mirror of
https://github.com/Jokiller230/puzzlevision.git
synced 2025-05-24 20:39:48 +02:00
feat(modules): finish Vaultwarden service configuration
This commit is contained in:
parent
cd021bee37
commit
4ae047afbb
4 changed files with 40 additions and 13 deletions
modules/nixos
secrets
systems/x86_64-linux/absolutesolver
|
|
@ -1,15 +1,7 @@
|
||||||
{
|
{
|
||||||
lib,
|
lib,
|
||||||
pkgs,
|
pkgs,
|
||||||
inputs,
|
namespace,
|
||||||
|
|
||||||
namespace, # The flake namespace, set in flake.nix. If not set, defaults to "internal".
|
|
||||||
system, # The system architecture for this host (eg. `x86_64-linux`).
|
|
||||||
target, # The Snowfall Lib target for this system (eg. `x86_64-iso`).
|
|
||||||
format, # A normalized name for the system target (eg. `iso`).
|
|
||||||
virtual, # A boolean to determine whether this system is a virtual target using nixos-generators.
|
|
||||||
systems, # An attribute map of your defined hosts.
|
|
||||||
|
|
||||||
config,
|
config,
|
||||||
...
|
...
|
||||||
}: with lib; with lib.${namespace};
|
}: with lib; with lib.${namespace};
|
||||||
|
|
|
||||||
|
|
@ -8,14 +8,36 @@
|
||||||
let
|
let
|
||||||
cfg = config.${namespace}.services.vaultwarden;
|
cfg = config.${namespace}.services.vaultwarden;
|
||||||
in {
|
in {
|
||||||
options.${namespace}.services.vaultwarden = { enable = mkEnableOption "Enable the Vaultwarden service."; };
|
options.${namespace}.services.vaultwarden = { enable = mkEnableOption "Enable Vaultwarden, a self-hostable password manager."; };
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
|
sops.secrets.vaultwarden = {
|
||||||
|
sopsFile = lib.snowfall.fs.get-file "secrets/vaultwarden.service.env";
|
||||||
|
format = "env";
|
||||||
|
};
|
||||||
|
|
||||||
|
# Ensure directories exists before OCI container is launched.
|
||||||
|
systemd.tmpfiles.rules = [
|
||||||
|
"d /var/lib/containers/vaultwarden/data 0700 root root -"
|
||||||
|
];
|
||||||
|
|
||||||
|
# "Inspired" by BreakingTV @ github.com
|
||||||
virtualisation.oci-containers.containers.vaultwarden = {
|
virtualisation.oci-containers.containers.vaultwarden = {
|
||||||
image = "vaultwarden/server";
|
image = "vaultwarden/server";
|
||||||
autoStart = true;
|
autoStart = true;
|
||||||
hostname = host;
|
hostname = host;
|
||||||
# Todo: continue writing vaultwarden config
|
labels = {
|
||||||
|
"traefik.enable" = true;
|
||||||
|
"traefik.http.routers.vaultwarden.entrypoints" = "websecure";
|
||||||
|
"traefik.http.routers.vaultwarden.rule" = "Host(`vault.thevoid.cafe`)";
|
||||||
|
};
|
||||||
|
volumes = [
|
||||||
|
"/var/lib/containers/vaultwarden/data:/data:rw"
|
||||||
|
];
|
||||||
|
environmentFiles = [
|
||||||
|
config.sops.secrets.vaultwarden.path
|
||||||
|
];
|
||||||
|
extraOptions = ["--network=proxy"];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
||||||
10
secrets/vaultwarden.service.env
Normal file
10
secrets/vaultwarden.service.env
Normal file
|
|
@ -0,0 +1,10 @@
|
||||||
|
DOMAIN=ENC[AES256_GCM,data:fgj4eDoC6bV2Ad4FdWnM5CP1Aap8fTr+7wo=,iv:FC3Q4BCF5LtfxvC+eLvTPjgPLQycSGhmDOzempv8Pis=,tag:hjQSBEbTKxfqa7sZfMcfRw==,type:str]
|
||||||
|
SIGNUPS_ALLOWED=ENC[AES256_GCM,data:kxm/EsQ=,iv:DKBcrtaX0DZjD6XmnKc96vXee0e5AyGl7/K/DRACCHc=,tag:z5hgIwt/rnHq4I21/4wP4A==,type:str]
|
||||||
|
sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5elVvTExZd0VNTmk4S2ZC\nLzNwbVNUbCsvRHFycjlMUEk0cTlVSEVldnpBCkpwNkwyZThrTWFjdEQxaHJlUDFY\nc0hDNyswbVZNNjJMRHZIY0FPZHdRcm8KLS0tIE9pWjZiVWFDclpxM1hIcnpZcFdq\nbWdueDUyd2I5Y0ZFWEZuN1Y0aXRHV28KCGJWVGEyr/3/14FM8I8KLMziD00DyGWw\neUcyJb8J/151C11Mbm/llic1mC1LlX4oBhtew+IvLTZk6Pf7yhXPnQ==\n-----END AGE ENCRYPTED FILE-----\n
|
||||||
|
sops_age__list_0__map_recipient=age1gudgza8lv02nwec0pejqpp5t7zu0tzjsfkmvgvy3ckfscr9f4qrq2sl5dv
|
||||||
|
sops_age__list_1__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvNzgwUEI1U0x3Q3A4TSts\nbDVoTEM4cTZ5elJNSUpHeU1lbXNFQW5ZT1R3CjhITWRtcUdSc21oWStqMG9Dd1lE\nZmtOaFZkWW9kL1grVFJHVTJ2S3piOXcKLS0tIEFlU0ZFbU9OTENnU3BDdW1rWVBY\nZTlvZ1oyS3JqWEZ5MW44d2pjOHo4QVEKDWsEI68gTJKDDGnqHULG59bz318sEGlv\nInS+dPk9j2/M+YrGDm4v54t2DvAuFwzGjOnmDD6gQYdGXir6D/FNkA==\n-----END AGE ENCRYPTED FILE-----\n
|
||||||
|
sops_age__list_1__map_recipient=age1qcjcwh9tq8pzf2yr7m3hm2n3n3y5rlc30fpkr0eytju9w57ucgcsgcy79d
|
||||||
|
sops_lastmodified=2024-09-23T22:30:20Z
|
||||||
|
sops_mac=ENC[AES256_GCM,data:yBlsJiUnlqLZmHU8xVma8yGC8AzIEqq2X/U+oVwq16eqly4Dd3jJLYz5WLnGnu0i92ge0DcWK3rkiRoz9cg4EsOJ1zR3fzGhNFg6fRoh3qXTo2BP2WywPBUPoe4pdJrp2h6BD/xleI1f5jeP/z4uos4yt0Z5xpBI7um9/A/doNU=,iv:LW1i3ZN6WWtzc6WweqBnXF2uwsYnT/UD5HFmwmmcmQI=,tag:bHL3Dh2j3uT7Ey70crQ5pw==,type:str]
|
||||||
|
sops_unencrypted_suffix=_unencrypted
|
||||||
|
sops_version=3.9.0
|
||||||
|
|
@ -30,8 +30,11 @@
|
||||||
# Set timezone.
|
# Set timezone.
|
||||||
time.timeZone = "Europe/Berlin";
|
time.timeZone = "Europe/Berlin";
|
||||||
|
|
||||||
# Enable docker
|
# Enable docker and set it as the OCI container backend
|
||||||
virtualisation.docker.enable = true;
|
virtualisation = {
|
||||||
|
docker.enable = true;
|
||||||
|
oci-containers.backend = "docker";
|
||||||
|
};
|
||||||
|
|
||||||
# Set system configuration
|
# Set system configuration
|
||||||
puzzlevision = {
|
puzzlevision = {
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue