c3d2/nix-config
c3d2
/
nix-config
24
7
Fork 3
Code Issues 12 Pull Requests 2 Releases Wiki Activity

vaultwarden: deploy service

This commit is contained in:
Sandro - 2023-12-20 23:26:29 +01:00
parent d788c3718e
commit c716a96e2f
Signed by: sandro
GPG Key ID: 3AF5A43A3EECC2E5
2 changed files with 203 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
hosts/vaultwarden/default.nix
View File

@ -11,15 +11,20 @@
networking.hostName = "vaultwarden";
services = {
# backup.enable = true;
backup = {
enable = true;
paths = [ "/var/lib/vaultwarden/" ];
exclude = [
"/var/lib/vaultwarden/icon_cache/"
"/var/lib/vaultwarden/tmp/"
];
};
nginx = {
enable = true;
virtualHosts."vaultwarden.c3d2.de" = {
default = true;
forceSSL = true;
enableACME = true;
locations."/".proxyPass = "http://127.0.0.1:3000";
};
};
@ -27,10 +32,32 @@
package = pkgs.postgresql_16;
# upgrade.stopServices = [ "" ];
};
vaultwarden = {
enable = true;
config = {
PUSH_ENABLED = true;
PUSH_IDENTITY_URI = "https://identity.bitwarden.eu";
PUSH_RELAY_URI = "https://push.bitwarden.eu";
SENDMAIL_COMMAND = "/run/wrappers/bin/sendmail";
SMTP_DEBUG = false;
SMTP_FROM = "noreply@c3d2.de";
SMTP_FROM_NAME = "Vaultwarden";
SHOW_PASSWORD_HINT = false;
SIGNUPS_ALLOWED = false;
USE_SENDMAIL = true;
};
dbBackend = "postgresql";
domain = "vaultwarden.c3d2.de";
environmentFile = config.sops.secrets."vaultwarden/environment".path;
};
};
sops = {
# defaultSopsFile = ./secrets.yaml;
defaultSopsFile = ./secrets.yaml;
secrets = {
"vaultwarden/environment".owner = "vaultwarden";
};
};
system.stateVersion = "23.11";

172
hosts/vaultwarden/secrets.yaml Normal file
View File

@ -0,0 +1,172 @@
restic:
password: ENC[AES256_GCM,data:3t8PjT9cOsv4D6rhRwFSyehsQzofXaXqt/EXK7FiBPg=,iv:HlyNiUsmlma47BhNvLeuew4lx4uldDqL/O8fIsSFOPU=,tag:LBDt+WTU2+z+LfWQ8hqoIw==,type:str]
repositories:
server9: ENC[AES256_GCM,data:bU7kWorWJkUuyjJobONcif/bBhTRX1zxNI+ZjUAXos5pzpiTEMe+VrLtDPusH3Qi+tTB/kqHreb2z0o/P78pow5RjcShawWPVPqTi9DqDmM+AujI0MPW11NVf4OAnoXzkWIUGiB0lEsPEIwt,iv:nqRtZB9/XAV37Ji3t5LUvS7B5v3EnCwFM33peRe2ytA=,tag:8D6Gukx6xwaCUyEQZrpiwg==,type:str]
vaultwarden:
environment: ENC[AES256_GCM,data:LdFZlwHkw4VTBvvO8gXcSD1I0AHBVQznDME1FSbofB5WrtfKH3Bu2Kh9NsB9O94QgPolQewHgmdxVPM0OG3Gl+xC1uv8/+sof6U7xiwiJbVE/SRy9urm8/oNh0T3Br1+C+/326Wnn9+yq1ssX9RAFQkq+YVLUCgq09Janbr/RF3VddMEZjhtl6JvbFKb3wNI4wv1E7BTfehThkGykZXlKKPw5EYxynrKZ7IUsrS+Fk30RS+FRpX3NBlCNnR8kil2hlG85EwHRM1+DaB8WFQ386mEHbS+ak5C2lxtU8yx3WnBlI7mC/BVp+aXoP6Pau/Bk9m1/bsZ3oorS2aFO/UumFlr8GDvw3ajbj3vYhMoVqfpWlq8v+JiH2kaHmzTKMJ4csg5ip9mulgMtRlqgwl/qKluTaqC2G6MftnumrOreex0huH+KRAAcZHHzvS1G7VKWFGb5bg=,iv:8EXDbhA76N6Ml+JOD0fCHhUINlDntWIxLrvt+4rZ4pY=,tag:yEvo70FfwifefoCbiMx7yQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1xs22728ltpl3yh8hzvwt4g3gk8uc32lg8cqh86fp5d8c2jlvp3gshmejun
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0cGdRV2RFTlA4cUJ2aGJr
Rnp5TWJlMDFBVEZYWXBBVnVnVktVbXBzbEg4CnFwU2pIT2diUEZqWWl3L1FSME85
ejM2bkI4ckN3cFY2eE9HZTdFTXBDVzQKLS0tIFRhei82Z2hNeitraytKR0tvbHMx
N3FoUmorc2JSWThaMU40TXBxeG5xeUEKLz+AkDz4oFSB0YND8N0PAvKJ2Cl2hE2S
zJ6t30pNNPjsJFBEOtVW6yhLBIRGwZdOiAzI3MfxxOVNSGSbZxVc3g==
-----END AGE ENCRYPTED FILE-----
- recipient: age12aukzah0pt2rck52hwn08kezyxueqz2f49ld7hpyuzmu847vavdqkunn5c
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4V0dxMFgxSkVuZ2VJNng0
WmpWbTNNdExrdGtiZkNVOXdZeFExR0hUb25VClNmSllBb0pNNkFLTzBTM09Ba1k3
VGlTSHpFWFk2RkdtbVRsTXd0UmM5cUkKLS0tIEwyODd1cGFrcStFTDdPM3ozR01H
YVljODQybmFBaENvdlZtcGJNaXdyWjAK7TenBrprqo++EzurqXqatEJncCU5g0JH
9aUpNebhTuauCJQcObj89tjx0EKuafe7Nn2wgiV3hNPIGa4+YXnsSw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-12-20T22:31:55Z"
mac: ENC[AES256_GCM,data:jK6Bdee8wsTp6etUJzrwgw8yNGJ8iqYYt0aE1tPmnM4aU9mu/Fhj9kidPLIl5ghBYqapXuiFre/jivrldDfQ/xMNntSpMlYqqjgFCPlgCvDUI0auXfIdKGGB5jORzN7i3z2LPm4vX6mFTol5vdOsHzA2dg/KqOGca9zhrbbDKU8=,iv:NAKLcSGNiEjzvlU8YXAbEPpJWFn7erNQ1Lz6NeYxV/Y=,tag:+LqcZL2CUHRnYMAuAMdPpw==,type:str]
pgp:
- created_at: "2023-12-20T20:48:53Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA7zUOKwzpAE7AQ/+IRfyl1VjFVpsr4Rwkv0kibZdnxqvSpr5sCErUvrPoJdK
yVWEO+Ps7z5G7WpWwOnGKeWqpXjTqhVps34R3/RPMy+4zL9a3izGa0zKGvrJTNma
b7clOH71InPPp5RQDxyox0StM3Wwk5ItrelfGWSJxfJCxNkKjfhtrsya1bJf6zmo
/KkIlKWMYoiYqpJMvt+sQhOD9HAm3R66D5RdufF76GoeqaGAfdL36hqODs5TC7Lo
0Nf1NlpLQEyvJmZax2sv28H2gySIXocXrZhsCfEnI3VeNbCsuIEfHIS4A9bRRekQ
NzQbwPfYIoy0PkFhCUGtM8i5qUpLiK5TkpNe+Fi6BTLuY8bO5QxtGhAxoDges6Zx
VgFCD6n9ZNiV5saA07pPxsA5gglIuuRf5G53y0uD3RG4itOXJpI6ScY7emgSnSOx
ildpGPmnpzJVeNIhelRRZaJURmeVsMqIfjvzDBHbA30n7AMvqdGqzzSnt5g1qS7e
QtWE7Ei12p86XO4Xg6gkNebLJJI/nR4U9CNkaHHfYDdE1OkIiA4B6kwcjfmnZ236
kg3S+RTFBqp4LtpDBov//hpieiWn2OJQz6Nn8etF5CZp/8uvp0XCDJ2VQuhOfg4r
Pl1Ihc2K3IffPS7mFqY/tXpOGFCnSSwj0cBjtYWEIbqEiKjIQfIQl+LyHfNWFRzS
XgEdpRhxuZqMqjwZwN9N7rc/d7zzBbDQLK8CGIYKfqqpuavK+eV+f844Uz4K4hzp
wqd8MCRqeJyji8wh8tSNEEsj9kPQwxpqcno+9T37UaAj249+wIFNA3e5lHhldTQ=
=KkQQ
-----END PGP MESSAGE-----
fp: DD0998E6CDF294537FC604F991FA5E5BF9AA901C
- created_at: "2023-12-20T20:48:53Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA6j84+xkv3y7AQ/9G3gkCoMFiE+80YZw6lBQqIrMSVZPGgEe8PjLx2biqi8C
SJZJNjLvLn5XdGAY/6374TEOi0Yu+vKKt/aOfpkPrhJ3ldg1M1DaWvjFgGB0SvJ1
SPkoW3dBk2V127Bz0lgzXpzCJrUFPYgXKsJAD6b1DA9lcidoIoDNGMGx7U/iylHF
7TSSzI/qjyYDX6mmPxowxC1ydzhFhDRvctY/sIy5ouCLzEAbROyVexGTeQBQWdqm
ba1e39rIq04CXDFWG8Hupz29CDqwlKldRiCRoMjctSvpr+PABWlq89uv5WaHYbje
gUMnOFSNLcWiCGF2oQOPDGgj6Y+p9qU2tZ8SIS+B/ovw54GWG14G8uvfxe4ktWOg
IyynsmeMkhI1GfEJbZ+4GafMuY9ylQiesTuf7GGya5RvYlEJXZl0aGr28kdUlWBc
I0dBKHjRhmqbkpJLB8TXtxfBBt79kQkDfw5UrXpBlovX7UmYGl7rF+07TdrEaAKD
tU4MkOIiFgUkJ6nPv/U1RCU63ISi7UK4eEBkUQyYZQSym9/FUYYaL9m/sTF5wMwd
O1OaHcW9fy6DebtJuUIQdC+ng5riiTFpRiEqkem4G45+nHvI+2lkYYSDiBKtZeW0
uAKZqxXfvOls7UztXcH2hwsdwlSan+Ju+KWoPn9vYBEWDo2JIjFWghkpw/gDPuvS
XgH7R+ZGwqij2yFr/Uu7NQceM//dHlZyuOQtM30+GkfB/kMJj6h4ib4p8USXpgZK
8BgGA4KQHfb4BbiE3l6woCKdCoUAOKSqvzINisYh4w8/Rr/r4UX3M809xs4EsEE=
=fOp0
-----END PGP MESSAGE-----
fp: A5EE826D645DBE35F9B0993358512AE87A69900F
- created_at: "2023-12-20T20:48:53Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAwMCBBrc/JA6AQ//X0BH4wWWs3DCmXzpF5XF03LlTCbPyBr4mfQo5SV9OwiC
wif9ykFPeGgVMJpYeod3qU8IGu17e9qqJmSOcTRCVgNA/SgjDHExe8qUGrC0hOwO
eg20s3dmgZqkiCLtg/7D7P9QSp8SBxpdkKqLNDq2sLPAGdXQRhVEyIyCfuTg98hJ
Y4ANSdCtUqFpvX82oNLK8k7xL2GwDEBLubNMSjDBkYIPXmQ/vnOHWTQFLqihqV1p
xtNkAtqP6qLWD3k0W+PeF/vJKxK6FfFlw0PpivXhyxy/sPA4xnCVIBUdCvPkkdmp
Vfsa8CZpahxaxL5rfyT3vxPswh1nUyWlBF7+tTeui5L189iVdY5IclCBo3v2yuUt
JnxVrck77jpRyW31CvKiR3DC5XroybpLRUTlL5ac9rSHeEt7vK8yItRArz/lSHcq
JdVSYxlNL/89gURJMcncdRE/QavQWd/HEclYznpGwQHAypTvE4IeTJrx3whyFRB3
2HB7rlmQ7ggCUMDjxFSDbVAgRdXDYFbnlxVd+TK0SFQldo5R7Uodj5u4WjqPI81D
nTcbK494lxAKuXfjtElAJGcVB7wy9npqG35qTca7Pa5D2V1IiOSG5lTF1uTr4mgW
cFDFk3fAIj8wk1iegX68DI6+vkPin6x42IUjvjBlpzpjxPLwPKdP8m40YyL0VcHS
mAFAGzt9GQ6GFMq8FYjPd+I/J/txJIZe3mUW1KIWEjHg+6LvfBn07UXdyIEeSHQz
KhX7QIBTEULA+uEGexbqNpk70l6IG2DMiJTglySKhcBnZ+qU0iGt1wxPxdEa8nL/
5SjftbgiHJ9P+Halaqw/lDSVVaaCuvoPmKoSHZziz8RbyZUQ9fMaRKFpNbVR4CeV
K9kY537JxHDv
=Ar0v
-----END PGP MESSAGE-----
fp: 4F9F44A64CC2E438979329E1F122F05437696FCE
- created_at: "2023-12-20T20:48:53Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA/YLzOYaRIJJARAAyS0biIjy6/JASoBY5b6adOEsQ83Cu3vKGF22aZeMqWsv
CuTY67k6n/oP1mBFLSsEdpDN86BFUW+UfztmunLrxBwLeLy+qPUCopGD4hCiTcD4
CPl9dcbz07y2iTWDdc3U1HHgVn37MRA+Swzx9UN1k0NRjse3KdX4LZl/xiUs63R+
pndwNEfKalcv73oCl/K4I+SOiaEK84jWscxtBM7H1GU0EgHfoY5WFSieBsep+cN6
Twaz04fEyrw9E7FWKtMMqf8wSgl+tLyj6YyLh/+XVG55+qfnzLX7cp4fm3R2ceMF
+FJV3Ao3btXNRBFZHDfUZ61xH82lWWlVgNCqtpwVhUoPDV0AMz41uMkjMhy5EGSY
rU+CWv9v/RKQsKV57u21vjAtiMUQQh1MMj4fwq1hvKVgIvaY45qiYCgrtn9Dzi+0
gwwkTKsGnARh9mLvAlCwBxRxk4a8ync3hO1XxNR9SjvJL7fS3mI9/693M3wGjdBZ
vnmp8bR+e54Q8YuMuL68ND4HBZeZWY92yjF1peTYryepbi9MIDNwqFNeCpT4URSH
7yzE2oo3161tz58FWuAUFSSqbzcV1tdTV0xYhjqrMj1j7i/MWvIxg04sfGIEGbNv
Zju7ZoacNTuL+BNIDqAWAkrfMGxlu1zAXALdKLCF+kRQQrK/wjxpbQf8q1X9CszS
XgHPuqqnbm2mru2VFcYbCC7i7TI4Tvm8UPw5dZDPhnJGUVLoz69w9QDO5gcrOS2P
/2uKNc7pFAON/Sk2KVR1ZOkcvqzbOCu/XUO3EY+PmOxTtws4C+ishzKyw+lLMjc=
=8++X
-----END PGP MESSAGE-----
fp: 91EBE87016391323642A6803B966009D57E69CC6
- created_at: "2023-12-20T20:48:53Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA9qJIVK2WMV7AQ/9GC/AT6iMCK1Yakdafd/e2jt89hZb1cyyG+IuK1ms9D87
66+0xdeQ3vu+i0xxUFeZSQD/jS3KQpyaSlXoAVt5crnrcN/HOP3PAMzvGuwofrG8
EEQbK1O4WzIYuuFUdZ9ayddLE0952fqBg9h6HoNX2qAFdXJMOldBRevse5TqFGKp
vVQKFxUIu8FpR2mlWprBdbCc4jMfn7m1R0T9L3qLU/9/Sk4muaQOeBPB2zXxP5qJ
5zlPlBtAvBV2vkLe/Jzg+2XqxBysyPu8wbexLpcefzbxXTPkMgBf++9L2H15/d+E
IcoNTWOJwnd2bLq0jSgwzoFu499+Yl5v5F8E1a7CQ+3qK3u8rgfaZpbwrSvoq2mq
Zi1vBgFLhdghooRS+JW0YLM67bPjRvNDDSRio5Z2By9WlHYqQGMzKwhNatrU8rF2
xfbH7HQxO5A4InsmA3NRAkcj1O5Nfr+XKgPCVWVEw8iD/RaV/Mg6ZNpRZCdWdrlS
6y5il4feL/GcRes/MJD4zQJc4lYE9hvfkptWEsL6VVK+gaSt3FY0vkI6jPu/Sszv
X5LIZJV88Py9+biL5Ro3i1hCPYxERGEFk1g2lZXEz2Gzn8OrXH1NA7L7LCzyiCFc
7RIY/Su1SCOXHxa1Gjg/YCm1zOATXb72zG2od6X9uW7A5vhqZw1fLJB0cDZuI5XS
XgFY2Mp2+TsbDA8PbFT5+krk2k/58pbjibHvNcxKdV1j5rCVV9w2Pro4PpSLNBU7
saONoM+CGhXypwmfQh1fpbeObPpNkNBeykldQoZz12D1EoaYPUkxlSMD9W0QFOU=
=YI8r
-----END PGP MESSAGE-----
fp: 53B26AEDC08246715E15504B236B6291555E8401
- created_at: "2023-12-20T20:48:53Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA9XEenRNYVGHAQ//Q1bDCF6aIkppEyCHw6082/W3JsDJy/use/miRpM3KS9k
v1WBAXe49P9RY8LD6IM9AipK8kprOfZq10P8CZvbfenA0MdbFQYAQcux+OmjqhBv
jW7d0hNMBKyUp4f2wtpnBZCjYil8R1LFKXUfDLfCP2GDvWUcL/j9xAL3f+EfD0JC
fNs1LMH5WXaEf/lo51G++Di6hyng3VPT1gId7nsrqSnoIw7A7KqxCoEgwYMYy1tR
SGW2FATQ37WwygHInIgpZStbFQO03SNe+kEtXjODufxr6BqZZ+oZ1K3ZcvaRwDLI
g+nzt2R0ncg+vUYEqfbXvlg6VxApMXirziCwfEKN//foltpm3Umh/T1daN0AIxIv
Zi0euE2sGAC+0VRipFxPR4MERugwF+dcpJsl3opF/XYESiWvH/I8PSRBrlVxSSEw
JxRd8kJ21d38CgzCNBOTMtZL1rOfmUHWsA/Z8oCmdFVMzy7x/lCJa+BxY/zy6KBz
xflMLosEhuPEj29gzEuPpZjzgMyMLRZbpHvJDVrJMIFHH02OqPHMHn3nMuFWu9y2
ZvO0CsILXS2ZIvhjB2fLkvwuu1f1AihVQCN7ed0AV12B/Y06rvXoxS5cFDXjiNK5
TQGnWjyONok1bcEqbmSFixAOVgjHptvowGJ528EsFD2WrQMwINmPl1xh4I1JOKrS
XgHuU9QT/du1gqy0/6SdFJebGi1D5soZZCc7SSAFq2g56iLtgNa1TF8XuEh2rbgb
Fz8EauxQC6EFmFrmjnKY8ZNkJw+JtghA4+i/F/i6ufxkiO3lCno8uKZm5T7n7AE=
=OZxN
-----END PGP MESSAGE-----
fp: 4B12EFA69166CA8C23FC47E49CD3A46248B660CA
- created_at: "2023-12-20T20:48:53Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQEMA45bZkLXmBFpAQf/dKhs1CUnhYGxmJEeaDHblnLrJN8T0o2PJ0FOexeaejrJ
BwtJX4pMGJVCAcZQRsavKsIKQuYEc9x5EE8gndIeIbchNpg7c8Sa6m9t82bdp0Tn
cUqj67U7BMuEvxcgs6vJwfQeiRF+buz9z5TQTlmfpeQXTbS5UoZFknjWJAg6iQf4
IaGbz7vnZPZZmM5g2mzz3KI/DeWtjH2svJH8tfJfCkUssFH1HG2oWDXjuV+PNaqt
nb6mfOWCLUqv5S3LQ05bIo/c67jO/zMDkfMw40xjsXv7vhwp8R9YTfTgSR2lnVZn
/dFKeFJ+Fa7O+uurFA/JBTm1wnQU61cV6LjlJcfE4NJeAd/uK7WAvJFHqkKChyVP
Iyq6OWfmUfX73mkJK8dvnHqcDIaB/hQrs5bcvy6RZS7/w8KnfG2RIw433LA7vXzb
Jl2pJAFoeDYvBEG5bm4CvoKoiHU3Prm0VGSW/+RdKQ==
=U6O/
-----END PGP MESSAGE-----
fp: A4B0F5A80C2E2448A97BEC25BB829C4DECA6CCB9
unencrypted_suffix: _unencrypted
version: 3.8.1