diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index beeab84..41610a1 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -9,7 +9,7 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - - uses: cachix/install-nix-action@V28 + - uses: cachix/install-nix-action@v30 with: nix_path: nixpkgs=channel:nixos-unstable - name: Free Disk Space diff --git a/.github/workflows/update-flake.yml b/.github/workflows/update-flake.yml index 31a89de..72e4eb3 100644 --- a/.github/workflows/update-flake.yml +++ b/.github/workflows/update-flake.yml @@ -12,7 +12,7 @@ jobs: - name: Checkout repository uses: actions/checkout@v4 - name: Install Nix - uses: cachix/install-nix-action@V28 + uses: cachix/install-nix-action@v30 - name: Update flake.lock uses: DeterminateSystems/update-flake-lock@v24 with: diff --git a/flake.lock b/flake.lock index e003ed0..346f854 100644 --- a/flake.lock +++ b/flake.lock @@ -73,22 +73,6 @@ "type": "github" } }, - "base16-foot": { - "flake": false, - "locked": { - "lastModified": 1696725948, - "narHash": "sha256-65bz2bUL/yzZ1c8/GQASnoiGwaF8DczlxJtzik1c0AU=", - "owner": "tinted-theming", - "repo": "base16-foot", - "rev": "eedbcfa30de0a4baa03e99f5e3ceb5535c2755ce", - "type": "github" - }, - "original": { - "owner": "tinted-theming", - "repo": "base16-foot", - "type": "github" - } - }, "base16-helix": { "flake": false, "locked": { @@ -105,38 +89,6 @@ "type": "github" } }, - "base16-kitty": { - "flake": false, - "locked": { - "lastModified": 1665001328, - "narHash": "sha256-aRaizTYPpuWEcvoYE9U+YRX+Wsc8+iG0guQJbvxEdJY=", - "owner": "kdrag0n", - "repo": "base16-kitty", - "rev": "06bb401fa9a0ffb84365905ffbb959ae5bf40805", - "type": "github" - }, - "original": { - "owner": "kdrag0n", - "repo": "base16-kitty", - "type": "github" - } - }, - "base16-tmux": { - "flake": false, - "locked": { - "lastModified": 1696725902, - "narHash": "sha256-wDPg5elZPcQpu7Df0lI5O8Jv4A3T6jUQIVg63KDU+3Q=", - "owner": "tinted-theming", - "repo": "base16-tmux", - "rev": "c02050bebb60dbb20cb433cd4d8ce668ecc11ba7", - "type": "github" - }, - "original": { - "owner": "tinted-theming", - "repo": "base16-tmux", - "type": "github" - } - }, "base16-vim": { "flake": false, "locked": { @@ -286,11 +238,11 @@ ] }, "locked": { - "lastModified": 1726842196, - "narHash": "sha256-u9h03JQUuQJ607xmti9F9Eh6E96kKUAGP+aXWgwm70o=", + "lastModified": 1729281548, + "narHash": "sha256-MuojlSnwAJAwfhgmW8ZtZrwm2Sko4fqubCvReqbUzYw=", "owner": "nix-community", "repo": "disko", - "rev": "51994df8ba24d5db5459ccf17b6494643301ad28", + "rev": "a6a3179ddf396dfc28a078e2f169354d0c137125", "type": "github" }, "original": { @@ -330,11 +282,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1726891391, - "narHash": "sha256-o01/njm1G+5H5dJoHncIaO8Fu/jfSgu/0radj4LaHcE=", + "lastModified": 1729310596, + "narHash": "sha256-O+g7eF0OTJKce30wTBHJBRSguAzaB9LkOkDEstksOVI=", "owner": "rycee", "repo": "nur-expressions", - "rev": "cecf006ed59b5e41a7ee3378f57ee3729e8a67bc", + "rev": "d6e0e74257ac513166c7ab4baa25f5335a6b7b5e", "type": "gitlab" }, "original": { @@ -460,11 +412,11 @@ ] }, "locked": { - "lastModified": 1726153070, - "narHash": "sha256-HO4zgY0ekfwO5bX0QH/3kJ/h4KvUDFZg8YpkNwIbg1U=", + "lastModified": 1727826117, + "narHash": "sha256-K5ZLCyfO/Zj9mPFldf3iwS6oZStJcU4tSpiXTMYaaL0=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "bcef6817a8b2aa20a5a6dbb19b43e63c5bf8619a", + "rev": "3d04084d54bedc3d6b8b736c70ef449225c361b1", "type": "github" }, "original": { @@ -896,11 +848,11 @@ ] }, "locked": { - "lastModified": 1726818100, - "narHash": "sha256-z2V74f5vXqkN5Q+goFlhbFXY/dNaBAyeLpr2bxu4Eic=", + "lastModified": 1726989464, + "narHash": "sha256-Vl+WVTJwutXkimwGprnEtXc/s/s8sMuXzqXaspIGlwM=", "owner": "nix-community", "repo": "home-manager", - "rev": "1bbc1a5a1f4de7401c92db85b2119ed21bb4139d", + "rev": "2f23fa308a7c067e52dfcc30a0758f47043ec176", "type": "github" }, "original": { @@ -1170,11 +1122,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1726688310, - "narHash": "sha256-Xc9lEtentPCEtxc/F1e6jIZsd4MPDYv4Kugl9WtXlz0=", + "lastModified": 1729181673, + "narHash": "sha256-LDiPhQ3l+fBjRATNtnuDZsBS7hqoBtPkKBkhpoBHv3I=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "dbebdd67a6006bb145d98c8debf9140ac7e651d0", + "rev": "4eb33fe664af7b41a4c446f87d20c9a0a6321fa3", "type": "github" }, "original": { @@ -1414,11 +1366,11 @@ ] }, "locked": { - "lastModified": 1726884458, - "narHash": "sha256-Pu1Lh4JwW9nQWt/iu8fybzEsa1DaZU7PhDtLr1BzmiU=", + "lastModified": 1729281086, + "narHash": "sha256-AoYOCLIcvqFaO3IXApZkLYjTItGrUr2yyiyBTTYi15w=", "owner": "juspay", "repo": "omnix", - "rev": "40da50ae7d873eea97d134ef8a266de4d16e7d40", + "rev": "be6ce4a0c31fc4cde860104baeb7af02ae924c73", "type": "github" }, "original": { @@ -1439,11 +1391,11 @@ "nixpkgs-stable": "nixpkgs-stable_2" }, "locked": { - "lastModified": 1726745158, - "narHash": "sha256-D5AegvGoEjt4rkKedmxlSEmC+nNLMBPWFxvmYnVLhjk=", + "lastModified": 1729104314, + "narHash": "sha256-pZRZsq5oCdJt3upZIU4aslS9XwFJ+/nVtALHIciX/BI=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "4e743a6920eab45e8ba0fbe49dc459f1423a4b74", + "rev": "3c3e88f0f544d6bb54329832616af7eb971b6be6", "type": "github" }, "original": { @@ -1627,10 +1579,7 @@ "inputs": { "base16": "base16", "base16-fish": "base16-fish", - "base16-foot": "base16-foot", "base16-helix": "base16-helix", - "base16-kitty": "base16-kitty", - "base16-tmux": "base16-tmux", "base16-vim": "base16-vim", "flake-compat": "flake-compat_7", "flake-utils": "flake-utils_4", @@ -1641,14 +1590,17 @@ "nixpkgs": [ "unstable" ], - "systems": "systems_4" + "systems": "systems_4", + "tinted-foot": "tinted-foot", + "tinted-kitty": "tinted-kitty", + "tinted-tmux": "tinted-tmux" }, "locked": { - "lastModified": 1726828291, - "narHash": "sha256-pGRPVVm7UXf+fx2NVpH6FFSWR9AynG6eoVlagaqH9i4=", + "lastModified": 1728900372, + "narHash": "sha256-hmG/u7qZEm7CTh1XPDi+pg4Oi0nNrv7sL8PgZDRe6wg=", "owner": "danth", "repo": "stylix", - "rev": "53bcceb4e46d0b3e8ae6434a7a6bcc3463092093", + "rev": "33a2eff15181e557bb6dd9d2073b90f7d218975d", "type": "github" }, "original": { @@ -1732,6 +1684,55 @@ "type": "github" } }, + "tinted-foot": { + "flake": false, + "locked": { + "lastModified": 1696725948, + "narHash": "sha256-65bz2bUL/yzZ1c8/GQASnoiGwaF8DczlxJtzik1c0AU=", + "owner": "tinted-theming", + "repo": "tinted-foot", + "rev": "eedbcfa30de0a4baa03e99f5e3ceb5535c2755ce", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "tinted-foot", + "type": "github" + } + }, + "tinted-kitty": { + "flake": false, + "locked": { + "lastModified": 1716423189, + "narHash": "sha256-2xF3sH7UIwegn+2gKzMpFi3pk5DlIlM18+vj17Uf82U=", + "owner": "tinted-theming", + "repo": "tinted-kitty", + "rev": "eb39e141db14baef052893285df9f266df041ff8", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "tinted-kitty", + "rev": "eb39e141db14baef052893285df9f266df041ff8", + "type": "github" + } + }, + "tinted-tmux": { + "flake": false, + "locked": { + "lastModified": 1696725902, + "narHash": "sha256-wDPg5elZPcQpu7Df0lI5O8Jv4A3T6jUQIVg63KDU+3Q=", + "owner": "tinted-theming", + "repo": "tinted-tmux", + "rev": "c02050bebb60dbb20cb433cd4d8ce668ecc11ba7", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "tinted-tmux", + "type": "github" + } + }, "treefmt-nix": { "inputs": { "nixpkgs": [ @@ -1783,11 +1784,11 @@ ] }, "locked": { - "lastModified": 1726734507, - "narHash": "sha256-VUH5O5AcOSxb0uL/m34dDkxFKP6WLQ6y4I1B4+N3L2w=", + "lastModified": 1729242555, + "narHash": "sha256-6jWSWxv2crIXmYSEb3LEVsFkCkyVHNllk61X4uhqfCs=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "ee41a466c2255a3abe6bc50fc6be927cdee57a9f", + "rev": "d986489c1c757f6921a48c1439f19bfb9b8ecab5", "type": "github" }, "original": { @@ -1798,11 +1799,11 @@ }, "unstable": { "locked": { - "lastModified": 1726755586, - "narHash": "sha256-PmUr/2GQGvFTIJ6/Tvsins7Q43KTMvMFhvG6oaYK+Wk=", + "lastModified": 1729070438, + "narHash": "sha256-KOTTUfPkugH52avUvXGxvWy8ibKKj4genodIYUED+Kc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "c04d5652cfa9742b1d519688f65d1bbccea9eb7e", + "rev": "5785b6bb5eaae44e627d541023034e1601455827", "type": "github" }, "original": { diff --git a/home/c/programs/rbw/default.nix b/home/c/programs/rbw/default.nix index a95f30a..7a1139e 100644 --- a/home/c/programs/rbw/default.nix +++ b/home/c/programs/rbw/default.nix @@ -3,7 +3,7 @@ enable = true; settings = { base_url = "https://vaultwarden.cleslie.uk"; - email = "cal@callumleslie.me"; + email = "vw@cleslie.uk"; pinentry = pkgs.pinentry-gnome3; }; }; diff --git a/hosts/hermes/default.nix b/hosts/hermes/default.nix index da82c9e..d6978bd 100644 --- a/hosts/hermes/default.nix +++ b/hosts/hermes/default.nix @@ -11,5 +11,6 @@ ./media.nix ./headscale.nix ./forgejo.nix + ./vaultwarden.nix ]; } diff --git a/hosts/hermes/vaultwarden.nix b/hosts/hermes/vaultwarden.nix new file mode 100644 index 0000000..5808748 --- /dev/null +++ b/hosts/hermes/vaultwarden.nix @@ -0,0 +1,29 @@ +{config, ...}: let + domain = "vaultwarden.cleslie.uk"; +in { + services = { + cloudflare-dyndns.domains = [domain]; + vaultwarden = { + enable = true; + dbBackend = "sqlite"; + config = { + DOMAIN = "https://${domain}"; + SIGNUPS_ALLOWED = false; + ROCKET_ADDRESS = "127.0.0.1"; + ROCKET_PORT = 8222; + ROCKET_LOG = "critical"; + }; + environmentFile = "${config.age.secrets.vaultwarden-env.path}"; + }; + + caddy.virtualHosts.${domain}.extraConfig = '' + reverse_proxy localhost:${toString config.services.vaultwarden.config.ROCKET_PORT} { + header_up X-Real-IP {remote_host} + } + ''; + }; + + age.secrets."vaultwarden-env" = { + file = ../../secrets/vaultwarden-env.age; + }; +} diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 6aed516..f66bfbb 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -11,4 +11,5 @@ in { "mesh-conf-cleslie.age".publicKeys = keys.c ++ allSystems; "forgejo-password.age".publicKeys = keys.c ++ [systems.hermes]; "cloudflare-api.age".publicKeys = keys.c ++ [systems.hermes]; + "vaultwarden-env.age".publicKeys = keys.c ++ [systems.hermes]; } diff --git a/secrets/vaultwarden-env.age b/secrets/vaultwarden-env.age new file mode 100644 index 0000000..587ca80 --- /dev/null +++ b/secrets/vaultwarden-env.age @@ -0,0 +1,7 @@ +age-encryption.org/v1 +-> ssh-ed25519 /RyXeg FyWjw52mFlS8j8s0hZZvu1C1jy4kFNHEMDyMer7uQjw +5nZS6DoNscDHLmB77aRfOiG/CxRDpGmo/q+2D15MrZM +-> ssh-ed25519 aSaoJQ yuB2O/EitRDPlpIjTQT7lz+gLBnVTaHMgJ2enexvWnk ++2BXZOWHuIDoQfZoh5X1XIuy2HJP+tJQh7ZJ6uxI48k +--- u4zTk4QXTWj0SdzP/2aHnGsN6MHdyEAhGRzTgpIgCeE +t8XRTv`;];u]6DRzzl[6O3ŗf@ʦcEXC{ #[gbG, ApnЋU"ɺ_ɔ%DL,4&oNH&!Pwz&Æ!SH(@~~{! \ No newline at end of file