diff --git a/hosts/vaultwarden/default.nix b/hosts/vaultwarden/default.nix index 5ab54dab..9049a993 100644 --- a/hosts/vaultwarden/default.nix +++ b/hosts/vaultwarden/default.nix @@ -11,15 +11,20 @@ networking.hostName = "vaultwarden"; services = { - # backup.enable = true; + backup = { + enable = true; + paths = [ "/var/lib/vaultwarden/" ]; + exclude = [ + "/var/lib/vaultwarden/icon_cache/" + "/var/lib/vaultwarden/tmp/" + ]; + }; nginx = { enable = true; virtualHosts."vaultwarden.c3d2.de" = { - default = true; forceSSL = true; enableACME = true; - locations."/".proxyPass = "http://127.0.0.1:3000"; }; }; @@ -27,10 +32,32 @@ package = pkgs.postgresql_16; # upgrade.stopServices = [ "" ]; }; + + vaultwarden = { + enable = true; + config = { + PUSH_ENABLED = true; + PUSH_IDENTITY_URI = "https://identity.bitwarden.eu"; + PUSH_RELAY_URI = "https://push.bitwarden.eu"; + SENDMAIL_COMMAND = "/run/wrappers/bin/sendmail"; + SMTP_DEBUG = false; + SMTP_FROM = "noreply@c3d2.de"; + SMTP_FROM_NAME = "Vaultwarden"; + SHOW_PASSWORD_HINT = false; + SIGNUPS_ALLOWED = false; + USE_SENDMAIL = true; + }; + dbBackend = "postgresql"; + domain = "vaultwarden.c3d2.de"; + environmentFile = config.sops.secrets."vaultwarden/environment".path; + }; }; sops = { - # defaultSopsFile = ./secrets.yaml; + defaultSopsFile = ./secrets.yaml; + secrets = { + "vaultwarden/environment".owner = "vaultwarden"; + }; }; system.stateVersion = "23.11"; diff --git a/hosts/vaultwarden/secrets.yaml b/hosts/vaultwarden/secrets.yaml new file mode 100644 index 00000000..2a3ed350 --- /dev/null +++ b/hosts/vaultwarden/secrets.yaml @@ -0,0 +1,172 @@ +restic: + password: ENC[AES256_GCM,data:3t8PjT9cOsv4D6rhRwFSyehsQzofXaXqt/EXK7FiBPg=,iv:HlyNiUsmlma47BhNvLeuew4lx4uldDqL/O8fIsSFOPU=,tag:LBDt+WTU2+z+LfWQ8hqoIw==,type:str] + repositories: + server9: ENC[AES256_GCM,data:bU7kWorWJkUuyjJobONcif/bBhTRX1zxNI+ZjUAXos5pzpiTEMe+VrLtDPusH3Qi+tTB/kqHreb2z0o/P78pow5RjcShawWPVPqTi9DqDmM+AujI0MPW11NVf4OAnoXzkWIUGiB0lEsPEIwt,iv:nqRtZB9/XAV37Ji3t5LUvS7B5v3EnCwFM33peRe2ytA=,tag:8D6Gukx6xwaCUyEQZrpiwg==,type:str] +vaultwarden: + environment: ENC[AES256_GCM,data:LdFZlwHkw4VTBvvO8gXcSD1I0AHBVQznDME1FSbofB5WrtfKH3Bu2Kh9NsB9O94QgPolQewHgmdxVPM0OG3Gl+xC1uv8/+sof6U7xiwiJbVE/SRy9urm8/oNh0T3Br1+C+/326Wnn9+yq1ssX9RAFQkq+YVLUCgq09Janbr/RF3VddMEZjhtl6JvbFKb3wNI4wv1E7BTfehThkGykZXlKKPw5EYxynrKZ7IUsrS+Fk30RS+FRpX3NBlCNnR8kil2hlG85EwHRM1+DaB8WFQ386mEHbS+ak5C2lxtU8yx3WnBlI7mC/BVp+aXoP6Pau/Bk9m1/bsZ3oorS2aFO/UumFlr8GDvw3ajbj3vYhMoVqfpWlq8v+JiH2kaHmzTKMJ4csg5ip9mulgMtRlqgwl/qKluTaqC2G6MftnumrOreex0huH+KRAAcZHHzvS1G7VKWFGb5bg=,iv:8EXDbhA76N6Ml+JOD0fCHhUINlDntWIxLrvt+4rZ4pY=,tag:yEvo70FfwifefoCbiMx7yQ==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1xs22728ltpl3yh8hzvwt4g3gk8uc32lg8cqh86fp5d8c2jlvp3gshmejun + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0cGdRV2RFTlA4cUJ2aGJr + Rnp5TWJlMDFBVEZYWXBBVnVnVktVbXBzbEg4CnFwU2pIT2diUEZqWWl3L1FSME85 + ejM2bkI4ckN3cFY2eE9HZTdFTXBDVzQKLS0tIFRhei82Z2hNeitraytKR0tvbHMx + N3FoUmorc2JSWThaMU40TXBxeG5xeUEKLz+AkDz4oFSB0YND8N0PAvKJ2Cl2hE2S + zJ6t30pNNPjsJFBEOtVW6yhLBIRGwZdOiAzI3MfxxOVNSGSbZxVc3g== + -----END AGE ENCRYPTED FILE----- + - recipient: age12aukzah0pt2rck52hwn08kezyxueqz2f49ld7hpyuzmu847vavdqkunn5c + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4V0dxMFgxSkVuZ2VJNng0 + WmpWbTNNdExrdGtiZkNVOXdZeFExR0hUb25VClNmSllBb0pNNkFLTzBTM09Ba1k3 + VGlTSHpFWFk2RkdtbVRsTXd0UmM5cUkKLS0tIEwyODd1cGFrcStFTDdPM3ozR01H + YVljODQybmFBaENvdlZtcGJNaXdyWjAK7TenBrprqo++EzurqXqatEJncCU5g0JH + 9aUpNebhTuauCJQcObj89tjx0EKuafe7Nn2wgiV3hNPIGa4+YXnsSw== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-12-20T22:31:55Z" + mac: ENC[AES256_GCM,data:jK6Bdee8wsTp6etUJzrwgw8yNGJ8iqYYt0aE1tPmnM4aU9mu/Fhj9kidPLIl5ghBYqapXuiFre/jivrldDfQ/xMNntSpMlYqqjgFCPlgCvDUI0auXfIdKGGB5jORzN7i3z2LPm4vX6mFTol5vdOsHzA2dg/KqOGca9zhrbbDKU8=,iv:NAKLcSGNiEjzvlU8YXAbEPpJWFn7erNQ1Lz6NeYxV/Y=,tag:+LqcZL2CUHRnYMAuAMdPpw==,type:str] + pgp: + - created_at: "2023-12-20T20:48:53Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA7zUOKwzpAE7AQ/+IRfyl1VjFVpsr4Rwkv0kibZdnxqvSpr5sCErUvrPoJdK + yVWEO+Ps7z5G7WpWwOnGKeWqpXjTqhVps34R3/RPMy+4zL9a3izGa0zKGvrJTNma + b7clOH71InPPp5RQDxyox0StM3Wwk5ItrelfGWSJxfJCxNkKjfhtrsya1bJf6zmo + /KkIlKWMYoiYqpJMvt+sQhOD9HAm3R66D5RdufF76GoeqaGAfdL36hqODs5TC7Lo + 0Nf1NlpLQEyvJmZax2sv28H2gySIXocXrZhsCfEnI3VeNbCsuIEfHIS4A9bRRekQ + NzQbwPfYIoy0PkFhCUGtM8i5qUpLiK5TkpNe+Fi6BTLuY8bO5QxtGhAxoDges6Zx + VgFCD6n9ZNiV5saA07pPxsA5gglIuuRf5G53y0uD3RG4itOXJpI6ScY7emgSnSOx + ildpGPmnpzJVeNIhelRRZaJURmeVsMqIfjvzDBHbA30n7AMvqdGqzzSnt5g1qS7e + QtWE7Ei12p86XO4Xg6gkNebLJJI/nR4U9CNkaHHfYDdE1OkIiA4B6kwcjfmnZ236 + kg3S+RTFBqp4LtpDBov//hpieiWn2OJQz6Nn8etF5CZp/8uvp0XCDJ2VQuhOfg4r + Pl1Ihc2K3IffPS7mFqY/tXpOGFCnSSwj0cBjtYWEIbqEiKjIQfIQl+LyHfNWFRzS + XgEdpRhxuZqMqjwZwN9N7rc/d7zzBbDQLK8CGIYKfqqpuavK+eV+f844Uz4K4hzp + wqd8MCRqeJyji8wh8tSNEEsj9kPQwxpqcno+9T37UaAj249+wIFNA3e5lHhldTQ= + =KkQQ + -----END PGP MESSAGE----- + fp: DD0998E6CDF294537FC604F991FA5E5BF9AA901C + - created_at: "2023-12-20T20:48:53Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA6j84+xkv3y7AQ/9G3gkCoMFiE+80YZw6lBQqIrMSVZPGgEe8PjLx2biqi8C + SJZJNjLvLn5XdGAY/6374TEOi0Yu+vKKt/aOfpkPrhJ3ldg1M1DaWvjFgGB0SvJ1 + SPkoW3dBk2V127Bz0lgzXpzCJrUFPYgXKsJAD6b1DA9lcidoIoDNGMGx7U/iylHF + 7TSSzI/qjyYDX6mmPxowxC1ydzhFhDRvctY/sIy5ouCLzEAbROyVexGTeQBQWdqm + ba1e39rIq04CXDFWG8Hupz29CDqwlKldRiCRoMjctSvpr+PABWlq89uv5WaHYbje + gUMnOFSNLcWiCGF2oQOPDGgj6Y+p9qU2tZ8SIS+B/ovw54GWG14G8uvfxe4ktWOg + IyynsmeMkhI1GfEJbZ+4GafMuY9ylQiesTuf7GGya5RvYlEJXZl0aGr28kdUlWBc + I0dBKHjRhmqbkpJLB8TXtxfBBt79kQkDfw5UrXpBlovX7UmYGl7rF+07TdrEaAKD + tU4MkOIiFgUkJ6nPv/U1RCU63ISi7UK4eEBkUQyYZQSym9/FUYYaL9m/sTF5wMwd + O1OaHcW9fy6DebtJuUIQdC+ng5riiTFpRiEqkem4G45+nHvI+2lkYYSDiBKtZeW0 + uAKZqxXfvOls7UztXcH2hwsdwlSan+Ju+KWoPn9vYBEWDo2JIjFWghkpw/gDPuvS + XgH7R+ZGwqij2yFr/Uu7NQceM//dHlZyuOQtM30+GkfB/kMJj6h4ib4p8USXpgZK + 8BgGA4KQHfb4BbiE3l6woCKdCoUAOKSqvzINisYh4w8/Rr/r4UX3M809xs4EsEE= + =fOp0 + -----END PGP MESSAGE----- + fp: A5EE826D645DBE35F9B0993358512AE87A69900F + - created_at: "2023-12-20T20:48:53Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAwMCBBrc/JA6AQ//X0BH4wWWs3DCmXzpF5XF03LlTCbPyBr4mfQo5SV9OwiC + wif9ykFPeGgVMJpYeod3qU8IGu17e9qqJmSOcTRCVgNA/SgjDHExe8qUGrC0hOwO + eg20s3dmgZqkiCLtg/7D7P9QSp8SBxpdkKqLNDq2sLPAGdXQRhVEyIyCfuTg98hJ + Y4ANSdCtUqFpvX82oNLK8k7xL2GwDEBLubNMSjDBkYIPXmQ/vnOHWTQFLqihqV1p + xtNkAtqP6qLWD3k0W+PeF/vJKxK6FfFlw0PpivXhyxy/sPA4xnCVIBUdCvPkkdmp + Vfsa8CZpahxaxL5rfyT3vxPswh1nUyWlBF7+tTeui5L189iVdY5IclCBo3v2yuUt + JnxVrck77jpRyW31CvKiR3DC5XroybpLRUTlL5ac9rSHeEt7vK8yItRArz/lSHcq + JdVSYxlNL/89gURJMcncdRE/QavQWd/HEclYznpGwQHAypTvE4IeTJrx3whyFRB3 + 2HB7rlmQ7ggCUMDjxFSDbVAgRdXDYFbnlxVd+TK0SFQldo5R7Uodj5u4WjqPI81D + nTcbK494lxAKuXfjtElAJGcVB7wy9npqG35qTca7Pa5D2V1IiOSG5lTF1uTr4mgW + cFDFk3fAIj8wk1iegX68DI6+vkPin6x42IUjvjBlpzpjxPLwPKdP8m40YyL0VcHS + mAFAGzt9GQ6GFMq8FYjPd+I/J/txJIZe3mUW1KIWEjHg+6LvfBn07UXdyIEeSHQz + KhX7QIBTEULA+uEGexbqNpk70l6IG2DMiJTglySKhcBnZ+qU0iGt1wxPxdEa8nL/ + 5SjftbgiHJ9P+Halaqw/lDSVVaaCuvoPmKoSHZziz8RbyZUQ9fMaRKFpNbVR4CeV + K9kY537JxHDv + =Ar0v + -----END PGP MESSAGE----- + fp: 4F9F44A64CC2E438979329E1F122F05437696FCE + - created_at: "2023-12-20T20:48:53Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA/YLzOYaRIJJARAAyS0biIjy6/JASoBY5b6adOEsQ83Cu3vKGF22aZeMqWsv + CuTY67k6n/oP1mBFLSsEdpDN86BFUW+UfztmunLrxBwLeLy+qPUCopGD4hCiTcD4 + CPl9dcbz07y2iTWDdc3U1HHgVn37MRA+Swzx9UN1k0NRjse3KdX4LZl/xiUs63R+ + pndwNEfKalcv73oCl/K4I+SOiaEK84jWscxtBM7H1GU0EgHfoY5WFSieBsep+cN6 + Twaz04fEyrw9E7FWKtMMqf8wSgl+tLyj6YyLh/+XVG55+qfnzLX7cp4fm3R2ceMF + +FJV3Ao3btXNRBFZHDfUZ61xH82lWWlVgNCqtpwVhUoPDV0AMz41uMkjMhy5EGSY + rU+CWv9v/RKQsKV57u21vjAtiMUQQh1MMj4fwq1hvKVgIvaY45qiYCgrtn9Dzi+0 + gwwkTKsGnARh9mLvAlCwBxRxk4a8ync3hO1XxNR9SjvJL7fS3mI9/693M3wGjdBZ + vnmp8bR+e54Q8YuMuL68ND4HBZeZWY92yjF1peTYryepbi9MIDNwqFNeCpT4URSH + 7yzE2oo3161tz58FWuAUFSSqbzcV1tdTV0xYhjqrMj1j7i/MWvIxg04sfGIEGbNv + Zju7ZoacNTuL+BNIDqAWAkrfMGxlu1zAXALdKLCF+kRQQrK/wjxpbQf8q1X9CszS + XgHPuqqnbm2mru2VFcYbCC7i7TI4Tvm8UPw5dZDPhnJGUVLoz69w9QDO5gcrOS2P + /2uKNc7pFAON/Sk2KVR1ZOkcvqzbOCu/XUO3EY+PmOxTtws4C+ishzKyw+lLMjc= + =8++X + -----END PGP MESSAGE----- + fp: 91EBE87016391323642A6803B966009D57E69CC6 + - created_at: "2023-12-20T20:48:53Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA9qJIVK2WMV7AQ/9GC/AT6iMCK1Yakdafd/e2jt89hZb1cyyG+IuK1ms9D87 + 66+0xdeQ3vu+i0xxUFeZSQD/jS3KQpyaSlXoAVt5crnrcN/HOP3PAMzvGuwofrG8 + EEQbK1O4WzIYuuFUdZ9ayddLE0952fqBg9h6HoNX2qAFdXJMOldBRevse5TqFGKp + vVQKFxUIu8FpR2mlWprBdbCc4jMfn7m1R0T9L3qLU/9/Sk4muaQOeBPB2zXxP5qJ + 5zlPlBtAvBV2vkLe/Jzg+2XqxBysyPu8wbexLpcefzbxXTPkMgBf++9L2H15/d+E + IcoNTWOJwnd2bLq0jSgwzoFu499+Yl5v5F8E1a7CQ+3qK3u8rgfaZpbwrSvoq2mq + Zi1vBgFLhdghooRS+JW0YLM67bPjRvNDDSRio5Z2By9WlHYqQGMzKwhNatrU8rF2 + xfbH7HQxO5A4InsmA3NRAkcj1O5Nfr+XKgPCVWVEw8iD/RaV/Mg6ZNpRZCdWdrlS + 6y5il4feL/GcRes/MJD4zQJc4lYE9hvfkptWEsL6VVK+gaSt3FY0vkI6jPu/Sszv + X5LIZJV88Py9+biL5Ro3i1hCPYxERGEFk1g2lZXEz2Gzn8OrXH1NA7L7LCzyiCFc + 7RIY/Su1SCOXHxa1Gjg/YCm1zOATXb72zG2od6X9uW7A5vhqZw1fLJB0cDZuI5XS + XgFY2Mp2+TsbDA8PbFT5+krk2k/58pbjibHvNcxKdV1j5rCVV9w2Pro4PpSLNBU7 + saONoM+CGhXypwmfQh1fpbeObPpNkNBeykldQoZz12D1EoaYPUkxlSMD9W0QFOU= + =YI8r + -----END PGP MESSAGE----- + fp: 53B26AEDC08246715E15504B236B6291555E8401 + - created_at: "2023-12-20T20:48:53Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA9XEenRNYVGHAQ//Q1bDCF6aIkppEyCHw6082/W3JsDJy/use/miRpM3KS9k + v1WBAXe49P9RY8LD6IM9AipK8kprOfZq10P8CZvbfenA0MdbFQYAQcux+OmjqhBv + jW7d0hNMBKyUp4f2wtpnBZCjYil8R1LFKXUfDLfCP2GDvWUcL/j9xAL3f+EfD0JC + fNs1LMH5WXaEf/lo51G++Di6hyng3VPT1gId7nsrqSnoIw7A7KqxCoEgwYMYy1tR + SGW2FATQ37WwygHInIgpZStbFQO03SNe+kEtXjODufxr6BqZZ+oZ1K3ZcvaRwDLI + g+nzt2R0ncg+vUYEqfbXvlg6VxApMXirziCwfEKN//foltpm3Umh/T1daN0AIxIv + Zi0euE2sGAC+0VRipFxPR4MERugwF+dcpJsl3opF/XYESiWvH/I8PSRBrlVxSSEw + JxRd8kJ21d38CgzCNBOTMtZL1rOfmUHWsA/Z8oCmdFVMzy7x/lCJa+BxY/zy6KBz + xflMLosEhuPEj29gzEuPpZjzgMyMLRZbpHvJDVrJMIFHH02OqPHMHn3nMuFWu9y2 + ZvO0CsILXS2ZIvhjB2fLkvwuu1f1AihVQCN7ed0AV12B/Y06rvXoxS5cFDXjiNK5 + TQGnWjyONok1bcEqbmSFixAOVgjHptvowGJ528EsFD2WrQMwINmPl1xh4I1JOKrS + XgHuU9QT/du1gqy0/6SdFJebGi1D5soZZCc7SSAFq2g56iLtgNa1TF8XuEh2rbgb + Fz8EauxQC6EFmFrmjnKY8ZNkJw+JtghA4+i/F/i6ufxkiO3lCno8uKZm5T7n7AE= + =OZxN + -----END PGP MESSAGE----- + fp: 4B12EFA69166CA8C23FC47E49CD3A46248B660CA + - created_at: "2023-12-20T20:48:53Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQEMA45bZkLXmBFpAQf/dKhs1CUnhYGxmJEeaDHblnLrJN8T0o2PJ0FOexeaejrJ + BwtJX4pMGJVCAcZQRsavKsIKQuYEc9x5EE8gndIeIbchNpg7c8Sa6m9t82bdp0Tn + cUqj67U7BMuEvxcgs6vJwfQeiRF+buz9z5TQTlmfpeQXTbS5UoZFknjWJAg6iQf4 + IaGbz7vnZPZZmM5g2mzz3KI/DeWtjH2svJH8tfJfCkUssFH1HG2oWDXjuV+PNaqt + nb6mfOWCLUqv5S3LQ05bIo/c67jO/zMDkfMw40xjsXv7vhwp8R9YTfTgSR2lnVZn + /dFKeFJ+Fa7O+uurFA/JBTm1wnQU61cV6LjlJcfE4NJeAd/uK7WAvJFHqkKChyVP + Iyq6OWfmUfX73mkJK8dvnHqcDIaB/hQrs5bcvy6RZS7/w8KnfG2RIw433LA7vXzb + Jl2pJAFoeDYvBEG5bm4CvoKoiHU3Prm0VGSW/+RdKQ== + =U6O/ + -----END PGP MESSAGE----- + fp: A4B0F5A80C2E2448A97BEC25BB829C4DECA6CCB9 + unencrypted_suffix: _unencrypted + version: 3.8.1