ad111d5e69
Docker Compose with 24+ services: - PostgreSQL (PostGIS), Valkey, MinIO, Qdrant - Vault (PKI/TLS), Nginx (Reverse Proxy) - Backend Core API, Consent Service, Billing Service - RAG Service, Embedding Service - Gitea, Woodpecker CI/CD - Night Scheduler, Health Aggregator - Jitsi (Web/XMPP/JVB/Jicofo), Mailpit Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
45 lines
983 B
HCL
45 lines
983 B
HCL
# Vault Agent Configuration for BreakPilot SSL Certificates
|
|
# Automatically renews certificates and updates nginx
|
|
|
|
pid_file = "/tmp/vault-agent.pid"
|
|
|
|
vault {
|
|
address = "http://vault:8200"
|
|
retry {
|
|
num_retries = 5
|
|
}
|
|
}
|
|
|
|
auto_auth {
|
|
method "approle" {
|
|
mount_path = "auth/approle"
|
|
config = {
|
|
role_id_file_path = "/vault/agent/data/role-id"
|
|
secret_id_file_path = "/vault/agent/data/secret-id"
|
|
remove_secret_id_file_after_reading = false
|
|
}
|
|
}
|
|
|
|
sink "file" {
|
|
config = {
|
|
path = "/vault/agent/data/token"
|
|
mode = 0600
|
|
}
|
|
}
|
|
}
|
|
|
|
# Single template that generates all certificate components
|
|
# Uses a single pkiCert call to ensure cert/key match
|
|
template {
|
|
source = "/vault/agent/templates/all.tpl"
|
|
destination = "/vault/certs/combined.pem"
|
|
perms = 0600
|
|
command = "sh /vault/agent/split-certs.sh"
|
|
}
|
|
|
|
# Listener for debugging (optional)
|
|
listener "tcp" {
|
|
address = "127.0.0.1:8100"
|
|
tls_disable = true
|
|
}
|