From b0ffe238e9a07874ea14373d108d3f11c6894192 Mon Sep 17 00:00:00 2001 From: Natsu Kagami Date: Thu, 10 Aug 2023 20:49:16 +0200 Subject: [PATCH] Enable bitwarden admin --- modules/cloud/bitwarden/default.nix | 10 +++++++++- nki-personal-do/configuration.nix | 3 +++ nki-personal-do/secrets/secrets.yaml | 6 ++++-- 3 files changed, 16 insertions(+), 3 deletions(-) diff --git a/modules/cloud/bitwarden/default.nix b/modules/cloud/bitwarden/default.nix index 0c0d780..93a99f5 100644 --- a/modules/cloud/bitwarden/default.nix +++ b/modules/cloud/bitwarden/default.nix @@ -15,7 +15,13 @@ let host = "bw.nkagami.me"; in { - options.cloud.bitwarden = { }; + options.cloud.bitwarden = { + envFile = mkOption { + type = types.nullOr types.path; + description = "Path to the env file containing stuff"; + default = null; + }; + }; config = { # users @@ -53,10 +59,12 @@ in DOMAIN = "https://${host}"; }; + serviceConfig = { User = user; Group = user; ExecStart = "${pkgs.unstable.vaultwarden-postgresql}/bin/vaultwarden"; + EnvironmentFile = lists.optional (cfg.envFile != null) cfg.envFile; LimitNOFILE = "1048576"; PrivateTmp = "true"; PrivateDevices = "true"; diff --git a/nki-personal-do/configuration.nix b/nki-personal-do/configuration.nix index f5977ee..59df9d2 100644 --- a/nki-personal-do/configuration.nix +++ b/nki-personal-do/configuration.nix @@ -100,6 +100,9 @@ cloud.traefik.hosts.uptime-kuma-dtth = { host = "status.dtth.ch"; port = 16904; }; cloud.traefik.hosts.uptime-kuma-codefun = { host = "status.codefun.vn"; port = 16904; }; + # Bitwarden + sops.secrets.vaultwarden-env = { }; + cloud.bitwarden.envFile = config.sops.secrets.vaultwarden-env.path; # Arion virtualisation.arion.backend = "docker"; diff --git a/nki-personal-do/secrets/secrets.yaml b/nki-personal-do/secrets/secrets.yaml index 938d983..62bfb91 100644 --- a/nki-personal-do/secrets/secrets.yaml +++ b/nki-personal-do/secrets/secrets.yaml @@ -34,6 +34,8 @@ writefreely-dtth: ENC[AES256_GCM,data:Q2b3eCr5GLLyBMrGlTUSIuMN/vZXmMZV8T56+t7Rjc matrix-synapse-dtth: oidc-config: ENC[AES256_GCM,data:06lv5ejqnQ1jBAhCBxXY3nNulXFnDt/S2ycma9+hlG6mSMGfRfIcfDZfKOfUUuV2uMI7ix4r0QdM3351VucvnWCZZlXz5YpVgNg1YZDvtSQxe3SJqKj/y3u+nYbPPIRgACiFpiajBeEvS/evIT8+Ty3myDVPHovYkuCb0U1eD3/xGK38lx6+H3Cjk3LyszMg1EwXdkDjbcDVYDhSEelkB9rWXH1vw5qNZOzGgIoYEe6ppMmPZjpUM9jyounuF/+FzLbkWz6YvY4zWD5fND5fFdT4AA1e1jzCLQIsaVZ8N6co5lwzfBfydLosEy+h/COv1wzvfXiEjNi4f+2Ol7kSu4+G3u3V6EcqTyVjj38oTLaAx1cG9pnPmAc/zTUCmepITAWysvuzIVd8gwde1CheANLp1WnQrAAKJiHv/6bxPoi0ROu0BpQqupU9XUcTXRysuTjBH5/ABjlvk8lTiFi8Ryt7KzC23kPWf541B8BO/yfpmq8mheMz1AYm+fkTZOqKgkfm4NStN58oiYn6NEyWpuaAx7DEUgO/MIrIKXfTzGCT++33Cnr41fLSqWgqIUhBxd9P1s3cYk942UxC2VdKf1qq6IGZK4iq8T1FUoXqmTnjEfwvTm2hDkZqwEdvkKZUolKvnsZL44KRBow/LMGGsDDFoOMsMT9MqE2fBGOudTnHncs3I/T7eEDnHH+z+60Axo6mKGwmaHRHeqeiV4OIrPmM5X8uUIWvKoNsY3UvL/VgKA2Zh7wm8irB0rgcaKDW6QMmJIxqd3RK9WwmOT4hPy/SC5nm1ZRlag/f+H6q+WOtEaK+,iv:5pYzz4QzKHVhHh+YFnerD5Q2S93stqBKILM2sxD23Fc=,tag:V0rVa/nTH3hv77Z8KOQOiw==,type:str] appservice-discord: ENC[AES256_GCM,data:lAAEa6ltXi29+POrG87bMAvv8du3DiGYl8f7npqW0ga3YgrvofgYnC8QJUyznIQ3Ye9yWxzjzaClu7viFgkN0yIXlpENIOcSTrdlMgg5mdJ8f9elltp/VPiwVimubPa8QnpLNRy/NAEVpDFygw9VOM+Fu203M/pofK0qX6NfO9PeQGma1iKQeMKrV/6RwjF+70rnTMEhO0PCyTl2PEwZiDtkxgI7Yyl37p8bUuJ4YZ5MhZN94lODb+toPaN29BZT4q23VrJmxiW3VEeJj+tEmx4X+KeCO5AArtPl9YOkoRt/uSRKljsf109AIiclRj0wITqOx/QL2qntFuAidxTm8MoJQ6eoq/bwQp/BUpPubIMeY+z2b8XIgZGZSPZMdaObvaqDFdMLq7GW61GxYKFgNxHYA4uhndbE5VDNkcFkw4FEC5x40fwqGaunmqvAdb3p4I9EhlQ28e5S+hX1FFrMHjsJWlnjSySDRjCodJMtep19J+qVVgyf5A==,iv:PBo7+OSqBGxI7DzUpclcGWEFwTpcNqySRJzqHu7medU=,tag:fi06xru3e92WfqOJxHXd2w==,type:str] +#ENC[AES256_GCM,data:iOzQ7k/EJPjMhjdl4do0VZ0UblYW/oKzGHfdghJ7BR/QiLD5QVfwPmN7gctVftD1wAveOvdAl9s93cDBLAF5eVCi/gfTBrXJ3MKvAZ8vCEVQtdlZl37GrDCsV54EHt7I3d6F6nX9EAG0cF/pT25JyFqGDRgFUJVDPUVG7x8tr+q38BjWgNHRXQ==,iv:VOwPsPU/9jx6MAnnnS1d1JAAfKfdFqq5G64AHqJuG9A=,tag:iw11y5UXxEPxeGhykoHVkw==,type:comment] +vaultwarden-env: ENC[AES256_GCM,data:Cj1CWuPB8Tc/8E1suAoAw5MK8egzy5KLTIyIAkRuVVRNmjiBq0wEw23m4/VKz4Pq/FmUj6BGyLD0zXTp9AMlGugaDDlyihmCTt0FJOCaG3g0vrLfTY5jGnZCNR1B3fX3kf/yI/nvQsl8OqsKkTf66YznzUWtetKGa0KZICmvq/HW9Cjh+Q==,iv:Q2zGh84hPwthPeMsZbYgpZu2br2rWtaG6rcsKjtlUvQ=,tag:IllbcJz91qg08IFU1vnMWA==,type:str] sops: kms: [] gcp_kms: [] @@ -67,8 +69,8 @@ sops: by9kZFlTRVdCZFkxYTVVb0RIRk8zUlkKCqMw9oL9RaYBV5Hhy3o8Nm5xmGrPH8Sd hv36sxRFFNZT/DCKaHaSRbT3mfpBZSTXJt1dgl4nZe6whH54t/1KmA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-06-24T15:00:57Z" - mac: ENC[AES256_GCM,data:YScpMiCWfnVj9BhFGxcYwZ1+Su/nKiCS4EKTDrxjzQWHn/2nlJm1aOQ8NnP1xOaWj50STCLu32Zb1Gw+9JMejti4d90xit9WP0KpwmiHjPN5NjiM90DUkXD/Oz5BAQ0XKvjYnjrKMo/b+WQjuCzR9DfGNLIAFyPlzbfT/90pH80=,iv:OygOtvtKJ4/0+rt9Y49vgjU4hRpWL4rY8iOP8zIZh5w=,tag:ckjytQvd8h8TGZuob2wqJg==,type:str] + lastmodified: "2023-08-09T07:39:16Z" + mac: ENC[AES256_GCM,data:xljlzQbsRf+JRlL/N/DEW6rta392Yk/DzKN5goyJlMuAZq56E1GQYSflS2bKQQlEIKv+y/jzsFPQpe2qeIdNhvjb2c6G/WjvBiodYZ4O5tnih9Aou86H1zr3qdtc55ovgOg3WwzKJhe1KAeAPXn7T+7xSpZ3ATrN0Pe0r+r/IjY=,iv:EmpuS5jv8jBXouwsDH8MpmeRvhJoF1rDDdc79/euzYg=,tag:II4M1FrS6foUiKe55cOpfQ==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.7.3