# Vault Configuration for {{ inventory_hostname }}

# Storage backend - Consul
storage "consul" {
  address = "127.0.0.1:8500"
  path    = "vault/"
  
  # Consul datacenter
  datacenter = "{{ vault_datacenter }}"
  
  # Service registration
  service = "vault"
  service_tags = "vault-server"
  
  # Session TTL
  session_ttl = "15s"
  lock_wait_time = "15s"
}

# Listener configuration
listener "tcp" {
  address     = "0.0.0.0:8200"
  tls_disable = 1
}

# API address - 使用Tailscale网络地址
api_addr = "http://{{ ansible_host }}:8200"

# Cluster address - 使用Tailscale网络地址  
cluster_addr = "http://{{ ansible_host }}:8201"

# UI
ui = true

# Cluster name
cluster_name = "{{ vault_cluster_name }}"

# Disable mlock for development (remove in production)
disable_mlock = true

# Log level
log_level = "INFO"

# Plugin directory
plugin_directory = "/opt/vault/plugins"