From db9dec5c79a47f6bc49d4cb9dac64873ef504511 Mon Sep 17 00:00:00 2001 From: kalipso Date: Mon, 26 Jan 2026 21:14:03 +0100 Subject: [PATCH] [vaultwarden] fix config --- machines/vaultwarden/configuration.nix | 30 +++++++++++++++----------- machines/vaultwarden/secrets.yaml | 7 +++--- 2 files changed, 22 insertions(+), 15 deletions(-) diff --git a/machines/vaultwarden/configuration.nix b/machines/vaultwarden/configuration.nix index 393b6ef..986a8b4 100644 --- a/machines/vaultwarden/configuration.nix +++ b/machines/vaultwarden/configuration.nix @@ -5,11 +5,18 @@ with lib; { sops.defaultSopsFile = ./secrets.yaml; sops.secrets = { - vaultUser = {}; - vaultPass = {}; + vaultwarden_env = { + owner = "vaultwarden"; + group = "vaultwarden"; + }; + + vaultwarden_smtp = { + owner = "vaultwarden"; + group = "vaultwarden"; + }; }; networking = { - hostName = mkDefault "uptimekuma"; + hostName = mkDefault "vaultwarden"; useDHCP = false; }; @@ -22,33 +29,32 @@ with lib; services.nginx = { enable = true; - virtualHosts."status.malobeo.org" = { + virtualHosts."keys.malobeo.org" = { locations."/" = { - proxyPass = "http://127.0.0.1:3001"; + proxyPass = "http://127.0.0.1:${toString config.services.vaultwarden.config.ROCKET_PORT}"; extraConfig = '' ''; }; - }; }; services.vaultwarden = { enable = true; - backupDir = ""; - enviromentDile = sops.nochewas.file ; + backupDir = "/var/local/vaultwarden/backup"; + environmentFile = config.sops.secrets.vaultwarden_env.path; config = { - DOMAIN = "keys.malobeo.org"; #maybe vault.malobeo.org + DOMAIN = "http://keys.malobeo.org"; SIGNUPS_ALLOWED = true; #WEBSERVER - ROCKET_ADDRESS = "::1"; + ROCKET_ADDRESS = "127.0.0.1"; ROCKET_PORT = 8222; ROCKET_LOG = "critical"; #EMAIL SMTP_HOST = "mail.systemli.org"; SMTP_PORT = 465; SMTP_SECURITY = "force_tls"; - SMTP_USERNAME = sops.smtpUser; - SMTP_PASSWORD = sops.smtpPass; + SMTP_USERNAME = "malobot@systemli.org"; + SMTP_PASSWORD = config.sops.secrets.vaultwarden_smtp.path; SMTP_FROM = "malobot@systemli.org"; SMTP_FROM_NAME = "Malobeo Vaultwarden Server"; diff --git a/machines/vaultwarden/secrets.yaml b/machines/vaultwarden/secrets.yaml index 417196b..9130d9b 100644 --- a/machines/vaultwarden/secrets.yaml +++ b/machines/vaultwarden/secrets.yaml @@ -1,4 +1,5 @@ -smtpUser: ENC[AES256_GCM,data:BsHFhpQtQ2Jhi3nuhJXjReJvbzU=,iv:jdSLeAgYj8JFSsLU3ZiVCG2ox8ZBo/HV6szCQUU5YWQ=,tag:XjS12SnmC6NNhWcTUvEhlA==,type:str] +vaultwarden_smtp: ENC[AES256_GCM,data:qO0aePdHhMORHBY7c4u0byO4IngEmYPe2gC3ASOwc3U=,iv:u6z9j94zNGp40Li+AyEeJPME7doJ7+tfKk4VfYVaGVU=,tag:gxvs6AxKTQ83/rPWnS/tOA==,type:str] +vaultwarden_env: ENC[AES256_GCM,data:XW6kguaPOfPcf2J+Dve/pEUGD9V8d62vBaGFkeXt/FqjzSojUpvS/Bz4lj2AgMQHs/DeVnvoKl5nz/i6nisAfLhcz2JXn5keAAMOXg==,iv:C9PmNffXZzZtkmeshs8fD2DNIZKW61esNRp6pBkO+aU=,tag:bt+TavMjwR2k6IpYwhm9Yg==,type:str] sops: age: - recipient: age1ljpdczmg5ctqyeezn739hv589fwhssjjnuqf7276fqun6kc62v3qmhkd0c @@ -10,8 +11,8 @@ sops: bWhRZS9oamtQYnRZVnI1clVGNytHWlkKb1hYwkqfSiMCVFOWraCiWoAU1Ua/U0Kc 2UnXRByOST5hfKkTnpJ0765UATUny0K53H/ieMR0cyQxE3aCbk5AfA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-12-18T17:56:54Z" - mac: ENC[AES256_GCM,data:/TofX/71rLHMpin9hhKcXQRTuCb+CXkTkHtZozuqSL0SHR0hTacLNZrmkPlzYlxmvzYsJekBOWTfrhxOD5cOhdOhfsZ/zhXi0e3RVDBPDE//faARYvbQ9IJGsDOGQzaZopwXx098MVNGj3NP6XqDgCI5aDXfL8Uklg0ORTXfPwE=,iv:Th7+EY9BdV8nmMi7rYQjgLN8nxDOwNSiWy3movkyIAw=,tag:caMd5aeQbaVAWbYJYe5K+A==,type:str] + lastmodified: "2026-01-26T13:35:26Z" + mac: ENC[AES256_GCM,data:aNkKvu/J+5WlVoYPffLg+jvIxIMR8NE5LbAP5asOauoaLAlnoXDhN+x3ipLoyoZ/VTxTnlYc2oiuSJBmc5LlGxrxYnhpYYoS+PES3cVuZdPo1AhvTDROsMgXKpa49yjzzLF4mNGwNZtCXxw47pwfRGidigRM5FgMhekvPKR4LGU=,iv:FPBulFijcQdHWampt+gY+6gfYY+GagBn+lFy4R9Q8Z8=,tag:/oCKV5McpQ3KnDZJdSjAGA==,type:str] pgp: - created_at: "2025-12-18T17:32:21Z" enc: |-