From 087a8a6220704301f1c6f56e8a16d6054cd6d65e Mon Sep 17 00:00:00 2001 From: ahtlon Date: Thu, 18 Dec 2025 18:57:42 +0100 Subject: [PATCH 1/6] [Vaultwarden] outline --- machines/.sops.yaml | 7 +++ machines/vaultwarden/configuration.nix | 60 ++++++++++++++++++++++++++ machines/vaultwarden/secrets.yaml | 55 +++++++++++++++++++++++ 3 files changed, 122 insertions(+) create mode 100644 machines/vaultwarden/configuration.nix create mode 100644 machines/vaultwarden/secrets.yaml diff --git a/machines/.sops.yaml b/machines/.sops.yaml index 7a4260d9..5e5ef727 100644 --- a/machines/.sops.yaml +++ b/machines/.sops.yaml @@ -95,6 +95,13 @@ creation_rules: - *admin_kalipso_dsktp age: - *admin_atlan + - path_regex: vaultwarden/secrets.yaml$ + key_groups: + - pgp: + - *admin_kalipso + - *admin_kalipso_dsktp + age: + - *admin_atlan - path_regex: .*/secrets/.* key_groups: - pgp: diff --git a/machines/vaultwarden/configuration.nix b/machines/vaultwarden/configuration.nix new file mode 100644 index 00000000..393b6ef7 --- /dev/null +++ b/machines/vaultwarden/configuration.nix @@ -0,0 +1,60 @@ +{ config, lib, pkgs, inputs, ... }: + +with lib; + +{ + sops.defaultSopsFile = ./secrets.yaml; + sops.secrets = { + vaultUser = {}; + vaultPass = {}; + }; + networking = { + hostName = mkDefault "uptimekuma"; + useDHCP = false; + }; + + imports = [ + ../modules/malobeo_user.nix + ../modules/sshd.nix + ]; + + networking.firewall.allowedTCPPorts = [ 80 ]; + + services.nginx = { + enable = true; + virtualHosts."status.malobeo.org" = { + locations."/" = { + proxyPass = "http://127.0.0.1:3001"; + extraConfig = '' + ''; + }; + + }; + }; + + services.vaultwarden = { + enable = true; + backupDir = ""; + enviromentDile = sops.nochewas.file ; + config = { + DOMAIN = "keys.malobeo.org"; #maybe vault.malobeo.org + SIGNUPS_ALLOWED = true; + #WEBSERVER + ROCKET_ADDRESS = "::1"; + ROCKET_PORT = 8222; + ROCKET_LOG = "critical"; + #EMAIL + SMTP_HOST = "mail.systemli.org"; + SMTP_PORT = 465; + SMTP_SECURITY = "force_tls"; + SMTP_USERNAME = sops.smtpUser; + SMTP_PASSWORD = sops.smtpPass; + + SMTP_FROM = "malobot@systemli.org"; + SMTP_FROM_NAME = "Malobeo Vaultwarden Server"; + }; + }; + + system.stateVersion = "22.11"; # Did you read the comment? +} + diff --git a/machines/vaultwarden/secrets.yaml b/machines/vaultwarden/secrets.yaml new file mode 100644 index 00000000..417196b6 --- /dev/null +++ b/machines/vaultwarden/secrets.yaml @@ -0,0 +1,55 @@ +smtpUser: ENC[AES256_GCM,data:BsHFhpQtQ2Jhi3nuhJXjReJvbzU=,iv:jdSLeAgYj8JFSsLU3ZiVCG2ox8ZBo/HV6szCQUU5YWQ=,tag:XjS12SnmC6NNhWcTUvEhlA==,type:str] +sops: + age: + - recipient: age1ljpdczmg5ctqyeezn739hv589fwhssjjnuqf7276fqun6kc62v3qmhkd0c + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYRnd3NGpkWjZVZjYxZ2VP + QUpTMjNwTml3NW8zL2o2c2R0TE53aEtlK0JNCi9jTjhZVXNMZ29oNDIrbFJBenkz + UkVBKzBQVUlYREc3bkxRb1R6RE5MaUUKLS0tIDJmdmlidmZCOXU5dDdFRmY2Q2pu + bWhRZS9oamtQYnRZVnI1clVGNytHWlkKb1hYwkqfSiMCVFOWraCiWoAU1Ua/U0Kc + 2UnXRByOST5hfKkTnpJ0765UATUny0K53H/ieMR0cyQxE3aCbk5AfA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-12-18T17:56:54Z" + mac: ENC[AES256_GCM,data:/TofX/71rLHMpin9hhKcXQRTuCb+CXkTkHtZozuqSL0SHR0hTacLNZrmkPlzYlxmvzYsJekBOWTfrhxOD5cOhdOhfsZ/zhXi0e3RVDBPDE//faARYvbQ9IJGsDOGQzaZopwXx098MVNGj3NP6XqDgCI5aDXfL8Uklg0ORTXfPwE=,iv:Th7+EY9BdV8nmMi7rYQjgLN8nxDOwNSiWy3movkyIAw=,tag:caMd5aeQbaVAWbYJYe5K+A==,type:str] + pgp: + - created_at: "2025-12-18T17:32:21Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQGMA5HdvEwzh/H7AQv/X02f2/84Twa9Sgj7husyP8ZOva1gsUnakZRd670K1Vxe + Z7eY4THMkP59qtbzCDkop0GulM1WNXd3jocT169WKYA5+myjNl131Ppn/DfAHMCk + QqguILH7K8X7zQkDU6Y4LE2sLuxYeoYz7aptdwoZpWZRKJjX6Q0pFrbFLZP54CJD + BXqcRAGHXSmr8lMJVmaQolzyn9B08Vv/D1LTfgI9qA+K+sxjKQopOjvv03NFSM67 + PbNNqjQpToM2LaFJTfxXrwljRUkt1BN98wxKlFRIKVbb4spezYHFU+zf5XqM8+sg + V9mIGw/5lhYPfSB9EN/2mcqabaWFEqmhBRKRHVirXWBrUmvb5+cKTRQ93zM7Lipr + prz7MK+1DRxB5BgKxOiLTz+q/1JlmwpulxBBSSd8o3nHhpjEyaMBoa30TYuUWAVl + lW8zCC9H0H8vnqam2OXalu6tu8jvQ6AIquQGOKb3NtWf6pCTQNv0F7t0AWK2zkUL + WjrkEiG3lv3vGJeVGq9U0lgBj8HtXnnHsDMJkhPGClQeJcWiv7Tj8f79+Mni8QhM + dVWXVesg+dsUazptP35n2S2XlLY8Jk3tyD1KTLrt5R/MMGhAZOmgPS4I4q+zrZSj + S0Dj9iTJcJ/F + =YEYS + -----END PGP MESSAGE----- + fp: c4639370c41133a738f643a591ddbc4c3387f1fb + - created_at: "2025-12-18T17:32:21Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA98TrrsQEbXUAQ/+LMZHO0oxmlivnL1qKaDz5JKAL718pHmjshxc53gUo4aN + x9WC4USniK8IMV4MTZUxti/ekJ5Bxd+myMMIORHE4R1q1FNO1tWx9n8PXAVhIrDx + XF/2NZKzUzCHd3OE3GvS+LSTITLnJdtSuAOPA9MjOeC2TU52r3CkNxUfYMjLYIuk + soZi8HfTWVfXKyEq300CLdEqoiaN6lqaxY+e0LoiQjPTpZSs0KhpcjvvmKBpZI0x + temAZ+VbEU93DuCVxsXQAQria5GUYs66237goctBjto6G0uOyzJ3lOE17ThDkL8J + PpbmoR+CkT++lJnSeeRuhF5FYaVWPl0LDGVLAQrkeblGUjhLtzSrN/ZNyjhGaYdk + zlUOFUNVlaok1fcC+8PNsfcna7keLW+N4YPTeZQljjH1uWvdzIZaJto1TaDYrSyu + EVF4J0FDThMCu7fyf0TrbqE8n7xs/1F7BBfhUC0wWztX4sNo9mNBZK1d96ihFlzB + FRBjrAKCGSD4eZcwaJZB/4NoipFDUh9kmQemmSalDNaHjvdXsT4euY4JNqwKw2iK + 76EYBym1fvEaOeYvoOotLU3vrW6dH0YNEf0+Zvtl8XiUHlDCnxeLaBoVybA7p+Rt + 0J/S3wPMubikTuq3mSsJcUM8c25sRBD90LjZsAcwKbmfDZntkTNGUr3AEaBdEyTS + WAGKfeJiKoH24BQrslUV8V4i4Fcz6xh1tb11Dmg9XcEiZm4+IF/P+UvjHgXanVdu + GvEauo1dOpGu+L8xc68fSFfMNQcWDJ1UmZIyJ3FLDbaxI/66H041peA= + =YUFg + -----END PGP MESSAGE----- + fp: aef8d6c7e4761fc297cda833df13aebb1011b5d4 + unencrypted_suffix: _unencrypted + version: 3.11.0 From 2d9e65442ec0bdc77b574bc81eebf206858fbffc Mon Sep 17 00:00:00 2001 From: kalipso Date: Mon, 26 Jan 2026 21:13:09 +0100 Subject: [PATCH 2/6] [vaultwarden] add forward proxy through vpn --- machines/durruti/host_config.nix | 11 +++++++++++ machines/fanny/configuration.nix | 9 +++++++++ machines/vpn/configuration.nix | 9 +++++++++ 3 files changed, 29 insertions(+) diff --git a/machines/durruti/host_config.nix b/machines/durruti/host_config.nix index b4e1d0d2..229b2389 100644 --- a/machines/durruti/host_config.nix +++ b/machines/durruti/host_config.nix @@ -57,6 +57,17 @@ in }; }; + services.nginx.virtualHosts."keys.malobeo.org" = { + forceSSL = true; + enableACME= true; + locations."/" = { + proxyPass = "http://10.0.0.10"; + extraConfig = '' + ''; + }; + }; + + services.nginx.virtualHosts."grafana.malobeo.org" = { forceSSL = true; enableACME= true; diff --git a/machines/fanny/configuration.nix b/machines/fanny/configuration.nix index 7300e51f..b4781814 100644 --- a/machines/fanny/configuration.nix +++ b/machines/fanny/configuration.nix @@ -173,6 +173,15 @@ in }; }; + virtualHosts."keys.malobeo.org" = { + locations."/" = { + proxyPass = "http://10.0.0.16"; + extraConfig = '' + proxy_set_header Host $host; + ''; + }; + }; + virtualHosts."grafana.malobeo.org" = { locations."/" = { proxyPass = "http://10.0.0.14"; diff --git a/machines/vpn/configuration.nix b/machines/vpn/configuration.nix index 2eeafefa..f41fcf62 100644 --- a/machines/vpn/configuration.nix +++ b/machines/vpn/configuration.nix @@ -53,6 +53,15 @@ with lib; }; }; + virtualHosts."keys.malobeo.org" = { + locations."/" = { + proxyPass = "http://10.100.0.101"; + extraConfig = '' + proxy_set_header Host $host; + ''; + }; + }; + virtualHosts."grafana.malobeo.org" = { locations."/" = { proxyPass = "http://10.100.0.101"; From 55825fb4b7168f83ee31077ec5e8df5e18f9c36e Mon Sep 17 00:00:00 2001 From: kalipso Date: Mon, 26 Jan 2026 21:13:35 +0100 Subject: [PATCH 3/6] [vaultwarden] add to hosts --- machines/hosts.nix | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/machines/hosts.nix b/machines/hosts.nix index 41dee837..666d14bd 100644 --- a/machines/hosts.nix +++ b/machines/hosts.nix @@ -75,6 +75,14 @@ }; }; + vaultwarden = { + type = "microvm"; + network = { + address = "10.0.0.16"; + mac = "D0:E5:CA:F0:D7:F2"; + }; + }; + testvm = { type = "host"; }; From db9dec5c79a47f6bc49d4cb9dac64873ef504511 Mon Sep 17 00:00:00 2001 From: kalipso Date: Mon, 26 Jan 2026 21:14:03 +0100 Subject: [PATCH 4/6] [vaultwarden] fix config --- machines/vaultwarden/configuration.nix | 30 +++++++++++++++----------- machines/vaultwarden/secrets.yaml | 7 +++--- 2 files changed, 22 insertions(+), 15 deletions(-) diff --git a/machines/vaultwarden/configuration.nix b/machines/vaultwarden/configuration.nix index 393b6ef7..986a8b40 100644 --- a/machines/vaultwarden/configuration.nix +++ b/machines/vaultwarden/configuration.nix @@ -5,11 +5,18 @@ with lib; { sops.defaultSopsFile = ./secrets.yaml; sops.secrets = { - vaultUser = {}; - vaultPass = {}; + vaultwarden_env = { + owner = "vaultwarden"; + group = "vaultwarden"; + }; + + vaultwarden_smtp = { + owner = "vaultwarden"; + group = "vaultwarden"; + }; }; networking = { - hostName = mkDefault "uptimekuma"; + hostName = mkDefault "vaultwarden"; useDHCP = false; }; @@ -22,33 +29,32 @@ with lib; services.nginx = { enable = true; - virtualHosts."status.malobeo.org" = { + virtualHosts."keys.malobeo.org" = { locations."/" = { - proxyPass = "http://127.0.0.1:3001"; + proxyPass = "http://127.0.0.1:${toString config.services.vaultwarden.config.ROCKET_PORT}"; extraConfig = '' ''; }; - }; }; services.vaultwarden = { enable = true; - backupDir = ""; - enviromentDile = sops.nochewas.file ; + backupDir = "/var/local/vaultwarden/backup"; + environmentFile = config.sops.secrets.vaultwarden_env.path; config = { - DOMAIN = "keys.malobeo.org"; #maybe vault.malobeo.org + DOMAIN = "http://keys.malobeo.org"; SIGNUPS_ALLOWED = true; #WEBSERVER - ROCKET_ADDRESS = "::1"; + ROCKET_ADDRESS = "127.0.0.1"; ROCKET_PORT = 8222; ROCKET_LOG = "critical"; #EMAIL SMTP_HOST = "mail.systemli.org"; SMTP_PORT = 465; SMTP_SECURITY = "force_tls"; - SMTP_USERNAME = sops.smtpUser; - SMTP_PASSWORD = sops.smtpPass; + SMTP_USERNAME = "malobot@systemli.org"; + SMTP_PASSWORD = config.sops.secrets.vaultwarden_smtp.path; SMTP_FROM = "malobot@systemli.org"; SMTP_FROM_NAME = "Malobeo Vaultwarden Server"; diff --git a/machines/vaultwarden/secrets.yaml b/machines/vaultwarden/secrets.yaml index 417196b6..9130d9b7 100644 --- a/machines/vaultwarden/secrets.yaml +++ b/machines/vaultwarden/secrets.yaml @@ -1,4 +1,5 @@ -smtpUser: ENC[AES256_GCM,data:BsHFhpQtQ2Jhi3nuhJXjReJvbzU=,iv:jdSLeAgYj8JFSsLU3ZiVCG2ox8ZBo/HV6szCQUU5YWQ=,tag:XjS12SnmC6NNhWcTUvEhlA==,type:str] +vaultwarden_smtp: ENC[AES256_GCM,data:qO0aePdHhMORHBY7c4u0byO4IngEmYPe2gC3ASOwc3U=,iv:u6z9j94zNGp40Li+AyEeJPME7doJ7+tfKk4VfYVaGVU=,tag:gxvs6AxKTQ83/rPWnS/tOA==,type:str] +vaultwarden_env: ENC[AES256_GCM,data:XW6kguaPOfPcf2J+Dve/pEUGD9V8d62vBaGFkeXt/FqjzSojUpvS/Bz4lj2AgMQHs/DeVnvoKl5nz/i6nisAfLhcz2JXn5keAAMOXg==,iv:C9PmNffXZzZtkmeshs8fD2DNIZKW61esNRp6pBkO+aU=,tag:bt+TavMjwR2k6IpYwhm9Yg==,type:str] sops: age: - recipient: age1ljpdczmg5ctqyeezn739hv589fwhssjjnuqf7276fqun6kc62v3qmhkd0c @@ -10,8 +11,8 @@ sops: bWhRZS9oamtQYnRZVnI1clVGNytHWlkKb1hYwkqfSiMCVFOWraCiWoAU1Ua/U0Kc 2UnXRByOST5hfKkTnpJ0765UATUny0K53H/ieMR0cyQxE3aCbk5AfA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-12-18T17:56:54Z" - mac: ENC[AES256_GCM,data:/TofX/71rLHMpin9hhKcXQRTuCb+CXkTkHtZozuqSL0SHR0hTacLNZrmkPlzYlxmvzYsJekBOWTfrhxOD5cOhdOhfsZ/zhXi0e3RVDBPDE//faARYvbQ9IJGsDOGQzaZopwXx098MVNGj3NP6XqDgCI5aDXfL8Uklg0ORTXfPwE=,iv:Th7+EY9BdV8nmMi7rYQjgLN8nxDOwNSiWy3movkyIAw=,tag:caMd5aeQbaVAWbYJYe5K+A==,type:str] + lastmodified: "2026-01-26T13:35:26Z" + mac: ENC[AES256_GCM,data:aNkKvu/J+5WlVoYPffLg+jvIxIMR8NE5LbAP5asOauoaLAlnoXDhN+x3ipLoyoZ/VTxTnlYc2oiuSJBmc5LlGxrxYnhpYYoS+PES3cVuZdPo1AhvTDROsMgXKpa49yjzzLF4mNGwNZtCXxw47pwfRGidigRM5FgMhekvPKR4LGU=,iv:FPBulFijcQdHWampt+gY+6gfYY+GagBn+lFy4R9Q8Z8=,tag:/oCKV5McpQ3KnDZJdSjAGA==,type:str] pgp: - created_at: "2025-12-18T17:32:21Z" enc: |- From 5517d3b1367dec05a0c55fa96d94406946fa2da4 Mon Sep 17 00:00:00 2001 From: kalipso Date: Mon, 26 Jan 2026 21:22:14 +0100 Subject: [PATCH 5/6] [fanny] deploy vaultwarden --- machines/fanny/configuration.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/machines/fanny/configuration.nix b/machines/fanny/configuration.nix index b4781814..1617b5bf 100644 --- a/machines/fanny/configuration.nix +++ b/machines/fanny/configuration.nix @@ -135,6 +135,7 @@ in "nextcloud" "durruti" "zineshop" + "vaultwarden" ]; networking = { From 73cc0e3674fed29db8e729be7e6e7bd799cb7100 Mon Sep 17 00:00:00 2001 From: ahtlon Date: Tue, 3 Feb 2026 22:03:55 +0100 Subject: [PATCH 6/6] [vaultwarden] change all secrets to use env file; add dummy.yaml --- machines/vaultwarden/configuration.nix | 6 --- machines/vaultwarden/dummy.yaml | 64 ++++++++++++++++++++++++++ machines/vaultwarden/secrets.yaml | 7 ++- 3 files changed, 67 insertions(+), 10 deletions(-) create mode 100644 machines/vaultwarden/dummy.yaml diff --git a/machines/vaultwarden/configuration.nix b/machines/vaultwarden/configuration.nix index 986a8b40..8ae1e299 100644 --- a/machines/vaultwarden/configuration.nix +++ b/machines/vaultwarden/configuration.nix @@ -9,11 +9,6 @@ with lib; owner = "vaultwarden"; group = "vaultwarden"; }; - - vaultwarden_smtp = { - owner = "vaultwarden"; - group = "vaultwarden"; - }; }; networking = { hostName = mkDefault "vaultwarden"; @@ -54,7 +49,6 @@ with lib; SMTP_PORT = 465; SMTP_SECURITY = "force_tls"; SMTP_USERNAME = "malobot@systemli.org"; - SMTP_PASSWORD = config.sops.secrets.vaultwarden_smtp.path; SMTP_FROM = "malobot@systemli.org"; SMTP_FROM_NAME = "Malobeo Vaultwarden Server"; diff --git a/machines/vaultwarden/dummy.yaml b/machines/vaultwarden/dummy.yaml new file mode 100644 index 00000000..33302f46 --- /dev/null +++ b/machines/vaultwarden/dummy.yaml @@ -0,0 +1,64 @@ +vaultwarden_env: ENC[AES256_GCM,data:dgEYC2VcGKrIvts9sw60kmEemhRdaaLWvsEQjAE52mAfhA29iLpB/sKXt3bxRGV8gpSF8OQoXdniWwCrDhOWUihawy2WFhLENamIyY4tVBOKkEtkhQDkoAhZ1VCShb1fgN+BzfM=,iv:zvg1uh8fxeHNFOq/DpicwAk+5j1fDogrnpTX5Ua0yDQ=,tag:rcyLE928+DQF41y4ztvMbQ==,type:str] +sops: + age: + - recipient: age18jn5mrfs4gqrnv0e2sxsgh3kq4sgxx39hwr8z7mz9kt7wlgaasjqlr88ng + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1ZE9qK2tmTWxERklOSFdZ + bVVUbW5aajFrWkVBREZtallvS1dreGNFVjJFCmdBdGNQQzZkMUp4dzZUYTg1Tmgr + K3BmajYxY01jdVVubmRUUy8rNm9oVTgKLS0tIGNtTTQwWUdzaXpjVGt5aTEvUFZy + UWlGRzhPcDlVb0s2OGJTOTBVS2RKVDAKKyFK+ISjqbwOftiDn5uuIJfAl3fkX4C9 + iNHl84utfFyeUnJJK59uX3YGY8B4wEG7L3/hPt9gLtuX6Ey64yusIA== + -----END AGE ENCRYPTED FILE----- + - recipient: age1ljpdczmg5ctqyeezn739hv589fwhssjjnuqf7276fqun6kc62v3qmhkd0c + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0Y1l4Uzd1TjlKbHpuQ01v + YnFFWWRNNU1relVHSTk4ZjE5eXdnS2czZWpBCnJwbmRhdUtkVDUrcnFJSmVmcjBJ + eVBDd0l5bEovZEpRdEZMTlFMUFJ1UjAKLS0tIGo5bEQ3Tis0aXcyc1JxSVRCeXFU + OXFDMHExSWQ4U0RleXBqaXBGcnhEUmsKmBGLpusD28V406Gz9uHV0N43J9wEWkY3 + WJ8R2OjVeRfMmOriWLzEkHHJw+3DJc9abzSOoIS/ViN30MkhdqzOMA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2026-02-03T20:56:51Z" + mac: ENC[AES256_GCM,data:zkykMvBMjSmyhSPFTvyeUVZZwu0Fb4cgXD4m4lWQWKEXiHeCHQEy6YIxqutdW6vjaO/P64Hk72OH4Dh/gDl+riMbWIpFwtkzIWvclqui+PmdMoRG7u8oLa7wE9C/zypTw0yzbREyeoouIZq4zzWZsCmljfgcYSpMpQxdWgYkkbU=,iv:WbW7NAZUb2B7421chzK9LDUEkpGJ9rvnuA3jW3VjlZs=,tag:HiOV2LSLqsv+XGrVB0MugQ==,type:str] + pgp: + - created_at: "2026-02-03T20:09:53Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQGMA5HdvEwzh/H7AQwAmyshbidzh+sGpxfFEAbvcLv02pt31PopMM9XzceV0z17 + 7MaJ8+qZpif1SMpyjNmrZ4vvBa/nGF55tHLGQ+jijsEqqOqnR1+MihxLBX71wRVj + G9VdoaSnlKTgXLbtimo7qRjNIm4UaONLIw9M7l4DwhUNxYucNEr2eFy2wzrNgmDF + As5NswJXap0maBb78ieevqlTa7mE5I9FyBgTDsMubBZpD9CU6+vav9KrYLwgDuKj + X2SFfIo3SJdZFHDTTS3e/DTpRRf80bJ5PDChiDZ3Qr3SmaV7m+0V2EMRT7duoZ7J + bremMsVJo+0RhuncLgIWXFDiqU43VVfriQJeTFFTaqzqqnWTn+1Nx1ORH5NmhBhk + qMi2Eqc7K15Q/0AU8lHYOOvYdn62OjdyJciCBq/hTSscEpRxJNvz5G+WChMJyU6X + PytHqw2mFNs3jx3DleAZat+SBD8aa1e4ORC5AIVVAaVdsT4a1lFJ5V1jlk5ddg55 + tFPh2qOqGX4V6HBBZS740lgBo7EYNFeKleDKCN8jjJYyUUfC13JnaWJy/5/9xMyi + YtTh7w5lTFV349zlBZSLqPuunanGN+dylWSZZrp5XTw7Q/rpa7za5LwjcDQpwaY1 + FaFNoImglFKQ + =C4re + -----END PGP MESSAGE----- + fp: c4639370c41133a738f643a591ddbc4c3387f1fb + - created_at: "2026-02-03T20:09:53Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA98TrrsQEbXUAQ//Z6puWp6MFQZgNp95JMkCJyVMKAYDUJ4d/WRMWWxaA8pt + dtWokpON0st30dhXBGsicUGjAsM15gIuN3d5I2hDQqGA5Dt2LchBjdt392FoTpij + fdwUKpwhi91j71PrbRP1iCS6+66t5rDmUk8AWNv+9eA/4xJ+JQKgZWpBv19qbc9i + sb6IjhuZ3/m1Yooh7LywKUM/5qeWSeH5QFfpbhrCLLEmpL6W4/6LMl/HcF+on4h6 + 6bMZQoT+cFInBw9N3Rq4B8ffwahlkf2bv17k8sjEBvrH+rpFi85Kh0pBB8elPiUr + 4zMJkuZZcv4YfUFoxSqVcUee5uen8RtoOHMM2tSuEq8Mjo86oIA95JkROhGLq9qz + NPq7k4DyotMf/2T6fZJ1nQOWAoH9ZJp4Q10qTc/Xg4xzWBlpwZh9oaLBw+HdUsYm + mP2ZvPw1/FHJuP2RhMz/kbEoeABm3JMGFPg1BmvVudZsr7kLpByPRGcKtm3qjARW + 9+6fp0AYXw3C1fpYsQC+CwaSaw57GiiITtGTHCWR70yuV+G3ev/uqsFjj+96c8gy + h7hJaI0Ff2bFakkuwRb64UsY4FjJel1oyvDbW6y2IIswwYpzBEMV5ANzPGMIvw/G + x1+olgWwhXTaLZ9jIaVDfcZ2SL6v6VcMoOBhiWbeqdm+BFEkZsOitZARDIcl1trS + WAGu6rvESbtRp/G1ATxmP9xHCTfjNHKRj8D1eHfkObjFFG2DSL9BXozBBuvkJi8H + CPqVEOQZMheyU2ZnH1JNXQyANBAllEJ++XdFB5RvcTNxxeJS/APS9NM= + =zSyS + -----END PGP MESSAGE----- + fp: aef8d6c7e4761fc297cda833df13aebb1011b5d4 + unencrypted_suffix: _unencrypted + version: 3.11.0 diff --git a/machines/vaultwarden/secrets.yaml b/machines/vaultwarden/secrets.yaml index 9130d9b7..2ff0d537 100644 --- a/machines/vaultwarden/secrets.yaml +++ b/machines/vaultwarden/secrets.yaml @@ -1,5 +1,4 @@ -vaultwarden_smtp: ENC[AES256_GCM,data:qO0aePdHhMORHBY7c4u0byO4IngEmYPe2gC3ASOwc3U=,iv:u6z9j94zNGp40Li+AyEeJPME7doJ7+tfKk4VfYVaGVU=,tag:gxvs6AxKTQ83/rPWnS/tOA==,type:str] -vaultwarden_env: ENC[AES256_GCM,data:XW6kguaPOfPcf2J+Dve/pEUGD9V8d62vBaGFkeXt/FqjzSojUpvS/Bz4lj2AgMQHs/DeVnvoKl5nz/i6nisAfLhcz2JXn5keAAMOXg==,iv:C9PmNffXZzZtkmeshs8fD2DNIZKW61esNRp6pBkO+aU=,tag:bt+TavMjwR2k6IpYwhm9Yg==,type:str] +vaultwarden_env: ENC[AES256_GCM,data:AsgpcUGW8y5WKL+9pOYemupgB6eVlMSLYj7uCFtYQFisjGcCwBFcGTKRpzMysroo32Ugicl8WImGybrmqdJ/Xht9lAx2ralNHrgSpps3QFg+c34LFVP/F1FO3Vk+jjU00XcV1uVghxpRh95HSTEVuu9kgjYeWpAQVqp68Ku2Dww=,iv:/9l4smzqPpB5Qr+mcroiLUnRg+9GQ+pmxF523N1bOIU=,tag:jBmrxvfA8HG1Gp1KHgwssw==,type:str] sops: age: - recipient: age1ljpdczmg5ctqyeezn739hv589fwhssjjnuqf7276fqun6kc62v3qmhkd0c @@ -11,8 +10,8 @@ sops: bWhRZS9oamtQYnRZVnI1clVGNytHWlkKb1hYwkqfSiMCVFOWraCiWoAU1Ua/U0Kc 2UnXRByOST5hfKkTnpJ0765UATUny0K53H/ieMR0cyQxE3aCbk5AfA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2026-01-26T13:35:26Z" - mac: ENC[AES256_GCM,data:aNkKvu/J+5WlVoYPffLg+jvIxIMR8NE5LbAP5asOauoaLAlnoXDhN+x3ipLoyoZ/VTxTnlYc2oiuSJBmc5LlGxrxYnhpYYoS+PES3cVuZdPo1AhvTDROsMgXKpa49yjzzLF4mNGwNZtCXxw47pwfRGidigRM5FgMhekvPKR4LGU=,iv:FPBulFijcQdHWampt+gY+6gfYY+GagBn+lFy4R9Q8Z8=,tag:/oCKV5McpQ3KnDZJdSjAGA==,type:str] + lastmodified: "2026-02-03T20:58:16Z" + mac: ENC[AES256_GCM,data:zxM4GRwlcYoJF51Hbe0VfWvO9PrHQeCUTrGgiVgrP91qX51WTGWfCQfAVAouT3sEvE6Ie5bnAMUWjVjIrnRS6WUCQwUBwFYYUKIkJPooKwlvXRAuZ9UGZERi0/i43WKwB3/xSyVqRb9T5M6exjlkYCuE4Yv3lSEUiIn8fu/Zaas=,iv:D6f3V19E+4qukW8i9wKtNPKfYgD3OXztkICMhD24IzY=,tag:e97txZiaqDPxCLQUbNHwwg==,type:str] pgp: - created_at: "2025-12-18T17:32:21Z" enc: |-