I’ve recently been learning NixOS and am working on setting up a Nomad cluster with it. I want to setup Vault next for secrets management, but I’m having trouble finding resources to do this on NixOS. Has anyone deployed a Vault server using NixOS before who would be able to point me to any guides or git repos with an example?
Thank you!
If you are trying to set up a single-node vault, you can use the nixos test for reference:
If you want the vault webui, you will need to use the vault-bin package by setting
services.vault = {
package = pkgs.vault-bin;
extraConfig = ''
ui = true
'';
};
Thanks. Turns out I can just use Nomad Variables natively and avoid Vault altogether.
That said, I was able to get vault running to some degree with the config:
{ name, config, pkgs, secretPath, lib, meta, ... }:
with lib;
let
bind = meta.ip.mesh."${name}";
cfg = config.vaultNode;
in {
options.vaultNode = { enable = mkEnableOption "vaultNode"; };
config = mkIf cfg.enable {
services.vault = {
enable = true;
# In Memory storage for testing
storageBackend = "s3";
storageConfig = ''
access_key = "REDACTED"
secret_key = "REDACTED"
bucket = "vault-storage"
'';
address = "0.0.0.0:8200";
extraConfig = ''
api_addr = "https://0.0.0.0:8200"
cluster_addr = "https://0.0.0.0:8201"
ui = true
disable_mlock = true
'';
package = pkgs.vault-bin;
};
};
}