31 lines
848 B
Nix
31 lines
848 B
Nix
{ ... }:
|
|
|
|
{
|
|
resource.vault_mount.ssh-client = {
|
|
type = "ssh";
|
|
path = "ssh-client";
|
|
};
|
|
|
|
resource.vault_ssh_secret_backend_ca.ssh-client = {
|
|
backend = "\${vault_mount.ssh-client.path}";
|
|
};
|
|
|
|
resource.vault_ssh_secret_backend_role.ssh-client_user = {
|
|
name = "user";
|
|
backend = "\${vault_mount.ssh-client.path}";
|
|
key_type = "ca";
|
|
allow_user_certificates = true;
|
|
allowed_users_template = true;
|
|
allowed_users = "{{identity.entity.name}}";
|
|
allowed_extensions = "permit-agent-forwarding,permit-port-forwarding,permit-pty,permit-user-rc,permit-X11-forwarding";
|
|
ttl = 24 * 60 * 60;
|
|
max_ttl = 24 * 60 * 60;
|
|
default_extensions = {
|
|
permit-agent-forwarding = "";
|
|
permit-port-forwarding = "";
|
|
permit-pty = "";
|
|
permit-user-rc = "";
|
|
permit-X11-forwarding = "";
|
|
};
|
|
};
|
|
}
|