prescientmoon/satellite
1
Fork 0
Code Activity

Update vaultwarden secret perms

Browse source
This commit is contained in:
Matei Adriel 2024-02-10 05:11:50 +01:00
parent db8727d99b
commit 4bfd8b6a9f
No known key found for this signature in database
1 changed files with 10 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
hosts/nixos/lapetus/services/vaultwarden.nix
View file

@ -4,11 +4,17 @@ let
host = "warden.moonythm.dev"; host = "warden.moonythm.dev";
in in
{ {
sops.secrets.vaultwarden_env.sopsFile = ../secrets.yaml;
services.nginx.virtualHosts.${host} = services.nginx.virtualHosts.${host} =
config.satellite.proxy port { proxyWebsockets = true; }; config.satellite.proxy port { proxyWebsockets = true; };
# {{{ Persistence # {{{ Secrets
sops.secrets.vaultwarden_env = {
sopsFile = ../secrets.yaml;
owner = config.users.users.vaultwarden.name;
group = config.users.users.vaultwarden.group;
};
# }}}
# {{{ General config
services.vaultwarden = { services.vaultwarden = {
enable = true; enable = true;
environmentFile = config.sops.secrets.vaultwarden_env.path; environmentFile = config.sops.secrets.vaultwarden_env.path;
@ -32,8 +38,8 @@ in
environment.persistence."/persist/state".directories = [{ environment.persistence."/persist/state".directories = [{
directory = "/var/lib/bitwarden_rs"; directory = "/var/lib/bitwarden_rs";
mode = "u=rwx,g=,o="; mode = "u=rwx,g=,o=";
user = "vaultwarden"; user = config.users.users.vaultwarden.name;
group = "vaultwarden"; group = config.users.users.vaultwarden.group;
}]; }];
# }}} # }}}
} }