (_: sys: sys.config.my.ip.tailscale) evaledSystems));
@ -79,7 +80,7 @@ let
installcdSystem = systemFor "installcd" (import ./installcd); installcdSystem = systemFor "installcd" (import ./installcd);
in systemDrvs // { in systemDrvs // {
systems = systemDrvs; systems = systemDrvs;
systemConfigs = evaledSystems; systemConfigs = allEvaledSystems;
systemExporters = systemExporters; systemExporters = systemExporters;
tailscaleIPs = systemTailscaleIPs; tailscaleIPs = systemTailscaleIPs;
scrapeJournalHosts = scrapeJournalHosts; scrapeJournalHosts = scrapeJournalHosts;

3
ops/vault/cfg/module-acme-ca.nix
View file

@ -79,6 +79,9 @@ in {
resource.vault_mount.acme = { resource.vault_mount.acme = {
path = config.my.acme.mountPoint; path = config.my.acme.mountPoint;
type = "acme"; type = "acme";
max_lease_ttl_seconds = 90 * 86400;
default_lease_ttl_seconds = 90 * 86400;
}; };
resource.vault_generic_endpoint = mkMergeIf [ resource.vault_generic_endpoint = mkMergeIf [