[vaultwarden] fix config

2026-01-26 21:14:03 +01:00
parent 55825fb4b7
commit db9dec5c79
2 changed files with 22 additions and 15 deletions
--- a/machines/vaultwarden/configuration.nix
+++ b/machines/vaultwarden/configuration.nix
@@ -5,11 +5,18 @@ with lib;
 {
  sops.defaultSopsFile = ./secrets.yaml;
  sops.secrets = {
-    vaultUser = {};
-    vaultPass = {};
+    vaultwarden_env = {
+      owner = "vaultwarden";
+      group = "vaultwarden";
+    };
+
+    vaultwarden_smtp = {
+      owner = "vaultwarden";
+      group = "vaultwarden";
+    };
  };
  networking = {
-    hostName = mkDefault "uptimekuma";
+    hostName = mkDefault "vaultwarden";
    useDHCP = false;
  };

@@ -22,33 +29,32 @@ with lib;

  services.nginx = {
    enable = true;
-    virtualHosts."status.malobeo.org" = {
+    virtualHosts."keys.malobeo.org" = {
      locations."/" = {
-        proxyPass = "http://127.0.0.1:3001";
+        proxyPass = "http://127.0.0.1:${toString config.services.vaultwarden.config.ROCKET_PORT}";
        extraConfig = ''
        '';
      };
-
    };
  };

  services.vaultwarden = {
    enable = true;
-    backupDir = "";
-    enviromentDile = sops.nochewas.file ;
+    backupDir = "/var/local/vaultwarden/backup";
+    environmentFile = config.sops.secrets.vaultwarden_env.path;
    config = {
-      DOMAIN = "keys.malobeo.org"; #maybe vault.malobeo.org
+      DOMAIN = "http://keys.malobeo.org";
      SIGNUPS_ALLOWED = true;
      #WEBSERVER
-      ROCKET_ADDRESS = "::1";
+      ROCKET_ADDRESS = "127.0.0.1";
      ROCKET_PORT = 8222;
      ROCKET_LOG = "critical";
      #EMAIL
      SMTP_HOST = "mail.systemli.org";
      SMTP_PORT = 465;
      SMTP_SECURITY = "force_tls";
-      SMTP_USERNAME = sops.smtpUser;
-      SMTP_PASSWORD = sops.smtpPass;
+      SMTP_USERNAME = "malobot@systemli.org";
+      SMTP_PASSWORD = config.sops.secrets.vaultwarden_smtp.path;

      SMTP_FROM = "malobot@systemli.org";
      SMTP_FROM_NAME = "Malobeo Vaultwarden Server";
--- a/machines/vaultwarden/secrets.yaml
+++ b/machines/vaultwarden/secrets.yaml
@@ -1,4 +1,5 @@
-smtpUser: ENC[AES256_GCM,data:BsHFhpQtQ2Jhi3nuhJXjReJvbzU=,iv:jdSLeAgYj8JFSsLU3ZiVCG2ox8ZBo/HV6szCQUU5YWQ=,tag:XjS12SnmC6NNhWcTUvEhlA==,type:str]
+vaultwarden_smtp: ENC[AES256_GCM,data:qO0aePdHhMORHBY7c4u0byO4IngEmYPe2gC3ASOwc3U=,iv:u6z9j94zNGp40Li+AyEeJPME7doJ7+tfKk4VfYVaGVU=,tag:gxvs6AxKTQ83/rPWnS/tOA==,type:str]
+vaultwarden_env: ENC[AES256_GCM,data:XW6kguaPOfPcf2J+Dve/pEUGD9V8d62vBaGFkeXt/FqjzSojUpvS/Bz4lj2AgMQHs/DeVnvoKl5nz/i6nisAfLhcz2JXn5keAAMOXg==,iv:C9PmNffXZzZtkmeshs8fD2DNIZKW61esNRp6pBkO+aU=,tag:bt+TavMjwR2k6IpYwhm9Yg==,type:str]
 sops:
    age:
        - recipient: age1ljpdczmg5ctqyeezn739hv589fwhssjjnuqf7276fqun6kc62v3qmhkd0c
@@ -10,8 +11,8 @@ sops:
            bWhRZS9oamtQYnRZVnI1clVGNytHWlkKb1hYwkqfSiMCVFOWraCiWoAU1Ua/U0Kc
            2UnXRByOST5hfKkTnpJ0765UATUny0K53H/ieMR0cyQxE3aCbk5AfA==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-12-18T17:56:54Z"
-    mac: ENC[AES256_GCM,data:/TofX/71rLHMpin9hhKcXQRTuCb+CXkTkHtZozuqSL0SHR0hTacLNZrmkPlzYlxmvzYsJekBOWTfrhxOD5cOhdOhfsZ/zhXi0e3RVDBPDE//faARYvbQ9IJGsDOGQzaZopwXx098MVNGj3NP6XqDgCI5aDXfL8Uklg0ORTXfPwE=,iv:Th7+EY9BdV8nmMi7rYQjgLN8nxDOwNSiWy3movkyIAw=,tag:caMd5aeQbaVAWbYJYe5K+A==,type:str]
+    lastmodified: "2026-01-26T13:35:26Z"
+    mac: ENC[AES256_GCM,data:aNkKvu/J+5WlVoYPffLg+jvIxIMR8NE5LbAP5asOauoaLAlnoXDhN+x3ipLoyoZ/VTxTnlYc2oiuSJBmc5LlGxrxYnhpYYoS+PES3cVuZdPo1AhvTDROsMgXKpa49yjzzLF4mNGwNZtCXxw47pwfRGidigRM5FgMhekvPKR4LGU=,iv:FPBulFijcQdHWampt+gY+6gfYY+GagBn+lFy4R9Q8Z8=,tag:/oCKV5McpQ3KnDZJdSjAGA==,type:str]
    pgp:
        - created_at: "2025-12-18T17:32:21Z"
          enc: |-