From c51668691ae2cd0cf15c9e81196cf5179444ca86 Mon Sep 17 00:00:00 2001 From: Matei Adriel Date: Sat, 10 Feb 2024 04:15:17 +0100 Subject: [PATCH] Create initial vaultwarden setup --- hosts/nixos/lapetus/default.nix | 1 + hosts/nixos/lapetus/secrets.yaml | 5 ++-- hosts/nixos/lapetus/services/vaultwarden.nix | 31 ++++++++++++++++++++ 3 files changed, 35 insertions(+), 2 deletions(-) create mode 100644 hosts/nixos/lapetus/services/vaultwarden.nix diff --git a/hosts/nixos/lapetus/default.nix b/hosts/nixos/lapetus/default.nix index a200367..20ab3d6 100644 --- a/hosts/nixos/lapetus/default.nix +++ b/hosts/nixos/lapetus/default.nix @@ -8,6 +8,7 @@ ./services/whoogle.nix ./services/pounce.nix ./services/intray.nix + ./services/vaultwarden.nix ./filesystems ./hardware ]; diff --git a/hosts/nixos/lapetus/secrets.yaml b/hosts/nixos/lapetus/secrets.yaml index 0be6cf1..32306cf 100644 --- a/hosts/nixos/lapetus/secrets.yaml +++ b/hosts/nixos/lapetus/secrets.yaml @@ -1,4 +1,5 @@ tilde_irc_pass: ENC[AES256_GCM,data:+pw/g0pffo1zF++1H/+iFXQDCDw=,iv:zTBvaUCwt78dgv1jF9EmrTuHMnM2S+GUGpQZWY828tA=,tag:umqaQOWqy8aMOxWR0CNGHQ==,type:str] +vaultwarden_env: ENC[AES256_GCM,data:rs+1lkbvk/vmBEtrJevicROD0Ms/i7KsOuWfnroZ,iv:5zC6nCnMkdgD2eciP6xEdyY7CodOpxQKLfONKXrY3Wk=,tag:ruEziWAkLpA4CnBqynOfqg==,type:str] sops: kms: [] gcp_kms: [] @@ -23,8 +24,8 @@ sops: RHZ6alYrUU5BZ2xlMkdGR1dWRG5aeGMKJdsdtVZ6Mk9Vo3a+tS+rzAgaF2wpH+8U lWhA+c0Kbe8EJT8hm7Vr8PqBmElz4V9AnXSCTp7D+Cu4pfWsHopLUQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-01-31T20:47:59Z" - mac: ENC[AES256_GCM,data:srdBFOeQmSc5CEIAjAqVzN4GuQL2el+/Q9cyAavr6Iv/LUUysdf6XkH9U3sZBRBdlcW2RR/Fu95kzSa51QL2RYOmnm6/MM6Kwa13MfTCiLiQBeH6tmCRBO9bKPwE9W24f4RwYhK4m5dIXdhCbN+GsCg6utEEgNKRCRFYSHe6h4Y=,iv:qkz66HLu8EcSDFD6Hkk3mNcP8zxNjAb9keZG/q8d2jM=,tag:M6jybdc4FwUcWbbjbiUONQ==,type:str] + lastmodified: "2024-02-10T03:03:45Z" + mac: ENC[AES256_GCM,data:gPDces9Tg25uFXF1wST0HcmYk99gF9SwT31o4gZsxM1LMSYu1PXJJvHzc5cgbaKmWSlDMVFyg3tFyrYhDtFfVpge2KJhnw7Bvxbh8UdcMCu11AdGhZ0CoAUaXV5Vn236ZiJjaEdGrbv/7wpMdqxVVoC/oU6g6VlHgxxSyvOloeg=,iv:2n1Hkuq06ruDry6CXoWmvaJySDRwfglaAxEsC1DZZJQ=,tag:/aTDGB93ufUpV6yY/zn2Iw==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1 diff --git a/hosts/nixos/lapetus/services/vaultwarden.nix b/hosts/nixos/lapetus/services/vaultwarden.nix new file mode 100644 index 0000000..bbd5fbb --- /dev/null +++ b/hosts/nixos/lapetus/services/vaultwarden.nix @@ -0,0 +1,31 @@ +{ config, ... }: +let + port = 8404; + host = "warden.moonythm.dev"; +in +{ + sops.secrets.vaultwarden_env.sopsFile = ../secrets.yaml; + + services.vaultwarden = { + enable = true; + environmentFile = config.sops.secrets.vaultwarden_env.path; + config = { + DOMAIN = "https://${host}"; + ROCKET_ADDRESS = "127.0.0.1"; + ROCKET_PORT = port; + DATA_FOLDER = "/persist/state/var/lib/vaultwarden"; + + SIGNUPS_ALLOWED = true; + SHOW_PASSWORD_HINT = false; + + SMTP_SECURITY = "force_tls"; + SMTP_PORT = 465; + SMTP_HOST = "smtp.migadu.com"; + SMTP_FROM = "vaultwarden@orbit.moonythm.dev"; + SMTP_USERNAME = "vaultwarden"; + }; + }; + + services.nginx.virtualHosts.${host} = + config.satellite.proxy port { proxyWebsockets = true; }; +}