adtya/configuration.nix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

setup vaultwarden

Browse source
This commit is contained in:
Adithya 2024-12-01 23:15:38 +05:30
parent dd1cec10b7
commit 6d02b477f0
Signed by: adtya
GPG key ID: B8857BFBA2C47B9C
8 changed files with 58 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
flake.lock
View file

@ -786,11 +786,11 @@
"nixpkgs": "nixpkgs_7" "nixpkgs": "nixpkgs_7"
}, },
"locked": { "locked": {
"lastModified": 1732838483, "lastModified": 1733046123,
"narHash": "sha256-I73ckA2YONWTK5teDyW4YauUVQLh8+wfakYYukfOc78=", "narHash": "sha256-nfi/zbiXgYRJ3RnO1GrypvKlUxqUsp1ORlTbgMgKNE4=",
"ref": "main", "ref": "main",
"rev": "c3e89a8a6abdb33cbc2e79d9ef744810680ee11d", "rev": "d0ffd1a57e5a2d91e5c689f0304c21f6fd5f519d",
"revCount": 8, "revCount": 12,
"type": "git", "type": "git",
"url": "https://git.acomputer.lol/adtya/recipes.nix" "url": "https://git.acomputer.lol/adtya/recipes.nix"
}, },

1
hosts/bifrost/services/apps/default.nix
View file

@ -8,6 +8,7 @@ _: {
./ironyofprivacy.org.nix ./ironyofprivacy.org.nix
./ntfy.nix ./ntfy.nix
./proofs.nix ./proofs.nix
./vaultwarden.nix
./wiki.nix ./wiki.nix
../../../shared/prometheus-exporters.nix ../../../shared/prometheus-exporters.nix
../../../shared/promtail.nix ../../../shared/promtail.nix

7
hosts/bifrost/services/apps/vaultwarden.nix Normal file
View file

@ -0,0 +1,7 @@
_: {
services.caddy.virtualHosts."vault.acomputer.lol" = {
extraConfig = ''
reverse_proxy 10.10.10.13:8222
'';
};
}

1
hosts/wynne/services/apps/default.nix
View file

@ -4,6 +4,7 @@ _: {
./forgejo.nix ./forgejo.nix
./ntfy.nix ./ntfy.nix
./postgresql.nix ./postgresql.nix
./vaultwarden.nix
../../../shared/prometheus-exporters.nix ../../../shared/prometheus-exporters.nix
../../../shared/promtail.nix ../../../shared/promtail.nix
]; ];

5
hosts/wynne/services/apps/forgejo.nix
View file

@ -75,7 +75,10 @@ in
}; };
}; };
systemd.services = { systemd.services = {
forgejo.after = [ "wg-quick-Homelab.service" "postgresql.service" ]; forgejo = {
after = [ "wg-quick-Homelab.service" "postgresql.service" ];
wants = [ "postgresql.service" ];
};
"gitea-runner-${utils.escapeSystemdPath "X86_64-runner"}".unitConfig.RequiresMountsFor = [ "/var/lib/private" ]; "gitea-runner-${utils.escapeSystemdPath "X86_64-runner"}".unitConfig.RequiresMountsFor = [ "/var/lib/private" ];
}; };
} }

6
hosts/wynne/services/apps/postgresql.nix
View file

@ -15,12 +15,16 @@
host all all ::1/128 trust host all all ::1/128 trust
host all all 10.10.10.0/24 trust host all all 10.10.10.0/24 trust
''; '';
ensureDatabases = [ "forgejo" ]; ensureDatabases = [ "forgejo" "vaultwarden" ];
ensureUsers = [ ensureUsers = [
{ {
name = "forgejo"; name = "forgejo";
ensureDBOwnership = true; ensureDBOwnership = true;
} }
{
name = "vaultwarden";
ensureDBOwnership = true;
}
]; ];
}; };
}; };

32
hosts/wynne/services/apps/vaultwarden.nix Normal file
View file

@ -0,0 +1,32 @@
{ config, ... }: {
sops.secrets = {
"vaultwarden/secrets" = {
mode = "400";
owner = config.users.users.root.name;
group = config.users.users.root.group;
};
};
recipes.vaultwarden = {
enable = true;
databaseBackend = "postgresql";
config = {
ROCKET_ADDRESS = config.nodeconfig.facts.wireguard-ip;
ROCKET_PORT = "8222";
DOMAIN = "https://vault.acomputer.lol";
SIGNUPS_ALLOWED = "false";
DATABASE_URL = "postgresql://vaultwarden@localhost/vaultwarden?sslmode=disable";
WEB_VAULT_ENABLED = "true";
SMTP_FROM = "vault@acomputer.lol";
SMTP_FROM_NAME = "Vaultwarden";
IP_HEADER = "X-Forwarded-For";
LOG_LEVEL = "warn";
};
environmentFiles = [ config.sops.secrets."vaultwarden/secrets".path ];
};
systemd.services.vaultwarden = {
after = [ "wg-quick-Homelab.service" "postgresql.service" ];
wants = [ "postgresql.service" ];
unitConfig.RequiresMountsFor = [ "/var/lib/private" ];
};
}

6
secrets.yaml
View file

@ -22,6 +22,8 @@ forgejo:
runner_registration_token_file: ENC[AES256_GCM,data:fHHAk5i3xjsTx7Zro1EOpbQaMCii0kksjTLgM+gXH2Gu2Mw+bCgKCKfeYccEQg==,iv:6jrQwEfqGDdbI/QCMvHcIEtZXtoDFT7OxVu80+oykCs=,tag:u3UClo6ca6ipBeQ/Am8yVA==,type:str] runner_registration_token_file: ENC[AES256_GCM,data:fHHAk5i3xjsTx7Zro1EOpbQaMCii0kksjTLgM+gXH2Gu2Mw+bCgKCKfeYccEQg==,iv:6jrQwEfqGDdbI/QCMvHcIEtZXtoDFT7OxVu80+oykCs=,tag:u3UClo6ca6ipBeQ/Am8yVA==,type:str]
conduwuit: conduwuit:
secrets: ENC[AES256_GCM,data:un4yAJoVLZxa4TcVs718HgOiDBZNRpU+Im4XlZYgPoofpMA5UgcsRoyOR3aubt8yzZKUnQpsUaJ4pmTPWoXwlbcRLFyyP8yK5KHBuN7bIIZhV0AivjktDLL4Rk8EVgrDEA==,iv:5f+Eh2aXBf2Mro12hozzMyZPsbsDyAttZYvdrdV6xsE=,tag:ylK3PtEIOhnXmoVhiTmS3w==,type:str] secrets: ENC[AES256_GCM,data:un4yAJoVLZxa4TcVs718HgOiDBZNRpU+Im4XlZYgPoofpMA5UgcsRoyOR3aubt8yzZKUnQpsUaJ4pmTPWoXwlbcRLFyyP8yK5KHBuN7bIIZhV0AivjktDLL4Rk8EVgrDEA==,iv:5f+Eh2aXBf2Mro12hozzMyZPsbsDyAttZYvdrdV6xsE=,tag:ylK3PtEIOhnXmoVhiTmS3w==,type:str]
vaultwarden:
secrets: ENC[AES256_GCM,data:hKcB0KnJm/ml0cYsYzKtQACl78OK2f+jx8xexzsWeB3VfmPznxYK5Fa7VSn9sCHFfRlqK6Uwpgmh4uNK6otcd6h4edlHlY7eGxAUgTy1VL4qXi5aZLwLitzShXc7iyJdlY3q7ZBWm+fqVYvLHxEItkeYh8ge1PcvMlAg2RF10txJpv3I5vwCWmsXscTBQe/eYRISad92KiEK6MvvHKCwrMtZeGfBHdcOP9j7/VqAvg0Yc+6QLWUh2teFbVGMQ0brnBdcE03asxYxliDSeVpVCT9o16LQYTk3w6txKG8wCXhrGcEOyQVoxftjMoXRlRD5/PtIiu31yeHe8dHfDo8+6OKfIbGX4RRsFEFxoMI/19cwuEO1,iv:/FOqTBbuxreExUztNidjXaeSeybgba7J8Fnm99JJd88=,tag:p8u7p2ZmdcqcWD7MirU/Fg==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -100,8 +102,8 @@ sops:
Ynd0czBOK0NCdnZIQzNJZ3BqNndlSG8Kg9UUjMZ2p7xUhHLEL6SjSiVPw5JemYxh Ynd0czBOK0NCdnZIQzNJZ3BqNndlSG8Kg9UUjMZ2p7xUhHLEL6SjSiVPw5JemYxh
sdiuZVVxzEasXLXXk6tax6AD5fz5mXEhXB24Op5scF4+VTfSZ+g9Cg== sdiuZVVxzEasXLXXk6tax6AD5fz5mXEhXB24Op5scF4+VTfSZ+g9Cg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-11-27T19:01:37Z" lastmodified: "2024-12-01T16:15:59Z"
mac: ENC[AES256_GCM,data:x3UKZyjZbcVfFwX1D7HAfrMvqH7K21gp+aqz5XGHAXbk2QeaO2DzdW+nX4JHCZoypD8JctX2zvdcKGzN3k8C8umox9c0KMXceD13BZFY5CsnQab0fyj2pMUICydvr+yP8CPbHkeKcjbxFiqfhgRFQeUh6ACxjqOcoFLlWJqcfxE=,iv:p49ko9Z1RZcVuE9Cmbe9IhVB1wpA2j1PTbPIOR4aEus=,tag:oR+NuuKg/Y2w2q/NnRtgcQ==,type:str] mac: ENC[AES256_GCM,data:/fHhWwm4/5Qi181FmIRXPJU2XogoMOpzhqzltNAyTHDKIWYxGCDB7gZvCfNizWFxjqAvFBzoWa7XA/+VjXaaYARg/M2RrwQYnPuVE9V7NXEPjLuEeiYRfru4Vq8fZF9IFiSF+k3LXcZ+Tq7x7xqsFcHivAnYYECebWK6o9+dVVA=,iv:nrkF65Cj8cNytzt2SFiWUB6H0lxXdVt69Nwv5hFtLAo=,tag:55bnetcD4ofKsEgD0kfpfw==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.9.1 version: 3.9.1