···

       
57
       
57
       
 
       
      };

     

       
58
       
58
       
 
       


     

       
59
       
59
       
 
       
      storageBackend = mkOption {

     

       
60
       
60
       
-
       
        type = types.enum ["inmem" "consul" "zookeeper" "file" "s3" "azure" "dynamodb" "etcd" "mssql" "mysql" "postgresql" "swift" "gcs"];

     

       
60
       
60
       
+
       
        type = types.enum ["inmem" "inmem_transactional" "inmem_ha" "inmem_transactional_ha" "file_transactional" "consul" "zookeeper" "file" "s3" "azure" "dynamodb" "etcd" "mssql" "mysql" "postgresql" "swift" "gcs"];

     

       
61
       
61
       
 
       
        default = "inmem";

     

       
62
       
62
       
 
       
        description = "The name of the type of storage backend";

     

       
63
       
63
       
 
       
      };

     
···

       
65
       
65
       
 
       
      storageConfig = mkOption {

     

       
66
       
66
       
 
       
        type = types.lines;

     

       
67
       
67
       
 
       
        description = "Storage configuration";

     

       
68
       
68
       
-
       
        default = "";

     

       
68
       
68
       
+
       
        default = if (cfg.storageBackend == "file" || cfg.storageBackend == "file_transactional") then ''

     

       
69
       
69
       
+
       
                    path = "/var/lib/vault"

     

       
70
       
70
       
+
       
                  '' else ''

     

       
71
       
71
       
+
       
                  '';

     

       
69
       
72
       
 
       
      };

     

       
70
       
73
       
 
       


     

       
71
       
74
       
 
       
      telemetryConfig = mkOption {

     
···

       
92
       
95
       
 
       
      wantedBy = ["multi-user.target"];

     

       
93
       
96
       
 
       
      after = [ "network.target" ];

     

       
94
       
97
       
 
       


     

       
95
       
95
       
-
       
      preStart = ''

     

       
96
       
96
       
-
       
        mkdir -m 0755 -p /var/lib/vault

     

       
97
       
97
       
-
       
        chown -R vault:vault /var/lib/vault

     

       
98
       
98
       
-
       


     

       
98
       
98
       
+
       
      preStart =

     

       
99
       
99
       
+
       
        optionalString (cfg.storageBackend == "file" || cfg.storageBackend == "file_transactional")

     

       
100
       
100
       
+
       
          (let

     

       
101
       
101
       
+
       
            matched = builtins.match ''.*path[ ]*=[ ]*"([^"]+)".*'' (toString cfg.storageConfig);

     

       
102
       
102
       
+
       
            path = if matched == null then

     

       
103
       
103
       
+
       
                     throw ''`storageBackend` "${cfg.storageBackend}" requires path in `storageConfig`''

     

       
104
       
104
       
+
       
                   else

     

       
105
       
105
       
+
       
                     head matched;

     

       
106
       
106
       
+
       
          in ''

     

       
107
       
107
       
+
       
            [ -d "${path}"] || install -d -m0700 -o vault -g vault "${path}"

     

       
108
       
108
       
+
       
          '') +

     

       
109
       
109
       
+
       
      ''

     

       
99
       
110
       
 
       
        # generate a self-signed certificate, you will have to set environment variable "VAULT_SKIP_VERIFY=1" in the client

     

       
100
       
111
       
 
       
        if [ ! -s ${cfg.tlsCertFile} -o ! -s ${cfg.tlsKeyFile} ]; then

     

       
101
       
112
       
 
       
          mkdir -p $(dirname ${cfg.tlsCertFile}) || true