71 lines
2.0 KiB
YAML
71 lines
2.0 KiB
YAML
|
---
|
||
|
vault_version: latest
|
||
|
vault_image: "docker.io/hashicorp/vault:{{ vault_version }}"
|
||
|
# @var vault_url:description: >
|
||
|
# Specify address of the vault instance, used when building absolute urls, e.g. for websub.
|
||
|
# @end
|
||
|
vault_url: "http://localhost:8200"
|
||
|
|
||
|
vault_restart_policy: always
|
||
|
vault_service_stopped: False
|
||
|
|
||
|
vault_config_volume: "vault-config"
|
||
|
vault_data_volume: "vault-data"
|
||
|
|
||
|
# @var vault_volumes:description: > Define required docker volumes.
|
||
|
# @end
|
||
|
# @var vault_volumes:example: >
|
||
|
# vault_volumes:
|
||
|
# - name: data
|
||
|
# # target location inside the container
|
||
|
# dest: /var/www/app/data
|
||
|
# type: volume
|
||
|
# @end
|
||
|
vault_volumes:
|
||
|
- name: "{{ vault_config_volume }}"
|
||
|
dest: /vault/config
|
||
|
- name: "{{ vault_data_volume }}"
|
||
|
dest: /vault/file
|
||
|
|
||
|
# @var vault_network:description: >
|
||
|
# Name of the container network. If the name ends with `.network`, the network will be created with the specified configuration.
|
||
|
# Otherwise, the network must already exist and the container will be attached to the network.
|
||
|
# @end
|
||
|
vault_network: "vault.network"
|
||
|
vault_network_ipv6_enabled: False
|
||
|
# @var vault_network_ipv6_subnet:value: $ "_unset_"
|
||
|
# @var vault_network_ipv6_subnet:example: $ "fd00:0:0:2::/64"
|
||
|
# @var vault_network_ipv6_gateway:value: $ "_unset_"
|
||
|
# @var vault_network_ipv6_gateway:example: $ "fd00:0:0:2::1"
|
||
|
|
||
|
# @var vault_network_ipv4_subnet:value: $ "_unset_"
|
||
|
# @var vault_network_ipv4_gateway:value: $ "_unset_"
|
||
|
|
||
|
# @var vault_exposed_ports:description: >
|
||
|
# Ports you want to publish outside of Docker. Vault is running on `8200` inside of the container.
|
||
|
# @end
|
||
|
vault_exposed_ports: []
|
||
|
|
||
|
vault_cap_add:
|
||
|
- ipc_lock
|
||
|
vault_cap_drop: []
|
||
|
|
||
|
vault_podman_args:
|
||
|
- --pids-limit=-1
|
||
|
- --userns=host
|
||
|
- --health-cmd='["wget", "--spider", "--proxy", "off", "http://localhost:8200/{{ __vault_health_path }}"]'
|
||
|
- --health-interval=5s
|
||
|
- --health-timeout=5s
|
||
|
- --health-retries=6
|
||
|
- --health-on-failure=kill
|
||
|
|
||
|
vault_log_level: warn
|
||
|
vault_default_lease_ttl: 24h
|
||
|
vault_max_lease_ttl: 240h
|
||
|
|
||
|
vault_ui: True
|
||
|
vault_disable_clustering: True
|
||
|
|
||
|
vault_unseal_keys: []
|
||
|
vault_auto_unseal: False
|