Initial vault agent configuration

2025-09-11 17:08:03 +09:00
commit 8cb0384c54
13 changed files with 196 additions and 0 deletions
--- a/vault-agent.service
+++ b/vault-agent.service
@@ -0,0 +1,34 @@
+[Unit]
+Description=Vault Agent
+Documentation=https://vaultproject.io/docs/
+Requires=network-online.target
+After=network-online.target
+ConditionFileNotEmpty=/etc/vault/agent.hcl
+
+[Service]
+Type=notify
+User=kaffa
+Group=kaffa
+ProtectSystem=full
+ProtectHome=yes
+PrivateTmp=yes
+PrivateDevices=yes
+SecureBits=keep-caps
+AmbientCapabilities=CAP_IPC_LOCK
+CapabilityBoundingSet=CAP_SYSLOG CAP_IPC_LOCK
+NoNewPrivileges=yes
+Environment=VAULT_SKIP_VERIFY=true
+Environment=HOME=/var/lib/vault
+ExecStart=/usr/bin/vault agent -config=/etc/vault/agent.hcl
+ExecReload=/bin/kill -HUP $MAINPID
+KillMode=process
+Restart=on-failure
+RestartSec=5
+TimeoutStopSec=30
+StartLimitInterval=60s
+StartLimitBurst=3
+LimitNOFILE=65536
+LimitMEMLOCK=infinity
+
+[Install]
+WantedBy=multi-user.target