feat: vault mlock

- enable mlock by default - disable mlock on lxd/incus nodes (lxc doesnt support it)
2025-04-26 22:00:45 +10:00 · 2025-04-26 22:00:45 +10:00 · 8137fbbb8b
commit 8137fbbb8b
parent 1e3ce0ec1c
2 changed files with 4 additions and 1 deletions
--- a/hieradata/common.yaml
+++ b/hieradata/common.yaml
@ -180,7 +180,7 @@ vault::manage_repo: false
 vault::bin_dir: /usr/bin
 vault::manage_service_file: true
 vault::manage_config_dir: true
-vault::disable_mlock: true
+vault::disable_mlock: false

 profiles::dns::master::basedir: '/var/named/sources'
 profiles::dns::base::ns_role: 'roles::infra::dns::resolver'
--- a/hieradata/virtual/lxc.yaml
+++ b/hieradata/virtual/lxc.yaml
@ -2,3 +2,6 @@
 profiles::packages::include:
  chrony:
    ensure: absent
+
+# disable mlock for vault nodes on lxd/incus
+vault::disable_mlock: true