dev cicd + tron + docs

2026-01-30 16:58:02 +01:00
parent 51f5b0804a
commit c1596296d1
52 changed files with 3695 additions and 0 deletions
--- a/ci/dev/vault/agent.hcl
+++ b/ci/dev/vault/agent.hcl
@@ -0,0 +1,49 @@
+# Vault Agent for Development Environment
+# AppRole credentials are injected as files from environment variables
+pid_file = "/tmp/vault-agent.pid"
+
+auto_auth {
+  method "approle" {
+    mount_path = "auth/approle"
+    config = {
+      role_id_file_path   = "/vault/secrets/role_id"
+      secret_id_file_path = "/vault/secrets/secret_id"
+    }
+  }
+  sink "file" {
+    config = { path = "/vault/token" }
+  }
+}
+
+vault {
+  address = "{{ env `VAULT_ADDR` }}"
+}
+
+# MongoDB root credentials
+template {
+  source      = "/etc/vault/templates/mongo/user.ctmpl"
+  destination = "/vault/secrets/MONGO_ROOT_USER"
+}
+
+template {
+  source      = "/etc/vault/templates/mongo/pass.ctmpl"
+  destination = "/vault/secrets/MONGO_ROOT_PASSWORD"
+}
+
+# MongoDB replica set keyFile (strict perms for MongoDB)
+template {
+  source      = "/etc/vault/templates/mongo/keyfile.ctmpl"
+  destination = "/vault/secrets/mongo.kf"
+  command     = "sh -lc 'chmod 0400 /vault/secrets/mongo.kf'"
+}
+
+# NATS credentials
+template {
+  source      = "/etc/vault/templates/nats/user.ctmpl"
+  destination = "/vault/secrets/NATS_USER"
+}
+
+template {
+  source      = "/etc/vault/templates/nats/pass.ctmpl"
+  destination = "/vault/secrets/NATS_PASSWORD"
+}