cleslie/nixfiles
1
0
Fork 0
mirror of https://github.com/callumio/nixfiles.git synced 2025-12-17 03:29:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

vaultwarden

Browse source
This commit is contained in:
Callum Leslie 2024-10-15 16:32:53 +01:00
parent 661ded9126
commit af15c64ead
Signed by: cleslie
GPG key ID: D382C4AFEECEAA90
5 changed files with 39 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
home/c/programs/rbw/default.nix
View file

@ -3,7 +3,7 @@
enable = true; enable = true;
settings = { settings = {
base_url = "https://vaultwarden.cleslie.uk"; base_url = "https://vaultwarden.cleslie.uk";
email = "cal@callumleslie.me"; email = "vw@cleslie.uk";
pinentry = pkgs.pinentry-gnome3; pinentry = pkgs.pinentry-gnome3;
}; };
}; };

1
hosts/hermes/default.nix
View file

@ -11,5 +11,6 @@
./media.nix ./media.nix
./headscale.nix ./headscale.nix
./forgejo.nix ./forgejo.nix
./vaultwarden.nix
]; ];
} }

29
hosts/hermes/vaultwarden.nix Normal file
View file

@ -0,0 +1,29 @@
{config, ...}: let
domain = "vaultwarden.cleslie.uk";
in {
services = {
cloudflare-dyndns.domains = [domain];
vaultwarden = {
enable = true;
dbBackend = "sqlite";
config = {
DOMAIN = "https://${domain}";
SIGNUPS_ALLOWED = false;
ROCKET_ADDRESS = "127.0.0.1";
ROCKET_PORT = 8222;
ROCKET_LOG = "critical";
};
environmentFile = "${config.age.secrets.vaultwarden-env.path}";
};
caddy.virtualHosts.${domain}.extraConfig = ''
reverse_proxy localhost:${toString config.services.vaultwarden.config.ROCKET_PORT} {
header_up X-Real-IP {remote_host}
}
'';
};
age.secrets."vaultwarden-env" = {
file = ../../secrets/vaultwarden-env.age;
};
}

1
secrets/secrets.nix
View file

@ -11,4 +11,5 @@ in {
"mesh-conf-cleslie.age".publicKeys = keys.c ++ allSystems; "mesh-conf-cleslie.age".publicKeys = keys.c ++ allSystems;
"forgejo-password.age".publicKeys = keys.c ++ [systems.hermes]; "forgejo-password.age".publicKeys = keys.c ++ [systems.hermes];
"cloudflare-api.age".publicKeys = keys.c ++ [systems.hermes]; "cloudflare-api.age".publicKeys = keys.c ++ [systems.hermes];
"vaultwarden-env.age".publicKeys = keys.c ++ [systems.hermes];
} }

7
secrets/vaultwarden-env.age Normal file
View file

@ -0,0 +1,7 @@
age-encryption.org/v1
-> ssh-ed25519 /RyXeg FyWjw52mFlS8j8s0hZZvu1C1jy4kFNHEMDyMer7uQjw
5nZS6DoNscDHLmB77aRfOiG/CxRDpGmo/q+2D15MrZM
-> ssh-ed25519 aSaoJQ yuB2O/EitRDPlpIjTQT7lz+gLBnVTaHMgJ2enexvWnk
+2BXZOWHuIDoQfZoh5X1XIuy2HJP+tJQh7ZJ6uxI48k
--- u4zTk4QXTWj0SdzP/2aHnGsN6MHdyEAhGRzTgpIgCeE
t8€·XRƒT ØÒv`;©];u]ó6DRzú³zl¦×[…êˆé6O´Š3õÅ—f@ʦ•cEŒ‡X{õ ‡#[gb§¹G, ©ÀÉèîAÎp ±±nЭ<E280B9>ÁUƒ"ä†îøä÷ɺù_©°ØÉÉ”ó%™«ÖD<C396>LŽç,4Ù&ÆÅê<C385>êoNH‹¶&…<>!Pwz&¶¡ýÝÆÝ!¸S®H—(@~Ÿ~Þ{!