From 56ab95e36454e6aff6f4eaed0e2c3a6feda610ab Mon Sep 17 00:00:00 2001
From: shockrah <dev@shockrah.xyz>
Date: Fri, 24 Jun 2022 21:46:41 -0700
Subject: [PATCH] + New vault setup

---
 docker-host/setup/files/vault-config.json     | 14 ++++++
 docker-host/setup/files/vault.lablad          | 11 +++++
 docker-host/setup/tasks/vault.yml             | 43 +++++++++++++++++++
 .../setup/templates/vault-config.json.j2      | 15 +++++++
 4 files changed, 83 insertions(+)
 create mode 100644 docker-host/setup/files/vault-config.json
 create mode 100644 docker-host/setup/files/vault.lablad
 create mode 100644 docker-host/setup/tasks/vault.yml
 create mode 100644 docker-host/setup/templates/vault-config.json.j2

diff --git a/docker-host/setup/files/vault-config.json b/docker-host/setup/files/vault-config.json
new file mode 100644
index 0000000..31e61d6
--- /dev/null
+++ b/docker-host/setup/files/vault-config.json
@@ -0,0 +1,14 @@
+{
+	"backend": {
+		"file": {
+			"path": "/vault/file"
+		}
+	},
+	"listener": {
+		"tcp": {
+			"address": "0.0.0.0:{{VAULT_PORT}}",
+			"tls_disable": 1
+		}
+	},
+	"ui": true
+}
diff --git a/docker-host/setup/files/vault.lablad b/docker-host/setup/files/vault.lablad
new file mode 100644
index 0000000..499873d
--- /dev/null
+++ b/docker-host/setup/files/vault.lablad
@@ -0,0 +1,11 @@
+# This file pertains to the Gitea service which is served under the FQDN:
+# vault.lablad
+# The default port is listed under /vars/main.yml as 8200 as VAULT_PORT
+
+server {
+	server_name vault.lablad.net;
+	location / {
+		proxy_pass http://127.0.0.1:8200;
+	}
+}
+
diff --git a/docker-host/setup/tasks/vault.yml b/docker-host/setup/tasks/vault.yml
new file mode 100644
index 0000000..df24c61
--- /dev/null
+++ b/docker-host/setup/tasks/vault.yml
@@ -0,0 +1,43 @@
+---
+- hosts: leftcoastlab
+  become: yes
+  tasks:
+    - name: Pull In Vars
+      include_vars:
+        dir: ../vars
+
+    - name: Create Vault Bind Root
+      file:
+        path: /opt/vault
+        state: directory
+
+    - name: Ensure Vault Bind directories in place
+      file:
+        path: "/opt/vault/{{item}}"
+        state: directory
+      loop:
+        - config
+        - logs
+        - file
+
+    - name: Create Vault Config
+      template:
+        src: ../templates/vault-config.json.j2
+        dest: /opt/vault/config/vault.json
+
+    - name: Start up Vault Service
+      community.docker.docker_container:
+        name: vault
+        image: vault
+        ports:
+          - "{{VAULT_PORT}}:8200"
+        restart_policy: always
+        volumes:
+          - /opt/vault/logs:/vault/logs
+          - /opt/vault/file:/vault/file
+          - /opt/vault/config:/vault/config
+        capabilities:
+          - IPC_LOCK
+        entrypoint:
+          - vault server -config=/vault/config/vault.json
+
diff --git a/docker-host/setup/templates/vault-config.json.j2 b/docker-host/setup/templates/vault-config.json.j2
new file mode 100644
index 0000000..012fac6
--- /dev/null
+++ b/docker-host/setup/templates/vault-config.json.j2
@@ -0,0 +1,15 @@
+{
+	"backend": {
+		"file": {
+			"path": "/vault/file"
+		}
+	},
+	"listener": {
+		"tcp": {
+			"address": "0.0.0.0:{{VAULT_PORT}}",
+			"tls_disable": 1
+		}
+	},
+	"ui": true
+}
+