Andreas Olsson andreaso

## github-oidc.tf
data "vault_policy_document" "gha_test" {
  rule {
    path         = "${vault_mount.secrets.path}/data/test/oidc"
    capabilities = ["read"]
  }
}

resource "vault_policy" "gha_test" {
  name   = "gha-test-read"
  policy = data.vault_policy_document.gha_test.hcl

## listen-on-totp-range.network
# /etc/systemd/network/listen-on-totp-range.network
[Match]
Name = lo

[Route]
Destination = 2001:db8:67c1:22::/64
Type = local

## folding-at-home.service
[Unit]
Description=Proper folding at home service unit
After=network.target

[Service]
Type=simple
User=fahclient
WorkingDirectory=/var/lib/fahclient
ExecStart=/usr/bin/FAHClient /etc/fahclient/config.xml
NoNewPrivileges=yes
	data "vault_policy_document" "gha_test" {
	rule {
	path = "${vault_mount.secrets.path}/data/test/oidc"
	capabilities = ["read"]
	}
	}

	resource "vault_policy" "gha_test" {
	name = "gha-test-read"
	policy = data.vault_policy_document.gha_test.hcl
	# /etc/systemd/network/listen-on-totp-range.network
	[Match]
	Name = lo

	[Route]
	Destination = 2001:db8:67c1:22::/64
	Type = local
	[Unit]
	Description=Proper folding at home service unit
	After=network.target

	[Service]
	Type=simple
	User=fahclient
	WorkingDirectory=/var/lib/fahclient
	ExecStart=/usr/bin/FAHClient /etc/fahclient/config.xml
	NoNewPrivileges=yes