From 0f048a95b1af88e148f45c3fd4fc860d38153c66 Mon Sep 17 00:00:00 2001 From: Wekuz Date: Tue, 30 Dec 2025 19:50:28 +0200 Subject: [PATCH] Added Vaultwarden --- hosts/plexy/default.nix | 19 +++++++++++++++++-- hosts/plexy/secrets.yaml | 6 +++--- 2 files changed, 20 insertions(+), 5 deletions(-) diff --git a/hosts/plexy/default.nix b/hosts/plexy/default.nix index 2e65ae9..1b33ca8 100644 --- a/hosts/plexy/default.nix +++ b/hosts/plexy/default.nix @@ -1,5 +1,5 @@ { - inputs, + config, pkgs, ... }: @@ -74,7 +74,9 @@ age.sshKeyPaths = [ ]; gnupg.sshKeyPaths = [ ]; - secrets = { }; + secrets = { + "vaultwarden.env" = { }; + }; }; services = { @@ -83,6 +85,19 @@ settings.PasswordAuthentication = false; settings.PermitRootLogin = "no"; }; + vaultwarden = { + enable = true; + environmentFile = config.sops.secrets."vaultwarden.env".path; + config = { + WEBSOCKET_ENABLED = true; + SIGNUPS_ALLOWED = false; + SIGNUPS_VERIFY = false; + INVITATIONS_ALLOWED = false; + SHOW_PASSWORD_HINT = false; + DATA_FOLDER = "/var/lib/vaultwarden/data"; + LOG_LEVEL = "warn"; + }; + }; }; environment.variables.EDITOR = "nvim"; diff --git a/hosts/plexy/secrets.yaml b/hosts/plexy/secrets.yaml index 04753a0..912a205 100644 --- a/hosts/plexy/secrets.yaml +++ b/hosts/plexy/secrets.yaml @@ -1,4 +1,4 @@ -super_secret_api: ENC[AES256_GCM,data:k0iECBf6Q0eJ,iv:aZ9nNh7IMK4Ge/xgZblaO86ZEABBW/f8PJV+Kgj2Y0g=,tag:p9x7IsZYIfaa6hlzRPceQw==,type:str] +vaultwarden.env: ENC[AES256_GCM,data:sjEVldb0FFb/UKnFDn6iPmjcat1bTiGfaWbkhPj0oD9zCPpaDpdQ0dGKB4UM4//lqBAK7zCpSHRCBSY6Nv6+KYRbSwzJLPY4dM74uzTmjeR9qB1VoJXAolugQI63T1lEsxokkCN88cJ5reWEF5aZuBmgyHk/m1iKMSSn0GhX5aJgJg8yd7e/ramgMw8WddnIV2GwSv7f2TTsul3Ag5BvKtMRKl2Lffw+E4+ZpWsoIKL39MqqOcgTo7Pr6aMuF0U+86Iy1Q==,iv:DDQkDtvdB6GCYGmNrz5P8bZy0wWn6w4+oYd6e0lH8Ps=,tag:eJ5Fqd/ZeWIAmUtJwgv/xA==,type:str] sops: age: - recipient: age1sqssntfzzlhcgp0wuf9wmeavg0hmwmq349npsq8vaxj9sxey5s9ssc82sw @@ -10,7 +10,7 @@ sops: eDUxR1V0ZEFSYnZTYnYzakFydEliaFUKoa/gHecAy01vTk7I02KMGGPHZBql5K48 hkLDjoWK9dkGRX8kqRd028cuMCQRenLpULEECWp6oV+evUdMf7wRtg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-12-30T13:57:31Z" - mac: ENC[AES256_GCM,data:OAa6W+v/eeuzSFKbiSzyUoFA40SHYDdhzMzTw35ytBGhfNJRPLNBKnQBnPE1fqkrcc+pQgjrOdhsz+V5EV+ze/7G69HADYxd/G4/zqK3+FyU7CBsNKpoCjXYTcEkBco8t76LEFefmE/BJcUm5JEBZ2Hudnkm50fdyQDIWlips+w=,iv:amKno6v2RUAKOM4Rh126T1RHomxU31MJwmbLkkHc7JU=,tag:/ddTFf1vp7THLK5kh57EzQ==,type:str] + lastmodified: "2025-12-30T17:47:09Z" + mac: ENC[AES256_GCM,data:fJ+Z/fkakIA7DdhK+sK6g4cXVt07tN5o4MFkASnhk/Qw2var58lo4cZb8qCuYcbCpM+73wIGRluETrslcDfPULL8dKjb3GE9+EZ++wvohQw4UNvz2mizB9pT9m99RpxzBPDW+lquNNNdT3F9ainUlbj+ttJvE0fAwTNx8PjZcJY=,iv:RUVLnhxCuVPD4glc2y6Qv/4cCJIdZax0v4BWPS7GIE0=,tag:vlbQOcfCjPRv0JH1GugbTg==,type:str] unencrypted_suffix: _unencrypted version: 3.11.0