ops/vault: bump ACME TTL

This commit is contained in:
Luke Granger-Brown 2022-04-20 23:47:09 +01:00
parent ae18357a64
commit e51d58fac6
2 changed files with 6 additions and 2 deletions

View file

@ -50,7 +50,8 @@ let
rebuilder = system: (import ./lib/rebuilder.nix (args // { system = system; }));
systemCfgs = lib.genAttrs systems
(name: import (./. + "/${name}"));
evaledSystems = lib.filterAttrs (n: v: v.config.my.systemType == system) (mapAttrs systemFor systemCfgs);
allEvaledSystems = mapAttrs systemFor systemCfgs;
evaledSystems = lib.filterAttrs (n: v: v.config.my.systemType == system) allEvaledSystems;
systemDrvs = mapAttrs (_: sys: sys.config.system.build.toplevel) evaledSystems;
systemTailscaleIPs = lib.mapAttrs' (n: v: lib.nameValuePair v [n]) (lib.filterAttrs (n: v: v != null) (mapAttrs (_: sys: sys.config.my.ip.tailscale) evaledSystems));
@ -79,7 +80,7 @@ let
installcdSystem = systemFor "installcd" (import ./installcd);
in systemDrvs // {
systems = systemDrvs;
systemConfigs = evaledSystems;
systemConfigs = allEvaledSystems;
systemExporters = systemExporters;
tailscaleIPs = systemTailscaleIPs;
scrapeJournalHosts = scrapeJournalHosts;

View file

@ -79,6 +79,9 @@ in {
resource.vault_mount.acme = {
path = config.my.acme.mountPoint;
type = "acme";
max_lease_ttl_seconds = 90 * 86400;
default_lease_ttl_seconds = 90 * 86400;
};
resource.vault_generic_endpoint = mkMergeIf [