setup vaultwarden
This commit is contained in:
parent
dd1cec10b7
commit
6d02b477f0
8 changed files with 58 additions and 8 deletions
|
@ -786,11 +786,11 @@
|
|||
"nixpkgs": "nixpkgs_7"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1732838483,
|
||||
"narHash": "sha256-I73ckA2YONWTK5teDyW4YauUVQLh8+wfakYYukfOc78=",
|
||||
"lastModified": 1733046123,
|
||||
"narHash": "sha256-nfi/zbiXgYRJ3RnO1GrypvKlUxqUsp1ORlTbgMgKNE4=",
|
||||
"ref": "main",
|
||||
"rev": "c3e89a8a6abdb33cbc2e79d9ef744810680ee11d",
|
||||
"revCount": 8,
|
||||
"rev": "d0ffd1a57e5a2d91e5c689f0304c21f6fd5f519d",
|
||||
"revCount": 12,
|
||||
"type": "git",
|
||||
"url": "https://git.acomputer.lol/adtya/recipes.nix"
|
||||
},
|
||||
|
|
|
@ -8,6 +8,7 @@ _: {
|
|||
./ironyofprivacy.org.nix
|
||||
./ntfy.nix
|
||||
./proofs.nix
|
||||
./vaultwarden.nix
|
||||
./wiki.nix
|
||||
../../../shared/prometheus-exporters.nix
|
||||
../../../shared/promtail.nix
|
||||
|
|
7
hosts/bifrost/services/apps/vaultwarden.nix
Normal file
7
hosts/bifrost/services/apps/vaultwarden.nix
Normal file
|
@ -0,0 +1,7 @@
|
|||
_: {
|
||||
services.caddy.virtualHosts."vault.acomputer.lol" = {
|
||||
extraConfig = ''
|
||||
reverse_proxy 10.10.10.13:8222
|
||||
'';
|
||||
};
|
||||
}
|
|
@ -4,6 +4,7 @@ _: {
|
|||
./forgejo.nix
|
||||
./ntfy.nix
|
||||
./postgresql.nix
|
||||
./vaultwarden.nix
|
||||
../../../shared/prometheus-exporters.nix
|
||||
../../../shared/promtail.nix
|
||||
];
|
||||
|
|
|
@ -75,7 +75,10 @@ in
|
|||
};
|
||||
};
|
||||
systemd.services = {
|
||||
forgejo.after = [ "wg-quick-Homelab.service" "postgresql.service" ];
|
||||
forgejo = {
|
||||
after = [ "wg-quick-Homelab.service" "postgresql.service" ];
|
||||
wants = [ "postgresql.service" ];
|
||||
};
|
||||
"gitea-runner-${utils.escapeSystemdPath "X86_64-runner"}".unitConfig.RequiresMountsFor = [ "/var/lib/private" ];
|
||||
};
|
||||
}
|
||||
|
|
|
@ -15,12 +15,16 @@
|
|||
host all all ::1/128 trust
|
||||
host all all 10.10.10.0/24 trust
|
||||
'';
|
||||
ensureDatabases = [ "forgejo" ];
|
||||
ensureDatabases = [ "forgejo" "vaultwarden" ];
|
||||
ensureUsers = [
|
||||
{
|
||||
name = "forgejo";
|
||||
ensureDBOwnership = true;
|
||||
}
|
||||
{
|
||||
name = "vaultwarden";
|
||||
ensureDBOwnership = true;
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
|
|
32
hosts/wynne/services/apps/vaultwarden.nix
Normal file
32
hosts/wynne/services/apps/vaultwarden.nix
Normal file
|
@ -0,0 +1,32 @@
|
|||
{ config, ... }: {
|
||||
sops.secrets = {
|
||||
"vaultwarden/secrets" = {
|
||||
mode = "400";
|
||||
owner = config.users.users.root.name;
|
||||
group = config.users.users.root.group;
|
||||
};
|
||||
};
|
||||
|
||||
recipes.vaultwarden = {
|
||||
enable = true;
|
||||
databaseBackend = "postgresql";
|
||||
config = {
|
||||
ROCKET_ADDRESS = config.nodeconfig.facts.wireguard-ip;
|
||||
ROCKET_PORT = "8222";
|
||||
DOMAIN = "https://vault.acomputer.lol";
|
||||
SIGNUPS_ALLOWED = "false";
|
||||
DATABASE_URL = "postgresql://vaultwarden@localhost/vaultwarden?sslmode=disable";
|
||||
WEB_VAULT_ENABLED = "true";
|
||||
SMTP_FROM = "vault@acomputer.lol";
|
||||
SMTP_FROM_NAME = "Vaultwarden";
|
||||
IP_HEADER = "X-Forwarded-For";
|
||||
LOG_LEVEL = "warn";
|
||||
};
|
||||
environmentFiles = [ config.sops.secrets."vaultwarden/secrets".path ];
|
||||
};
|
||||
systemd.services.vaultwarden = {
|
||||
after = [ "wg-quick-Homelab.service" "postgresql.service" ];
|
||||
wants = [ "postgresql.service" ];
|
||||
unitConfig.RequiresMountsFor = [ "/var/lib/private" ];
|
||||
};
|
||||
}
|
|
@ -22,6 +22,8 @@ forgejo:
|
|||
runner_registration_token_file: ENC[AES256_GCM,data:fHHAk5i3xjsTx7Zro1EOpbQaMCii0kksjTLgM+gXH2Gu2Mw+bCgKCKfeYccEQg==,iv:6jrQwEfqGDdbI/QCMvHcIEtZXtoDFT7OxVu80+oykCs=,tag:u3UClo6ca6ipBeQ/Am8yVA==,type:str]
|
||||
conduwuit:
|
||||
secrets: ENC[AES256_GCM,data:un4yAJoVLZxa4TcVs718HgOiDBZNRpU+Im4XlZYgPoofpMA5UgcsRoyOR3aubt8yzZKUnQpsUaJ4pmTPWoXwlbcRLFyyP8yK5KHBuN7bIIZhV0AivjktDLL4Rk8EVgrDEA==,iv:5f+Eh2aXBf2Mro12hozzMyZPsbsDyAttZYvdrdV6xsE=,tag:ylK3PtEIOhnXmoVhiTmS3w==,type:str]
|
||||
vaultwarden:
|
||||
secrets: ENC[AES256_GCM,data:hKcB0KnJm/ml0cYsYzKtQACl78OK2f+jx8xexzsWeB3VfmPznxYK5Fa7VSn9sCHFfRlqK6Uwpgmh4uNK6otcd6h4edlHlY7eGxAUgTy1VL4qXi5aZLwLitzShXc7iyJdlY3q7ZBWm+fqVYvLHxEItkeYh8ge1PcvMlAg2RF10txJpv3I5vwCWmsXscTBQe/eYRISad92KiEK6MvvHKCwrMtZeGfBHdcOP9j7/VqAvg0Yc+6QLWUh2teFbVGMQ0brnBdcE03asxYxliDSeVpVCT9o16LQYTk3w6txKG8wCXhrGcEOyQVoxftjMoXRlRD5/PtIiu31yeHe8dHfDo8+6OKfIbGX4RRsFEFxoMI/19cwuEO1,iv:/FOqTBbuxreExUztNidjXaeSeybgba7J8Fnm99JJd88=,tag:p8u7p2ZmdcqcWD7MirU/Fg==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
|
@ -100,8 +102,8 @@ sops:
|
|||
Ynd0czBOK0NCdnZIQzNJZ3BqNndlSG8Kg9UUjMZ2p7xUhHLEL6SjSiVPw5JemYxh
|
||||
sdiuZVVxzEasXLXXk6tax6AD5fz5mXEhXB24Op5scF4+VTfSZ+g9Cg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-11-27T19:01:37Z"
|
||||
mac: ENC[AES256_GCM,data:x3UKZyjZbcVfFwX1D7HAfrMvqH7K21gp+aqz5XGHAXbk2QeaO2DzdW+nX4JHCZoypD8JctX2zvdcKGzN3k8C8umox9c0KMXceD13BZFY5CsnQab0fyj2pMUICydvr+yP8CPbHkeKcjbxFiqfhgRFQeUh6ACxjqOcoFLlWJqcfxE=,iv:p49ko9Z1RZcVuE9Cmbe9IhVB1wpA2j1PTbPIOR4aEus=,tag:oR+NuuKg/Y2w2q/NnRtgcQ==,type:str]
|
||||
lastmodified: "2024-12-01T16:15:59Z"
|
||||
mac: ENC[AES256_GCM,data:/fHhWwm4/5Qi181FmIRXPJU2XogoMOpzhqzltNAyTHDKIWYxGCDB7gZvCfNizWFxjqAvFBzoWa7XA/+VjXaaYARg/M2RrwQYnPuVE9V7NXEPjLuEeiYRfru4Vq8fZF9IFiSF+k3LXcZ+Tq7x7xqsFcHivAnYYECebWK6o9+dVVA=,iv:nrkF65Cj8cNytzt2SFiWUB6H0lxXdVt69Nwv5hFtLAo=,tag:55bnetcD4ofKsEgD0kfpfw==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.9.1
|
||||
|
|
Loading…
Reference in a new issue