the-distro/infra
9
0
Fork 5
Code Issues 39 Pull requests 6 Projects 1 Releases Packages Wiki Activity

feat(terraform/vault): add RabbitMQ server role

Browse source 
And allow CI to emit it.

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
This commit is contained in:
raito 2025-01-01 03:42:51 +01:00
parent 61aed32221
commit 6ba24ad1cb
1 changed files with 13 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
terraform/vault/default.nix
View file

@ -63,7 +63,9 @@
ci = {
# This allows the CI to issue certificates for CI purposes.
# It should be a relative path.
"pki/issue/ci".capabilities = [ "read" "create" "update" ];
"issue/ci".capabilities = [ "read" "create" "update" ];
# CI is allowed to be a RabbitMQ server.
"issue/rabbitmq-server".capabilities = [ "read" "create" "update" ];
};
};
@ -77,6 +79,16 @@
allow_wildcard_certificates = false;
ou = [ "Floral Systems Continuous Integration Systems" ];
};
rabbitmq-server = {
ttl = "7d";
max_ttl = "45d";
allowed_domains = [ "amqp.forkos.org" ];
allow_subdomains = false;
allow_glob_domains = false;
allow_wildcard_certificates = false;
ou = [ "Floral Systems AMQP Systems" ];
};
};
# It's possible to continue the chain but we don't need that here.