Prepare for vaultwarden selfhosting

flake.lock

@@ -1485,11 +1485,11 @@
         "yesod-static-remote": "yesod-static-remote"
       },
       "locked": {
-        "lastModified": 1706843322,
+        "lastModified": 1706970818,
-        "narHash": "sha256-7//FpXaLEMFBOza/j55+EqJ7Qp1IWE80ZdwgY2whb/s=",
+        "narHash": "sha256-6CpA8ac2Ue1MNs0liETaltREIVYwhANZgjn7qj5yDAo=",
         "owner": "Mateiadrielrafael",
         "repo": "intray",
-        "rev": "56b1f64555c57202ec6e5a90870158fff6dcdc63",
+        "rev": "9043b437ab42a74560a4fe00a94a6a7d42a15cc9",
         "type": "github"
       },
       "original": {

home/features/cli/productivity/secrets.yaml

@@ -1,5 +1,6 @@
 smos_github_token: ENC[AES256_GCM,data:kqy5mQf96DoPN1iEt2akJWFfD3IJWdSkvZa0MeAyF0WJ/+V5P5C4iQ==,iv:QwmIdV/vzGTLE89XJVi3prgfmXqRa/OYcp9CA7KJDYc=,tag:+S1EZBcxoOQO2ADjDx9STQ==,type:str]
 intray_password: ENC[AES256_GCM,data:lTCLWSZIk93LhzHJ/ymc,iv:NcmCK3raatp25cKY6GrlL9hiuJp4HGzVNk/eWqDoobo=,tag:v1dirckcNXJjATvMikfNYw==,type:str]
+vaultwarden_env: ENC[AES256_GCM,data:dKAkO1pckFVpuN3srD99aGln8fhT69ZNCO1QbdfyJMHlypyNX3YOReR7BoAeDK5DYGRs//8/PLPynRzKPAICng7+yfNDsHHzaF+QNpY=,iv:oNntDA4cXlg5gbTZwqnpyx5nGkYzmLvds5BsAdpdUdc=,tag:IXYS+CKnVb9ZfBm/zcG3JA==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -15,8 +16,8 @@ sops:
             Y2E3bmM1TkZoOEN0anJqYUNSQUN5ZDAKtobUBBKbfaUeiPtKN4/oTNaxY3C2joCK
             8h4FlRLXd+CGnAyjN2p4FliWzLgmOg4HFNmZSmYLpIh4E9yqadNSSg==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-02-02T03:44:59Z"
+    lastmodified: "2024-02-03T13:51:00Z"
-    mac: ENC[AES256_GCM,data:iE5vx//Kxf1sZKRAuypRiimfoHvZsyDoKZsqQQtS9XeJHLj8ruMR7sqReNJ8G/0GPWhCBKepo+lEAoBkdlbaCPflERbC15AhIKtg/4qTd5sdOzyS7ZhFRDrca3KPu1xYasZVq0Q9aZp8+pFEDBkhVxY57LI6aIYYCXeixLK6+eg=,iv:ifUq5+J1t9N0sT+eK67ajku+fylsPlpNSZMu5z/BbSA=,tag:Yguv1koZljV9GHXT1nZmHQ==,type:str]
+    mac: ENC[AES256_GCM,data:m1q618alC6N3eImV20vQNQkzt2QX4haAQcD9nM4hG8GZPVxwiC7m3wmspqfquCBgFuwZ/MbD+FJnBaNJedh39LO5jahO6dp/uWxg/Kbm+3xNua47R7Ivolcp8hhU1YBMSPJpC8gdlLq4O3Wedcp0Z6fpzCMXvuaaNkiJ/e5jsxQ=,iv:6Fb4YKE4Td2bbyVNpomEdEEJ21/LXwEzPyTyOGqB76M=,tag:4a/qHFs5sHGaSJPdNbX64g==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.8.1

hosts/nixos/lapetus/services/intray.nix

@@ -31,8 +31,8 @@ in
   };
   # }}}
   # {{{ Networking & storage
-  services.nginx.virtualHosts.${apiHost} = config.satellite.proxy apiPort;
+  services.nginx.virtualHosts.${apiHost} = config.satellite.proxy apiPort { };
-  services.nginx.virtualHosts.${webHost} = config.satellite.proxy webPort;
+  services.nginx.virtualHosts.${webHost} = config.satellite.proxy webPort { };
 
   environment.persistence."/persist/state".directories = [
     "/www/intray/production/data"

hosts/nixos/lapetus/services/syncthing.nix

@@ -13,5 +13,5 @@ in
     settings.gui.insecureSkipHostcheck = true;
   };
 
-  services.nginx.virtualHosts."lapetus.syncthing.moonythm.dev" = config.satellite.proxy port;
+  services.nginx.virtualHosts."lapetus.syncthing.moonythm.dev" = config.satellite.proxy port { };
 }

hosts/nixos/lapetus/services/whoogle.nix

@@ -26,5 +26,5 @@ in
     };
   };
 
-  services.nginx.virtualHosts."search.moonythm.dev" = config.satellite.proxy port;
+  services.nginx.virtualHosts."search.moonythm.dev" = config.satellite.proxy port { };
 }

modules/nixos/nginx.nix

@@ -1,13 +1,13 @@
 { lib, ... }: {
   options.satellite.proxy = lib.mkOption {
-    type = lib.types.functionTo lib.types.anything;
+    type = lib.types.functionTo (lib.types.functionTo lib.types.anything);
     description = "Helper function for generating a quick proxy config";
   };
 
-  config.satellite.proxy = port: {
+  config.satellite.proxy = port: extra: {
     enableACME = true;
     acmeRoot = null;
     forceSSL = true;
-    locations."/".proxyPass = "http://127.0.0.1:${toString port}";
+    locations."/" = { proxyPass = "http://127.0.0.1:${toString port}"; } // extra;
   };
 }