From 5f08bfcc5408abc9cf4665e620764468cd79fc57 Mon Sep 17 00:00:00 2001
From: Wekuz <wekuz@duck.com>
Date: Tue, 30 Dec 2025 19:50:28 +0200
Subject: [PATCH] Added Vaultwarden

---
 hosts/plexy/default.nix  | 19 +++++++++++++++++--
 hosts/plexy/secrets.yaml |  6 +++---
 2 files changed, 20 insertions(+), 5 deletions(-)

diff --git a/hosts/plexy/default.nix b/hosts/plexy/default.nix
index 2e65ae9..1b33ca8 100644
--- a/hosts/plexy/default.nix
+++ b/hosts/plexy/default.nix
@@ -1,5 +1,5 @@
 {
-  inputs,
+  config,
   pkgs,
   ...
 }:
@@ -74,7 +74,9 @@
     age.sshKeyPaths = [ ];
     gnupg.sshKeyPaths = [ ];
 
-    secrets = { };
+    secrets = {
+      "vaultwarden.env" = { };
+    };
   };
 
   services = {
@@ -83,6 +85,19 @@
       settings.PasswordAuthentication = false;
       settings.PermitRootLogin = "no";
     };
+    vaultwarden = {
+      enable = true;
+      environmentFile = config.sops.secrets."vaultwarden.env".path;
+      config = {
+        WEBSOCKET_ENABLED = true;
+        SIGNUPS_ALLOWED = false;
+        SIGNUPS_VERIFY = false;
+        INVITATIONS_ALLOWED = false;
+        SHOW_PASSWORD_HINT = false;
+        DATA_FOLDER = "/var/lib/vaultwarden/data";
+        LOG_LEVEL = "warn";
+      };
+    };
   };
 
   environment.variables.EDITOR = "nvim";
diff --git a/hosts/plexy/secrets.yaml b/hosts/plexy/secrets.yaml
index 04753a0..f32d551 100644
--- a/hosts/plexy/secrets.yaml
+++ b/hosts/plexy/secrets.yaml
@@ -1,4 +1,4 @@
-super_secret_api: ENC[AES256_GCM,data:k0iECBf6Q0eJ,iv:aZ9nNh7IMK4Ge/xgZblaO86ZEABBW/f8PJV+Kgj2Y0g=,tag:p9x7IsZYIfaa6hlzRPceQw==,type:str]
+vaultwarden.env: ENC[AES256_GCM,data:PLNb5cFoJaOyUo5U/gpXH0RGVwwQxL3kCE/OLw7MaLWazuBGHIPUEhH+kDMP2cfF916D63w8Ddgb/oH+lHGCw235YwgoqZ9yjWYPG4VB2Jdw+17LeCbirdh3zv8nNzFnSZDJmhz5Pj82+iswju6sYO/H7UfZ3aeASWonKW9LGHVltKSY1rAVhZRu4SvhqPiAxNpEzN0/EDTl46RIxrgEoUraN+Ie8fh1wU9SKevExkPU3NXGO1gG2tWRxclMPgc=,iv:es40/5HpBAhOy2xmU/yCUD43fVVsAXk6qJ3OasKjK3U=,tag:bneErU9pPZkQ2VzbQ1NrJA==,type:str]
 sops:
     age:
         - recipient: age1sqssntfzzlhcgp0wuf9wmeavg0hmwmq349npsq8vaxj9sxey5s9ssc82sw
@@ -10,7 +10,7 @@ sops:
             eDUxR1V0ZEFSYnZTYnYzakFydEliaFUKoa/gHecAy01vTk7I02KMGGPHZBql5K48
             hkLDjoWK9dkGRX8kqRd028cuMCQRenLpULEECWp6oV+evUdMf7wRtg==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-12-30T13:57:31Z"
-    mac: ENC[AES256_GCM,data:OAa6W+v/eeuzSFKbiSzyUoFA40SHYDdhzMzTw35ytBGhfNJRPLNBKnQBnPE1fqkrcc+pQgjrOdhsz+V5EV+ze/7G69HADYxd/G4/zqK3+FyU7CBsNKpoCjXYTcEkBco8t76LEFefmE/BJcUm5JEBZ2Hudnkm50fdyQDIWlips+w=,iv:amKno6v2RUAKOM4Rh126T1RHomxU31MJwmbLkkHc7JU=,tag:/ddTFf1vp7THLK5kh57EzQ==,type:str]
+    lastmodified: "2025-12-30T19:34:00Z"
+    mac: ENC[AES256_GCM,data:kFttJIQM/Zyd9xeiJpdEVoJ2AhlbuvtUxGBkQTQeEvrJsClAUM7s288XhkG02IxpH9bt2U6AgF60K/3E3qEdFHpM9WKTso/n6mXeD5WUyo9XD1XiWMPZ07arRLH0ajRWHOlIadKm7hvPhEWiWxVg9+sc0BHtjTGMLgvRhUyMPgM=,iv:gsMvU3lxVFSF8bJK5u9cNFSYDT5OZPmWqehv0ozB5Uo=,tag:XsfLCSTlqSgeKy609lMmLQ==,type:str]
     unencrypted_suffix: _unencrypted
     version: 3.11.0