From 73cc0e3674fed29db8e729be7e6e7bd799cb7100 Mon Sep 17 00:00:00 2001
From: ahtlon <git@ahtlon.de>
Date: Tue, 3 Feb 2026 22:03:55 +0100
Subject: [PATCH] [vaultwarden] change all secrets to use env file; add
 dummy.yaml

---
 machines/vaultwarden/configuration.nix |  6 ---
 machines/vaultwarden/dummy.yaml        | 64 ++++++++++++++++++++++++++
 machines/vaultwarden/secrets.yaml      |  7 ++-
 3 files changed, 67 insertions(+), 10 deletions(-)
 create mode 100644 machines/vaultwarden/dummy.yaml

diff --git a/machines/vaultwarden/configuration.nix b/machines/vaultwarden/configuration.nix
index 986a8b4..8ae1e29 100644
--- a/machines/vaultwarden/configuration.nix
+++ b/machines/vaultwarden/configuration.nix
@@ -9,11 +9,6 @@ with lib;
       owner = "vaultwarden";
       group = "vaultwarden";
     };
-
-    vaultwarden_smtp = {
-      owner = "vaultwarden";
-      group = "vaultwarden";
-    };
   };
   networking = {
     hostName = mkDefault "vaultwarden";
@@ -54,7 +49,6 @@ with lib;
       SMTP_PORT = 465;
       SMTP_SECURITY = "force_tls";
       SMTP_USERNAME = "malobot@systemli.org";
-      SMTP_PASSWORD = config.sops.secrets.vaultwarden_smtp.path;
 
       SMTP_FROM = "malobot@systemli.org";
       SMTP_FROM_NAME = "Malobeo Vaultwarden Server";
diff --git a/machines/vaultwarden/dummy.yaml b/machines/vaultwarden/dummy.yaml
new file mode 100644
index 0000000..33302f4
--- /dev/null
+++ b/machines/vaultwarden/dummy.yaml
@@ -0,0 +1,64 @@
+vaultwarden_env: ENC[AES256_GCM,data:dgEYC2VcGKrIvts9sw60kmEemhRdaaLWvsEQjAE52mAfhA29iLpB/sKXt3bxRGV8gpSF8OQoXdniWwCrDhOWUihawy2WFhLENamIyY4tVBOKkEtkhQDkoAhZ1VCShb1fgN+BzfM=,iv:zvg1uh8fxeHNFOq/DpicwAk+5j1fDogrnpTX5Ua0yDQ=,tag:rcyLE928+DQF41y4ztvMbQ==,type:str]
+sops:
+    age:
+        - recipient: age18jn5mrfs4gqrnv0e2sxsgh3kq4sgxx39hwr8z7mz9kt7wlgaasjqlr88ng
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1ZE9qK2tmTWxERklOSFdZ
+            bVVUbW5aajFrWkVBREZtallvS1dreGNFVjJFCmdBdGNQQzZkMUp4dzZUYTg1Tmgr
+            K3BmajYxY01jdVVubmRUUy8rNm9oVTgKLS0tIGNtTTQwWUdzaXpjVGt5aTEvUFZy
+            UWlGRzhPcDlVb0s2OGJTOTBVS2RKVDAKKyFK+ISjqbwOftiDn5uuIJfAl3fkX4C9
+            iNHl84utfFyeUnJJK59uX3YGY8B4wEG7L3/hPt9gLtuX6Ey64yusIA==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1ljpdczmg5ctqyeezn739hv589fwhssjjnuqf7276fqun6kc62v3qmhkd0c
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0Y1l4Uzd1TjlKbHpuQ01v
+            YnFFWWRNNU1relVHSTk4ZjE5eXdnS2czZWpBCnJwbmRhdUtkVDUrcnFJSmVmcjBJ
+            eVBDd0l5bEovZEpRdEZMTlFMUFJ1UjAKLS0tIGo5bEQ3Tis0aXcyc1JxSVRCeXFU
+            OXFDMHExSWQ4U0RleXBqaXBGcnhEUmsKmBGLpusD28V406Gz9uHV0N43J9wEWkY3
+            WJ8R2OjVeRfMmOriWLzEkHHJw+3DJc9abzSOoIS/ViN30MkhdqzOMA==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2026-02-03T20:56:51Z"
+    mac: ENC[AES256_GCM,data:zkykMvBMjSmyhSPFTvyeUVZZwu0Fb4cgXD4m4lWQWKEXiHeCHQEy6YIxqutdW6vjaO/P64Hk72OH4Dh/gDl+riMbWIpFwtkzIWvclqui+PmdMoRG7u8oLa7wE9C/zypTw0yzbREyeoouIZq4zzWZsCmljfgcYSpMpQxdWgYkkbU=,iv:WbW7NAZUb2B7421chzK9LDUEkpGJ9rvnuA3jW3VjlZs=,tag:HiOV2LSLqsv+XGrVB0MugQ==,type:str]
+    pgp:
+        - created_at: "2026-02-03T20:09:53Z"
+          enc: |-
+            -----BEGIN PGP MESSAGE-----
+
+            hQGMA5HdvEwzh/H7AQwAmyshbidzh+sGpxfFEAbvcLv02pt31PopMM9XzceV0z17
+            7MaJ8+qZpif1SMpyjNmrZ4vvBa/nGF55tHLGQ+jijsEqqOqnR1+MihxLBX71wRVj
+            G9VdoaSnlKTgXLbtimo7qRjNIm4UaONLIw9M7l4DwhUNxYucNEr2eFy2wzrNgmDF
+            As5NswJXap0maBb78ieevqlTa7mE5I9FyBgTDsMubBZpD9CU6+vav9KrYLwgDuKj
+            X2SFfIo3SJdZFHDTTS3e/DTpRRf80bJ5PDChiDZ3Qr3SmaV7m+0V2EMRT7duoZ7J
+            bremMsVJo+0RhuncLgIWXFDiqU43VVfriQJeTFFTaqzqqnWTn+1Nx1ORH5NmhBhk
+            qMi2Eqc7K15Q/0AU8lHYOOvYdn62OjdyJciCBq/hTSscEpRxJNvz5G+WChMJyU6X
+            PytHqw2mFNs3jx3DleAZat+SBD8aa1e4ORC5AIVVAaVdsT4a1lFJ5V1jlk5ddg55
+            tFPh2qOqGX4V6HBBZS740lgBo7EYNFeKleDKCN8jjJYyUUfC13JnaWJy/5/9xMyi
+            YtTh7w5lTFV349zlBZSLqPuunanGN+dylWSZZrp5XTw7Q/rpa7za5LwjcDQpwaY1
+            FaFNoImglFKQ
+            =C4re
+            -----END PGP MESSAGE-----
+          fp: c4639370c41133a738f643a591ddbc4c3387f1fb
+        - created_at: "2026-02-03T20:09:53Z"
+          enc: |-
+            -----BEGIN PGP MESSAGE-----
+
+            hQIMA98TrrsQEbXUAQ//Z6puWp6MFQZgNp95JMkCJyVMKAYDUJ4d/WRMWWxaA8pt
+            dtWokpON0st30dhXBGsicUGjAsM15gIuN3d5I2hDQqGA5Dt2LchBjdt392FoTpij
+            fdwUKpwhi91j71PrbRP1iCS6+66t5rDmUk8AWNv+9eA/4xJ+JQKgZWpBv19qbc9i
+            sb6IjhuZ3/m1Yooh7LywKUM/5qeWSeH5QFfpbhrCLLEmpL6W4/6LMl/HcF+on4h6
+            6bMZQoT+cFInBw9N3Rq4B8ffwahlkf2bv17k8sjEBvrH+rpFi85Kh0pBB8elPiUr
+            4zMJkuZZcv4YfUFoxSqVcUee5uen8RtoOHMM2tSuEq8Mjo86oIA95JkROhGLq9qz
+            NPq7k4DyotMf/2T6fZJ1nQOWAoH9ZJp4Q10qTc/Xg4xzWBlpwZh9oaLBw+HdUsYm
+            mP2ZvPw1/FHJuP2RhMz/kbEoeABm3JMGFPg1BmvVudZsr7kLpByPRGcKtm3qjARW
+            9+6fp0AYXw3C1fpYsQC+CwaSaw57GiiITtGTHCWR70yuV+G3ev/uqsFjj+96c8gy
+            h7hJaI0Ff2bFakkuwRb64UsY4FjJel1oyvDbW6y2IIswwYpzBEMV5ANzPGMIvw/G
+            x1+olgWwhXTaLZ9jIaVDfcZ2SL6v6VcMoOBhiWbeqdm+BFEkZsOitZARDIcl1trS
+            WAGu6rvESbtRp/G1ATxmP9xHCTfjNHKRj8D1eHfkObjFFG2DSL9BXozBBuvkJi8H
+            CPqVEOQZMheyU2ZnH1JNXQyANBAllEJ++XdFB5RvcTNxxeJS/APS9NM=
+            =zSyS
+            -----END PGP MESSAGE-----
+          fp: aef8d6c7e4761fc297cda833df13aebb1011b5d4
+    unencrypted_suffix: _unencrypted
+    version: 3.11.0
diff --git a/machines/vaultwarden/secrets.yaml b/machines/vaultwarden/secrets.yaml
index 9130d9b..2ff0d53 100644
--- a/machines/vaultwarden/secrets.yaml
+++ b/machines/vaultwarden/secrets.yaml
@@ -1,5 +1,4 @@
-vaultwarden_smtp: ENC[AES256_GCM,data:qO0aePdHhMORHBY7c4u0byO4IngEmYPe2gC3ASOwc3U=,iv:u6z9j94zNGp40Li+AyEeJPME7doJ7+tfKk4VfYVaGVU=,tag:gxvs6AxKTQ83/rPWnS/tOA==,type:str]
-vaultwarden_env: ENC[AES256_GCM,data:XW6kguaPOfPcf2J+Dve/pEUGD9V8d62vBaGFkeXt/FqjzSojUpvS/Bz4lj2AgMQHs/DeVnvoKl5nz/i6nisAfLhcz2JXn5keAAMOXg==,iv:C9PmNffXZzZtkmeshs8fD2DNIZKW61esNRp6pBkO+aU=,tag:bt+TavMjwR2k6IpYwhm9Yg==,type:str]
+vaultwarden_env: ENC[AES256_GCM,data:AsgpcUGW8y5WKL+9pOYemupgB6eVlMSLYj7uCFtYQFisjGcCwBFcGTKRpzMysroo32Ugicl8WImGybrmqdJ/Xht9lAx2ralNHrgSpps3QFg+c34LFVP/F1FO3Vk+jjU00XcV1uVghxpRh95HSTEVuu9kgjYeWpAQVqp68Ku2Dww=,iv:/9l4smzqPpB5Qr+mcroiLUnRg+9GQ+pmxF523N1bOIU=,tag:jBmrxvfA8HG1Gp1KHgwssw==,type:str]
 sops:
     age:
         - recipient: age1ljpdczmg5ctqyeezn739hv589fwhssjjnuqf7276fqun6kc62v3qmhkd0c
@@ -11,8 +10,8 @@ sops:
             bWhRZS9oamtQYnRZVnI1clVGNytHWlkKb1hYwkqfSiMCVFOWraCiWoAU1Ua/U0Kc
             2UnXRByOST5hfKkTnpJ0765UATUny0K53H/ieMR0cyQxE3aCbk5AfA==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2026-01-26T13:35:26Z"
-    mac: ENC[AES256_GCM,data:aNkKvu/J+5WlVoYPffLg+jvIxIMR8NE5LbAP5asOauoaLAlnoXDhN+x3ipLoyoZ/VTxTnlYc2oiuSJBmc5LlGxrxYnhpYYoS+PES3cVuZdPo1AhvTDROsMgXKpa49yjzzLF4mNGwNZtCXxw47pwfRGidigRM5FgMhekvPKR4LGU=,iv:FPBulFijcQdHWampt+gY+6gfYY+GagBn+lFy4R9Q8Z8=,tag:/oCKV5McpQ3KnDZJdSjAGA==,type:str]
+    lastmodified: "2026-02-03T20:58:16Z"
+    mac: ENC[AES256_GCM,data:zxM4GRwlcYoJF51Hbe0VfWvO9PrHQeCUTrGgiVgrP91qX51WTGWfCQfAVAouT3sEvE6Ie5bnAMUWjVjIrnRS6WUCQwUBwFYYUKIkJPooKwlvXRAuZ9UGZERi0/i43WKwB3/xSyVqRb9T5M6exjlkYCuE4Yv3lSEUiIn8fu/Zaas=,iv:D6f3V19E+4qukW8i9wKtNPKfYgD3OXztkICMhD24IzY=,tag:e97txZiaqDPxCLQUbNHwwg==,type:str]
     pgp:
         - created_at: "2025-12-18T17:32:21Z"
           enc: |-