lorenzo/servers
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add vaultwarden.

Browse source
This commit is contained in:
Lorenzo Good 2025-02-03 18:10:01 -06:00
parent abeef2cb58
commit cf9c488824
Signed by: lorenzo
GPG key ID: 7FCD64BD81180ED0
8 changed files with 29 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

11
machines/lebesgue/config/configuration.nix
View file

@ -4,15 +4,18 @@
pkgs, pkgs,
... ...
}: { }: {
imports = [
./hardware-configuration.nix
];
foehammer = { foehammer = {
users.admin = { users.admin = {
enable = true; enable = true;
hashedPasswordFile = config.sops.secrets.admin-password.path; hashedPasswordFile = config.sops.secrets.admin-password.path;
}; };
services.vaultwarden = {
enable = true;
domain = "https://passwords.foehammer.me";
signups = false;
envPath = config.sops.secrets.vaultwarden-env.path;
};
}; };
services.tailscale = { services.tailscale = {

13
machines/lebesgue/config/routing.nix Normal file
View file

@ -0,0 +1,13 @@
{config, ...}: {
foehammer.caddy.enable = true;
services.caddy = {
virtualHosts = {
"passwords.foehammer.me" = {
extraConfig = ''
reverse_proxy :${toString config.foehammer.services.vaultwarden.port}
'';
};
};
};
}

1
machines/lebesgue/config/secrets.nix
View file

@ -5,6 +5,7 @@
secrets = { secrets = {
admin-password.neededForUsers = true; admin-password.neededForUsers = true;
tskey = {}; tskey = {};
vaultwarden-env = {};
}; };
}; };
} }

1
machines/lebesgue/config/state.nix
View file

@ -8,6 +8,7 @@
"/var/log" "/var/log"
"/var/lib/nixos" "/var/lib/nixos"
"/var/lib/docker" "/var/lib/docker"
"/var/lib/caddy/.local/share/caddy"
] ]
++ config.foehammer.backups.paths; ++ config.foehammer.backups.paths;

2
machines/lebesgue/flake.lock generated
View file

@ -7,7 +7,7 @@
}, },
"locked": { "locked": {
"lastModified": 1, "lastModified": 1,
"narHash": "sha256-WEokvgGDzO4WVp5gHu9rZVPyNzMdLuX8dMV/Zhf9OwQ=", "narHash": "sha256-o3CFNeEY0LvR1kOSCVC8nxPqL3TggTQ9PcWKdy+2l2A=",
"path": "../../nixos", "path": "../../nixos",
"type": "path" "type": "path"
}, },

5
machines/lebesgue/secrets/main.yaml
View file

@ -1,5 +1,6 @@
admin-password: ENC[AES256_GCM,data:Uc5c1Z9yiU+zwXn5c8S7w3jpw3TNzvsznbNJ7Ay9SV+F8itPTjIwFzp+KHwZaWRFdv6joAwj5ZVgqmhghSG1JA56qJW4PVs+Mw==,iv:Aj+YoV9mDB+nIwiT80sd2EhMGerDq9HC+Hypq/5+6hc=,tag:616ws4u6hyuwEmwMPvUucA==,type:str] admin-password: ENC[AES256_GCM,data:Uc5c1Z9yiU+zwXn5c8S7w3jpw3TNzvsznbNJ7Ay9SV+F8itPTjIwFzp+KHwZaWRFdv6joAwj5ZVgqmhghSG1JA56qJW4PVs+Mw==,iv:Aj+YoV9mDB+nIwiT80sd2EhMGerDq9HC+Hypq/5+6hc=,tag:616ws4u6hyuwEmwMPvUucA==,type:str]
tskey: ENC[AES256_GCM,data:iJdTZHoakbQQ6e1qZDEyVnB3mtJdGKQd1gVV03VTUeiulqeeK20MDZvZ32XveNwJ32D//BKGV/gaOdYOEE4=,iv:1vdI8UMz0KwsyLJ3t5elIkXc/xHITmV5T4+IWdqYdyE=,tag:V+b6Z9+f5LqqAJP46kDEww==,type:str] tskey: ENC[AES256_GCM,data:iJdTZHoakbQQ6e1qZDEyVnB3mtJdGKQd1gVV03VTUeiulqeeK20MDZvZ32XveNwJ32D//BKGV/gaOdYOEE4=,iv:1vdI8UMz0KwsyLJ3t5elIkXc/xHITmV5T4+IWdqYdyE=,tag:V+b6Z9+f5LqqAJP46kDEww==,type:str]
vaultwarden-env: ENC[AES256_GCM,data:A1iRHxFxgI5P8DtsXQa1KvEKKnF+qZY7LVuJba00CLj7kp7EdiWBV8cXyHs189ncJ/vG02QCkrv46BH2eBN6kq4eHhefAoklS8kT0v9/7w==,iv:JrWh/0/arWoXOFhtgC+s/eoRDV9tppGXblZR3YOrTZg=,tag:3+wVYTlOodSwkLzApAsLOg==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -15,8 +16,8 @@ sops:
L2VhMXV4WityYUFDZytxVTJHOXZGVVkKgbKR56dsru6U7I4KpnxfxQsswFwJsTM7 L2VhMXV4WityYUFDZytxVTJHOXZGVVkKgbKR56dsru6U7I4KpnxfxQsswFwJsTM7
8dzAaFl30mdRwFIH9kzdY3XxyYsJ0Yr0x3xwJ8mI4rjgpI8S9ihJFw== 8dzAaFl30mdRwFIH9kzdY3XxyYsJ0Yr0x3xwJ8mI4rjgpI8S9ihJFw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2025-02-03T20:29:36Z" lastmodified: "2025-02-03T23:49:44Z"
mac: ENC[AES256_GCM,data:mdK+B9R2THvjrKGlghcVVzCSSOnsJe9AqjMkj8H80l+Ij2SLPw/tS+/EgVwD6f87QGdV0o4U482CZc4GzbvrwdZgwYcjd2v2z7qUurDuga4SD/ex3czV43dmfzgePPnhVV60bVVfRebsuUdf48wwnZ8WA5aNtUxcFhoJ9zUaMjs=,iv:sMU3YgIVfynURvN6Jv8ixB7q4IuRYSGxvyRw4KhQwjg=,tag:4sRYLtAwkBBERdPS9qY/+w==,type:str] mac: ENC[AES256_GCM,data:gtH6PMQzxRGMpFI2hAka/MpXeLEivczq+L4Vruo1Vdain9f7iIdvATjomYO+NwkWUiDNWXqzU3VBb8NoyfqDeywtbu6GaUhmAUgVEFt0W2ceyqSF8qje+inI8rCjduodzIRG8XFgHoCvR8iQOtYWseyo6oOHFqBGiw1cBr/ciW8=,iv:9SeerJbjF3LTbjnAkvqqg4ceGJQCJScRBg1rG+xJ5dk=,tag:09H9oJU25ApddCgiMGIQFg==,type:str]
pgp: pgp:
- created_at: "2025-02-03T18:58:54Z" - created_at: "2025-02-03T18:58:54Z"
enc: |- enc: |-

2
nixos/common/caddy.nix
View file

@ -10,7 +10,7 @@ in {
config = mkIf cfg.enable { config = mkIf cfg.enable {
services.caddy = { services.caddy = {
enable = true; enable = true;
email = "foehammer127+acme@gmail.com"; email = "foehammer127points+acme@gmail.com";
}; };
networking.firewall.allowedTCPPorts = [80 443]; networking.firewall.allowedTCPPorts = [80 443];

4
nixos/common/services/vaultwarden.nix
View file

@ -25,7 +25,7 @@ in {
}; };
envPath = mkOption { envPath = mkOption {
type = lib.types.port; type = lib.types.path;
}; };
domain = mkOption { domain = mkOption {
@ -49,7 +49,7 @@ in {
}; };
foehammer.backups.paths = [ foehammer.backups.paths = [
"/var/lib/bitwarden_rs" "/var/lib/vaultwarden"
]; ];
}; };
} }