Add vaultwarden.

2025-02-03 18:10:01 -06:00 · 2025-02-03 18:10:01 -06:00 · cf9c488824
commit cf9c488824
parent abeef2cb58
8 changed files with 29 additions and 10 deletions
--- a/machines/lebesgue/config/configuration.nix
+++ b/machines/lebesgue/config/configuration.nix
@ -4,15 +4,18 @@
  pkgs,
  ...
 }: {
-  imports = [
-    ./hardware-configuration.nix
-  ];
-
  foehammer = {
    users.admin = {
      enable = true;
      hashedPasswordFile = config.sops.secrets.admin-password.path;
    };
+
+    services.vaultwarden = {
+      enable = true;
+      domain = "https://passwords.foehammer.me";
+      signups = false;
+      envPath = config.sops.secrets.vaultwarden-env.path;
+    };
  };

  services.tailscale = {
--- a/machines/lebesgue/config/routing.nix
+++ b/machines/lebesgue/config/routing.nix
@ -0,0 +1,13 @@
+{config, ...}: {
+  foehammer.caddy.enable = true;
+
+  services.caddy = {
+    virtualHosts = {
+      "passwords.foehammer.me" = {
+        extraConfig = ''
+          reverse_proxy :${toString config.foehammer.services.vaultwarden.port}
+        '';
+      };
+    };
+  };
+}
--- a/machines/lebesgue/config/secrets.nix
+++ b/machines/lebesgue/config/secrets.nix
@ -5,6 +5,7 @@
    secrets = {
      admin-password.neededForUsers = true;
      tskey = {};
+      vaultwarden-env = {};
    };
  };
 }
--- a/machines/lebesgue/config/state.nix
+++ b/machines/lebesgue/config/state.nix
@ -8,6 +8,7 @@
        "/var/log"
        "/var/lib/nixos"
        "/var/lib/docker"
+        "/var/lib/caddy/.local/share/caddy"
      ]
      ++ config.foehammer.backups.paths;