rice/docker-host/setup/tasks/vault.yml

---
- hosts: leftcoastlab
  become: yes
  tasks:
    - name: Pull In Vars
      include_vars:
        dir: ../vars

    - name: Create Vault Bind Root
      file:
        path: /opt/vault
        state: directory

    - name: Ensure Vault Bind directories in place
      file:
        path: "/opt/vault/{{item}}"
        state: directory
      loop:
        - config
        - logs
        - file

    - name: Create Vault Config
      template:
        src: ../templates/vault-config.json.j2
        dest: /opt/vault/config/vault.json

    - name: Start up Vault Service
      community.docker.docker_container:
        name: vault
        image: vault
        ports:
          - "{{VAULT_PORT}}:8200"
        restart_policy: always
        volumes:
          - /opt/vault/logs:/vault/logs
          - /opt/vault/file:/vault/file
          - /opt/vault/config:/vault/config
        capabilities:
          - IPC_LOCK
        entrypoint:
          - vault server -config=/vault/config/vault.json