mirror of
https://github.com/Jokiller230/puzzlevision.git
synced 2024-12-04 20:05:00 +01:00
feat(modules): finish Vaultwarden service configuration
This commit is contained in:
parent
cd021bee37
commit
4ae047afbb
4 changed files with 40 additions and 13 deletions
|
|
@ -1,15 +1,7 @@
|
|||
{
|
||||
lib,
|
||||
pkgs,
|
||||
inputs,
|
||||
|
||||
namespace, # The flake namespace, set in flake.nix. If not set, defaults to "internal".
|
||||
system, # The system architecture for this host (eg. `x86_64-linux`).
|
||||
target, # The Snowfall Lib target for this system (eg. `x86_64-iso`).
|
||||
format, # A normalized name for the system target (eg. `iso`).
|
||||
virtual, # A boolean to determine whether this system is a virtual target using nixos-generators.
|
||||
systems, # An attribute map of your defined hosts.
|
||||
|
||||
namespace,
|
||||
config,
|
||||
...
|
||||
}: with lib; with lib.${namespace};
|
||||
|
|
|
|||
|
|
@ -8,14 +8,36 @@
|
|||
let
|
||||
cfg = config.${namespace}.services.vaultwarden;
|
||||
in {
|
||||
options.${namespace}.services.vaultwarden = { enable = mkEnableOption "Enable the Vaultwarden service."; };
|
||||
options.${namespace}.services.vaultwarden = { enable = mkEnableOption "Enable Vaultwarden, a self-hostable password manager."; };
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
sops.secrets.vaultwarden = {
|
||||
sopsFile = lib.snowfall.fs.get-file "secrets/vaultwarden.service.env";
|
||||
format = "env";
|
||||
};
|
||||
|
||||
# Ensure directories exists before OCI container is launched.
|
||||
systemd.tmpfiles.rules = [
|
||||
"d /var/lib/containers/vaultwarden/data 0700 root root -"
|
||||
];
|
||||
|
||||
# "Inspired" by BreakingTV @ github.com
|
||||
virtualisation.oci-containers.containers.vaultwarden = {
|
||||
image = "vaultwarden/server";
|
||||
autoStart = true;
|
||||
hostname = host;
|
||||
# Todo: continue writing vaultwarden config
|
||||
labels = {
|
||||
"traefik.enable" = true;
|
||||
"traefik.http.routers.vaultwarden.entrypoints" = "websecure";
|
||||
"traefik.http.routers.vaultwarden.rule" = "Host(`vault.thevoid.cafe`)";
|
||||
};
|
||||
volumes = [
|
||||
"/var/lib/containers/vaultwarden/data:/data:rw"
|
||||
];
|
||||
environmentFiles = [
|
||||
config.sops.secrets.vaultwarden.path
|
||||
];
|
||||
extraOptions = ["--network=proxy"];
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
|||
10
secrets/vaultwarden.service.env
Normal file
10
secrets/vaultwarden.service.env
Normal file
|
|
@ -0,0 +1,10 @@
|
|||
DOMAIN=ENC[AES256_GCM,data:fgj4eDoC6bV2Ad4FdWnM5CP1Aap8fTr+7wo=,iv:FC3Q4BCF5LtfxvC+eLvTPjgPLQycSGhmDOzempv8Pis=,tag:hjQSBEbTKxfqa7sZfMcfRw==,type:str]
|
||||
SIGNUPS_ALLOWED=ENC[AES256_GCM,data:kxm/EsQ=,iv:DKBcrtaX0DZjD6XmnKc96vXee0e5AyGl7/K/DRACCHc=,tag:z5hgIwt/rnHq4I21/4wP4A==,type:str]
|
||||
sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5elVvTExZd0VNTmk4S2ZC\nLzNwbVNUbCsvRHFycjlMUEk0cTlVSEVldnpBCkpwNkwyZThrTWFjdEQxaHJlUDFY\nc0hDNyswbVZNNjJMRHZIY0FPZHdRcm8KLS0tIE9pWjZiVWFDclpxM1hIcnpZcFdq\nbWdueDUyd2I5Y0ZFWEZuN1Y0aXRHV28KCGJWVGEyr/3/14FM8I8KLMziD00DyGWw\neUcyJb8J/151C11Mbm/llic1mC1LlX4oBhtew+IvLTZk6Pf7yhXPnQ==\n-----END AGE ENCRYPTED FILE-----\n
|
||||
sops_age__list_0__map_recipient=age1gudgza8lv02nwec0pejqpp5t7zu0tzjsfkmvgvy3ckfscr9f4qrq2sl5dv
|
||||
sops_age__list_1__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvNzgwUEI1U0x3Q3A4TSts\nbDVoTEM4cTZ5elJNSUpHeU1lbXNFQW5ZT1R3CjhITWRtcUdSc21oWStqMG9Dd1lE\nZmtOaFZkWW9kL1grVFJHVTJ2S3piOXcKLS0tIEFlU0ZFbU9OTENnU3BDdW1rWVBY\nZTlvZ1oyS3JqWEZ5MW44d2pjOHo4QVEKDWsEI68gTJKDDGnqHULG59bz318sEGlv\nInS+dPk9j2/M+YrGDm4v54t2DvAuFwzGjOnmDD6gQYdGXir6D/FNkA==\n-----END AGE ENCRYPTED FILE-----\n
|
||||
sops_age__list_1__map_recipient=age1qcjcwh9tq8pzf2yr7m3hm2n3n3y5rlc30fpkr0eytju9w57ucgcsgcy79d
|
||||
sops_lastmodified=2024-09-23T22:30:20Z
|
||||
sops_mac=ENC[AES256_GCM,data:yBlsJiUnlqLZmHU8xVma8yGC8AzIEqq2X/U+oVwq16eqly4Dd3jJLYz5WLnGnu0i92ge0DcWK3rkiRoz9cg4EsOJ1zR3fzGhNFg6fRoh3qXTo2BP2WywPBUPoe4pdJrp2h6BD/xleI1f5jeP/z4uos4yt0Z5xpBI7um9/A/doNU=,iv:LW1i3ZN6WWtzc6WweqBnXF2uwsYnT/UD5HFmwmmcmQI=,tag:bHL3Dh2j3uT7Ey70crQ5pw==,type:str]
|
||||
sops_unencrypted_suffix=_unencrypted
|
||||
sops_version=3.9.0
|
||||
|
|
@ -30,8 +30,11 @@
|
|||
# Set timezone.
|
||||
time.timeZone = "Europe/Berlin";
|
||||
|
||||
# Enable docker
|
||||
virtualisation.docker.enable = true;
|
||||
# Enable docker and set it as the OCI container backend
|
||||
virtualisation = {
|
||||
docker.enable = true;
|
||||
oci-containers.backend = "docker";
|
||||
};
|
||||
|
||||
# Set system configuration
|
||||
puzzlevision = {
|
||||
|
|
|
|||
Loading…
Reference in a new issue