Jo/puzzlevision
1
0
Fork 0
mirror of https://github.com/Jokiller230/puzzlevision.git synced 2025-10-31 13:50:04 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat(modules): finish Vaultwarden service configuration

Browse source
This commit is contained in:
Jo 2024-09-24 00:44:19 +02:00
parent cd021bee37
commit 4ae047afbb
4 changed files with 40 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

10
modules/nixos/common/kernel/default.nix
View file

@ -1,15 +1,7 @@
{
lib,
pkgs,
inputs,
namespace, # The flake namespace, set in flake.nix. If not set, defaults to "internal".
system, # The system architecture for this host (eg. `x86_64-linux`).
target, # The Snowfall Lib target for this system (eg. `x86_64-iso`).
format, # A normalized name for the system target (eg. `iso`).
virtual, # A boolean to determine whether this system is a virtual target using nixos-generators.
systems, # An attribute map of your defined hosts.
namespace,
config,
...
}: with lib; with lib.${namespace};

26
modules/nixos/services/vaultwarden/default.nix
View file

@ -8,14 +8,36 @@
let
cfg = config.${namespace}.services.vaultwarden;
in {
options.${namespace}.services.vaultwarden = { enable = mkEnableOption "Enable the Vaultwarden service."; };
options.${namespace}.services.vaultwarden = { enable = mkEnableOption "Enable Vaultwarden, a self-hostable password manager."; };
config = mkIf cfg.enable {
sops.secrets.vaultwarden = {
sopsFile = lib.snowfall.fs.get-file "secrets/vaultwarden.service.env";
format = "env";
};
# Ensure directories exists before OCI container is launched.
systemd.tmpfiles.rules = [
"d /var/lib/containers/vaultwarden/data 0700 root root -"
];
# "Inspired" by BreakingTV @ github.com
virtualisation.oci-containers.containers.vaultwarden = {
image = "vaultwarden/server";
autoStart = true;
hostname = host;
# Todo: continue writing vaultwarden config
labels = {
"traefik.enable" = true;
"traefik.http.routers.vaultwarden.entrypoints" = "websecure";
"traefik.http.routers.vaultwarden.rule" = "Host(`vault.thevoid.cafe`)";
};
volumes = [
"/var/lib/containers/vaultwarden/data:/data:rw"
];
environmentFiles = [
config.sops.secrets.vaultwarden.path
];
extraOptions = ["--network=proxy"];
};
};
}

10
secrets/vaultwarden.service.env Normal file
View file

@ -0,0 +1,10 @@
DOMAIN=ENC[AES256_GCM,data:fgj4eDoC6bV2Ad4FdWnM5CP1Aap8fTr+7wo=,iv:FC3Q4BCF5LtfxvC+eLvTPjgPLQycSGhmDOzempv8Pis=,tag:hjQSBEbTKxfqa7sZfMcfRw==,type:str]
SIGNUPS_ALLOWED=ENC[AES256_GCM,data:kxm/EsQ=,iv:DKBcrtaX0DZjD6XmnKc96vXee0e5AyGl7/K/DRACCHc=,tag:z5hgIwt/rnHq4I21/4wP4A==,type:str]
sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5elVvTExZd0VNTmk4S2ZC\nLzNwbVNUbCsvRHFycjlMUEk0cTlVSEVldnpBCkpwNkwyZThrTWFjdEQxaHJlUDFY\nc0hDNyswbVZNNjJMRHZIY0FPZHdRcm8KLS0tIE9pWjZiVWFDclpxM1hIcnpZcFdq\nbWdueDUyd2I5Y0ZFWEZuN1Y0aXRHV28KCGJWVGEyr/3/14FM8I8KLMziD00DyGWw\neUcyJb8J/151C11Mbm/llic1mC1LlX4oBhtew+IvLTZk6Pf7yhXPnQ==\n-----END AGE ENCRYPTED FILE-----\n
sops_age__list_0__map_recipient=age1gudgza8lv02nwec0pejqpp5t7zu0tzjsfkmvgvy3ckfscr9f4qrq2sl5dv
sops_age__list_1__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvNzgwUEI1U0x3Q3A4TSts\nbDVoTEM4cTZ5elJNSUpHeU1lbXNFQW5ZT1R3CjhITWRtcUdSc21oWStqMG9Dd1lE\nZmtOaFZkWW9kL1grVFJHVTJ2S3piOXcKLS0tIEFlU0ZFbU9OTENnU3BDdW1rWVBY\nZTlvZ1oyS3JqWEZ5MW44d2pjOHo4QVEKDWsEI68gTJKDDGnqHULG59bz318sEGlv\nInS+dPk9j2/M+YrGDm4v54t2DvAuFwzGjOnmDD6gQYdGXir6D/FNkA==\n-----END AGE ENCRYPTED FILE-----\n
sops_age__list_1__map_recipient=age1qcjcwh9tq8pzf2yr7m3hm2n3n3y5rlc30fpkr0eytju9w57ucgcsgcy79d
sops_lastmodified=2024-09-23T22:30:20Z
sops_mac=ENC[AES256_GCM,data:yBlsJiUnlqLZmHU8xVma8yGC8AzIEqq2X/U+oVwq16eqly4Dd3jJLYz5WLnGnu0i92ge0DcWK3rkiRoz9cg4EsOJ1zR3fzGhNFg6fRoh3qXTo2BP2WywPBUPoe4pdJrp2h6BD/xleI1f5jeP/z4uos4yt0Z5xpBI7um9/A/doNU=,iv:LW1i3ZN6WWtzc6WweqBnXF2uwsYnT/UD5HFmwmmcmQI=,tag:bHL3Dh2j3uT7Ey70crQ5pw==,type:str]
sops_unencrypted_suffix=_unencrypted
sops_version=3.9.0

7
systems/x86_64-linux/absolutesolver/default.nix
View file

@ -30,8 +30,11 @@
# Set timezone.
time.timeZone = "Europe/Berlin";
# Enable docker
virtualisation.docker.enable = true;
# Enable docker and set it as the OCI container backend
virtualisation = {
docker.enable = true;
oci-containers.backend = "docker";
};
# Set system configuration
puzzlevision = {