From af15c64ead7b34cf0cd6e275375643866892c6fe Mon Sep 17 00:00:00 2001
From: Callum Leslie <git@cleslie.uk>
Date: Tue, 15 Oct 2024 16:32:53 +0100
Subject: [PATCH 1/2] vaultwarden

---
 home/c/programs/rbw/default.nix |  2 +-
 hosts/hermes/default.nix        |  1 +
 hosts/hermes/vaultwarden.nix    | 29 +++++++++++++++++++++++++++++
 secrets/secrets.nix             |  1 +
 secrets/vaultwarden-env.age     |  7 +++++++
 5 files changed, 39 insertions(+), 1 deletion(-)
 create mode 100644 hosts/hermes/vaultwarden.nix
 create mode 100644 secrets/vaultwarden-env.age

diff --git a/home/c/programs/rbw/default.nix b/home/c/programs/rbw/default.nix
index a95f30a..7a1139e 100644
--- a/home/c/programs/rbw/default.nix
+++ b/home/c/programs/rbw/default.nix
@@ -3,7 +3,7 @@
     enable = true;
     settings = {
       base_url = "https://vaultwarden.cleslie.uk";
-      email = "cal@callumleslie.me";
+      email = "vw@cleslie.uk";
       pinentry = pkgs.pinentry-gnome3;
     };
   };
diff --git a/hosts/hermes/default.nix b/hosts/hermes/default.nix
index da82c9e..d6978bd 100644
--- a/hosts/hermes/default.nix
+++ b/hosts/hermes/default.nix
@@ -11,5 +11,6 @@
     ./media.nix
     ./headscale.nix
     ./forgejo.nix
+    ./vaultwarden.nix
   ];
 }
diff --git a/hosts/hermes/vaultwarden.nix b/hosts/hermes/vaultwarden.nix
new file mode 100644
index 0000000..5808748
--- /dev/null
+++ b/hosts/hermes/vaultwarden.nix
@@ -0,0 +1,29 @@
+{config, ...}: let
+  domain = "vaultwarden.cleslie.uk";
+in {
+  services = {
+    cloudflare-dyndns.domains = [domain];
+    vaultwarden = {
+      enable = true;
+      dbBackend = "sqlite";
+      config = {
+        DOMAIN = "https://${domain}";
+        SIGNUPS_ALLOWED = false;
+        ROCKET_ADDRESS = "127.0.0.1";
+        ROCKET_PORT = 8222;
+        ROCKET_LOG = "critical";
+      };
+      environmentFile = "${config.age.secrets.vaultwarden-env.path}";
+    };
+
+    caddy.virtualHosts.${domain}.extraConfig = ''
+      reverse_proxy localhost:${toString config.services.vaultwarden.config.ROCKET_PORT} {
+        header_up X-Real-IP {remote_host}
+      }
+    '';
+  };
+
+  age.secrets."vaultwarden-env" = {
+    file = ../../secrets/vaultwarden-env.age;
+  };
+}
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 6aed516..f66bfbb 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -11,4 +11,5 @@ in {
   "mesh-conf-cleslie.age".publicKeys = keys.c ++ allSystems;
   "forgejo-password.age".publicKeys = keys.c ++ [systems.hermes];
   "cloudflare-api.age".publicKeys = keys.c ++ [systems.hermes];
+  "vaultwarden-env.age".publicKeys = keys.c ++ [systems.hermes];
 }
diff --git a/secrets/vaultwarden-env.age b/secrets/vaultwarden-env.age
new file mode 100644
index 0000000..587ca80
--- /dev/null
+++ b/secrets/vaultwarden-env.age
@@ -0,0 +1,7 @@
+age-encryption.org/v1
+-> ssh-ed25519 /RyXeg FyWjw52mFlS8j8s0hZZvu1C1jy4kFNHEMDyMer7uQjw
+5nZS6DoNscDHLmB77aRfOiG/CxRDpGmo/q+2D15MrZM
+-> ssh-ed25519 aSaoJQ yuB2O/EitRDPlpIjTQT7lz+gLBnVTaHMgJ2enexvWnk
++2BXZOWHuIDoQfZoh5X1XIuy2HJP+tJQh7ZJ6uxI48k
+--- u4zTk4QXTWj0SdzP/2aHnGsN6MHdyEAhGRzTgpIgCeE
+t8€·XRƒT ØÒv`;©];u]ó6DRzú³zl¦×[…êˆé6O´Š3õÅ—f@Ê¦•cEŒ‡X’CÌ{õ‡#[gb§¹G,›©ÀÉèîAÎp ±±nÐ‹­ÁUƒ"ä†îøä÷Éºù_‘‹©°ØÉÉ”ó%™«ÖDLŽç,4Ù&ÆÅêêoNH‹¶&…!Pwz&¶¡ýÝÃ†Ý!¸S®H—(@~Ÿ~Þ{!
\ No newline at end of file

From 423418f69e1ca0846dd0590474b6d1935d07061b Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 7 Oct 2024 10:11:18 +0000
Subject: [PATCH 2/2] ci: bump cachix/install-nix-action from V28 to 30

Bumps [cachix/install-nix-action](https://github.com/cachix/install-nix-action) from V28 to 30. This release includes the previously tagged commit.
- [Release notes](https://github.com/cachix/install-nix-action/releases)
- [Commits](https://github.com/cachix/install-nix-action/compare/V28...v30)

---
updated-dependencies:
- dependency-name: cachix/install-nix-action
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/ci.yml           | 2 +-
 .github/workflows/update-flake.yml | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index beeab84..41610a1 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -9,7 +9,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
-      - uses: cachix/install-nix-action@V28
+      - uses: cachix/install-nix-action@v30
         with:
           nix_path: nixpkgs=channel:nixos-unstable
       - name: Free Disk Space
diff --git a/.github/workflows/update-flake.yml b/.github/workflows/update-flake.yml
index 31a89de..72e4eb3 100644
--- a/.github/workflows/update-flake.yml
+++ b/.github/workflows/update-flake.yml
@@ -12,7 +12,7 @@ jobs:
       - name: Checkout repository
         uses: actions/checkout@v4
       - name: Install Nix
-        uses: cachix/install-nix-action@V28
+        uses: cachix/install-nix-action@v30
       - name: Update flake.lock
         uses: DeterminateSystems/update-flake-lock@v24
         with: