diff --git a/.gitignore b/.gitignore index 74e2eb5..767f996 100644 --- a/.gitignore +++ b/.gitignore @@ -2,3 +2,4 @@ roles/ venv/ vault-keys.json nomad_bootstrap.json +ca/ diff --git a/Makefile b/Makefile index d10cdc8..4f05470 100644 --- a/Makefile +++ b/Makefile @@ -77,4 +77,3 @@ apply: # curl -L -o cni-plugins.tgz "https://github.com/containernetworking/plugins/releases/download/v1.0.0/cni-plugins-linux-$( [ $(uname -m) = aarch64 ] && echo arm64 || echo amd64)"-v1.0.0.tgz # sudo mkdir -p /opt/cni/bin # sudo tar -C /opt/cni/bin -xzf cni-plugins.tgz - diff --git a/acls/.terraform.lock.hcl b/acls/.terraform.lock.hcl new file mode 100644 index 0000000..e640ec8 --- /dev/null +++ b/acls/.terraform.lock.hcl @@ -0,0 +1,38 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/nomad" { + version = "1.4.16" + hashes = [ + "h1:tyfjD/maKzb0RxxD9KWgLnkJu9lnYziYsQgGw85Giz8=", + "zh:0d4fbb7030d9caac3b123e60afa44f50c83cc2a983e1866aec7f30414abe7b0e", + "zh:0db080228e07c72d6d8ca8c45249d6f97cd0189fce82a77abbdcd49a52e57572", + "zh:0df88393271078533a217654b96f0672c60eb59570d72e6aefcb839eea87a7a0", + "zh:2883b335bb6044b0db6a00e602d6926c047c7f330294a73a90d089f98b24d084", + "zh:390158d928009a041b3a182bdd82376b50530805ae92be2b84ed7c3b0fa902a0", + "zh:7169b8f8df4b8e9659c49043848fd5f7f8473d0471f67815e8b04980f827f5ef", + "zh:9417ee1383b1edd137024882d7035be4dca51fb4f725ca00ed87729086ec1755", + "zh:a22910b5a29eeab5610350700b4899267c1b09b66cf21f7e4d06afc61d425800", + "zh:a6185c9cd7aa458cd81861058ba568b6411fbac344373a20155e20256f4a7557", + "zh:b6260ca9f034df1b47905b4e2a9c33b67dbf77224a694d5b10fb09ae92ffad4c", + "zh:d87c12a6a7768f2b6c2a59495c7dc00f9ecc52b1b868331d4c284f791e278a1e", + ] +} + +provider "registry.terraform.io/hashicorp/vault" { + version = "3.4.1" + hashes = [ + "h1:oow6cAwKiFpJBBWKsDqNmwZIrFTWWvoeIbqs+vyUDE0=", + "zh:1eb8370a1846e34e2bcc4d11eece5733735784a8eab447bbed3cfd822101b577", + "zh:2df3989327cea68b2167514b7ebddc67b09340f00bbf3fa85df03c97adfb9d25", + "zh:3dd1e317264f574985e856296deef71a76464918bf0566eb0d7f6389ea0586bd", + "zh:9750861f2822482aa608ea5a52b385bc42b2e1f2511094e6a975412618c4495d", + "zh:9b940e7f78975d29a4d0a116cf43c0bc1cb03bec4ad8d34887d64e6e60bacb9e", + "zh:9cb6e7ad2a62529d35dacd20695d49c2f02230cb785d46178cc10f4ec80e5a51", + "zh:a12718689bbcb37bcbb9132c18bffd354fad8ab5c8cb89cec1a0ee85c65b8cb7", + "zh:a6e38afacca1af4fab04a9f2dc49b8295eb462db68bdc7451352d0f950f804f8", + "zh:d6e0e994d51b9e07d5713d4796381f9e129e9de962e79caae2b7055f6f68297e", + "zh:ea4bbef7a1bb2553db473fa304c93845674167b61e8c9677107a96c8c696da12", + "zh:f985a8b7f4ef7d1eba9cef7d99997ee9c4a54ffe76dab7fa8b1fdec2a9edca7e", + ] +} diff --git a/acls/nomad_vault.tf b/acls/nomad_vault.tf index 28ba3c6..f2cfdef 100644 --- a/acls/nomad_vault.tf +++ b/acls/nomad_vault.tf @@ -4,25 +4,25 @@ resource "nomad_acl_token" "vault" { } resource "vault_nomad_secret_backend" "config" { - backend = "nomad" - description = "Nomad ACL" - token = nomad_acl_token.vault.secret_id + backend = "nomad" + description = "Nomad ACL" + token = nomad_acl_token.vault.secret_id } resource "vault_nomad_secret_role" "nomad-deploy" { - backend = vault_nomad_secret_backend.config.backend - role = "nomad-deploy" + backend = vault_nomad_secret_backend.config.backend + role = "nomad-deploy" policies = ["nomad-deploy"] } resource "vault_nomad_secret_role" "admin" { backend = vault_nomad_secret_backend.config.backend - role = "admin-management" - type = "management" + role = "admin-management" + type = "management" } resource "vault_policy" "nomad-deploy" { - name = "nomad-deploy" + name = "nomad-deploy" policy = <