+ New vault setup

docker-host/setup/files/vault-config.json

@@ -0,0 +1,14 @@
+{
+	"backend": {
+		"file": {
+			"path": "/vault/file"
+		}
+	},
+	"listener": {
+		"tcp": {
+			"address": "0.0.0.0:{{VAULT_PORT}}",
+			"tls_disable": 1
+		}
+	},
+	"ui": true
+}

docker-host/setup/files/vault.lablad

@@ -0,0 +1,11 @@
+# This file pertains to the Gitea service which is served under the FQDN:
+# vault.lablad
+# The default port is listed under /vars/main.yml as 8200 as VAULT_PORT
+
+server {
+	server_name vault.lablad.net;
+	location / {
+		proxy_pass http://127.0.0.1:8200;
+	}
+}
+

docker-host/setup/tasks/vault.yml

@@ -0,0 +1,43 @@
+---
+- hosts: leftcoastlab
+  become: yes
+  tasks:
+    - name: Pull In Vars
+      include_vars:
+        dir: ../vars
+
+    - name: Create Vault Bind Root
+      file:
+        path: /opt/vault
+        state: directory
+
+    - name: Ensure Vault Bind directories in place
+      file:
+        path: "/opt/vault/{{item}}"
+        state: directory
+      loop:
+        - config
+        - logs
+        - file
+
+    - name: Create Vault Config
+      template:
+        src: ../templates/vault-config.json.j2
+        dest: /opt/vault/config/vault.json
+
+    - name: Start up Vault Service
+      community.docker.docker_container:
+        name: vault
+        image: vault
+        ports:
+          - "{{VAULT_PORT}}:8200"
+        restart_policy: always
+        volumes:
+          - /opt/vault/logs:/vault/logs
+          - /opt/vault/file:/vault/file
+          - /opt/vault/config:/vault/config
+        capabilities:
+          - IPC_LOCK
+        entrypoint:
+          - vault server -config=/vault/config/vault.json
+

docker-host/setup/templates/vault-config.json.j2

@@ -0,0 +1,15 @@
+{
+	"backend": {
+		"file": {
+			"path": "/vault/file"
+		}
+	},
+	"listener": {
+		"tcp": {
+			"address": "0.0.0.0:{{VAULT_PORT}}",
+			"tls_disable": 1
+		}
+	},
+	"ui": true
+}
+