From c51668691ae2cd0cf15c9e81196cf5179444ca86 Mon Sep 17 00:00:00 2001
From: Matei Adriel <rafaeladriel11@gmail.com>
Date: Sat, 10 Feb 2024 04:15:17 +0100
Subject: [PATCH] Create initial vaultwarden setup

---
 hosts/nixos/lapetus/default.nix              |  1 +
 hosts/nixos/lapetus/secrets.yaml             |  5 ++--
 hosts/nixos/lapetus/services/vaultwarden.nix | 31 ++++++++++++++++++++
 3 files changed, 35 insertions(+), 2 deletions(-)
 create mode 100644 hosts/nixos/lapetus/services/vaultwarden.nix

diff --git a/hosts/nixos/lapetus/default.nix b/hosts/nixos/lapetus/default.nix
index a200367..20ab3d6 100644
--- a/hosts/nixos/lapetus/default.nix
+++ b/hosts/nixos/lapetus/default.nix
@@ -8,6 +8,7 @@
     ./services/whoogle.nix
     ./services/pounce.nix
     ./services/intray.nix
+    ./services/vaultwarden.nix
     ./filesystems
     ./hardware
   ];
diff --git a/hosts/nixos/lapetus/secrets.yaml b/hosts/nixos/lapetus/secrets.yaml
index 0be6cf1..32306cf 100644
--- a/hosts/nixos/lapetus/secrets.yaml
+++ b/hosts/nixos/lapetus/secrets.yaml
@@ -1,4 +1,5 @@
 tilde_irc_pass: ENC[AES256_GCM,data:+pw/g0pffo1zF++1H/+iFXQDCDw=,iv:zTBvaUCwt78dgv1jF9EmrTuHMnM2S+GUGpQZWY828tA=,tag:umqaQOWqy8aMOxWR0CNGHQ==,type:str]
+vaultwarden_env: ENC[AES256_GCM,data:rs+1lkbvk/vmBEtrJevicROD0Ms/i7KsOuWfnroZ,iv:5zC6nCnMkdgD2eciP6xEdyY7CodOpxQKLfONKXrY3Wk=,tag:ruEziWAkLpA4CnBqynOfqg==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -23,8 +24,8 @@ sops:
             RHZ6alYrUU5BZ2xlMkdGR1dWRG5aeGMKJdsdtVZ6Mk9Vo3a+tS+rzAgaF2wpH+8U
             lWhA+c0Kbe8EJT8hm7Vr8PqBmElz4V9AnXSCTp7D+Cu4pfWsHopLUQ==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-01-31T20:47:59Z"
-    mac: ENC[AES256_GCM,data:srdBFOeQmSc5CEIAjAqVzN4GuQL2el+/Q9cyAavr6Iv/LUUysdf6XkH9U3sZBRBdlcW2RR/Fu95kzSa51QL2RYOmnm6/MM6Kwa13MfTCiLiQBeH6tmCRBO9bKPwE9W24f4RwYhK4m5dIXdhCbN+GsCg6utEEgNKRCRFYSHe6h4Y=,iv:qkz66HLu8EcSDFD6Hkk3mNcP8zxNjAb9keZG/q8d2jM=,tag:M6jybdc4FwUcWbbjbiUONQ==,type:str]
+    lastmodified: "2024-02-10T03:03:45Z"
+    mac: ENC[AES256_GCM,data:gPDces9Tg25uFXF1wST0HcmYk99gF9SwT31o4gZsxM1LMSYu1PXJJvHzc5cgbaKmWSlDMVFyg3tFyrYhDtFfVpge2KJhnw7Bvxbh8UdcMCu11AdGhZ0CoAUaXV5Vn236ZiJjaEdGrbv/7wpMdqxVVoC/oU6g6VlHgxxSyvOloeg=,iv:2n1Hkuq06ruDry6CXoWmvaJySDRwfglaAxEsC1DZZJQ=,tag:/aTDGB93ufUpV6yY/zn2Iw==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.8.1
diff --git a/hosts/nixos/lapetus/services/vaultwarden.nix b/hosts/nixos/lapetus/services/vaultwarden.nix
new file mode 100644
index 0000000..bbd5fbb
--- /dev/null
+++ b/hosts/nixos/lapetus/services/vaultwarden.nix
@@ -0,0 +1,31 @@
+{ config, ... }:
+let
+  port = 8404;
+  host = "warden.moonythm.dev";
+in
+{
+  sops.secrets.vaultwarden_env.sopsFile = ../secrets.yaml;
+
+  services.vaultwarden = {
+    enable = true;
+    environmentFile = config.sops.secrets.vaultwarden_env.path;
+    config = {
+      DOMAIN = "https://${host}";
+      ROCKET_ADDRESS = "127.0.0.1";
+      ROCKET_PORT = port;
+      DATA_FOLDER = "/persist/state/var/lib/vaultwarden";
+
+      SIGNUPS_ALLOWED = true;
+      SHOW_PASSWORD_HINT = false;
+
+      SMTP_SECURITY = "force_tls";
+      SMTP_PORT = 465;
+      SMTP_HOST = "smtp.migadu.com";
+      SMTP_FROM = "vaultwarden@orbit.moonythm.dev";
+      SMTP_USERNAME = "vaultwarden";
+    };
+  };
+
+  services.nginx.virtualHosts.${host} =
+    config.satellite.proxy port { proxyWebsockets = true; };
+}