made a whoopsie
diff --git a/.sops.yaml b/.sops.yaml
index 0c67bd5..e9b72bc 100644
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -1,9 +1,11 @@
keys:
- &clicks_minion age15mv77dpnh5762gk5rsw2u79uza4tg8cu6r3nlwjudlzmdqqck3ss6mg9dy
+ - &clicks_coded age1m7k864feyuezllp2hj4edkccn36rthrvfw969j6f0l3c0mhh5emsnfx6pd
- &server_dc1 age1fxxnmkeuqhhct93c43pwkzhuzzq8857s5hye6pgfpku70kjn4ecqtamfqr
creation_rules:
- path_regex: secrets/.*
key_groups:
- age:
- *clicks_minion
+ - *clicks_coded
- *server_dc1
diff --git a/modules/caddy.nix b/modules/caddy.nix
index a76672e..e3309fe 100644
--- a/modules/caddy.nix
+++ b/modules/caddy.nix
@@ -2,7 +2,7 @@
services.caddy.enable = true;
services.caddy.configFile = lib.pipe ./caddy/caddyfile.nix [
import
- (f: f { inherit pkgs lib; })
+ (f: f { inherit pkgs lib config; })
builtins.toJSON
(pkgs.writeText "caddy.json")
];
diff --git a/modules/caddy/caddyfile.nix b/modules/caddy/caddyfile.nix
index 8ebf226..ec0d82b 100644
--- a/modules/caddy/caddyfile.nix
+++ b/modules/caddy/caddyfile.nix
@@ -73,7 +73,7 @@
];
};
in
-{ pkgs, lib }: {
+{ pkgs, lib, config }: {
apps = {
http.servers = {
srv0 = {
@@ -279,6 +279,7 @@
};
}
))
+ (HTTPReverseProxyRoute [ "passwords.clicks.codes" ] [ "localhost:${config.services.vaultwarden.config.ROCKET_PORT}" ])
];
};
srv1 = {
diff --git a/modules/vaultwarden.nix b/modules/vaultwarden.nix
index 8eba3ed..c02d2f1 100644
--- a/modules/vaultwarden.nix
+++ b/modules/vaultwarden.nix
@@ -1,4 +1,4 @@
-{ pkgs... }: {
+{ pkgs, ... }: {
environment.systemPackages = with pkgs; [ vaultwarden ];
services.vaultwarden.enable = true;
@@ -47,7 +47,7 @@
# YubiKey Settings
- YUBICO_CLIENT_ID="FILL_ME_IN";
+ YUBICO_CLIENT_ID="89788";
YUBICO_SECRET_KEY="FILL_ME_IN";
diff --git a/secrets/vaultwarden.json b/secrets/vaultwarden.json
new file mode 100644
index 0000000..c1bcb68
--- /dev/null
+++ b/secrets/vaultwarden.json
@@ -0,0 +1,31 @@
+{
+ "ADMIN_TOKEN": "ENC[AES256_GCM,data:kbtCkvQJcIZ4sQbnTXCYj864WQywrd/98v3VOynoiIw8xd/H0orOX0QZ7zZDuHbbAukOul5ZUzjPah5razGMEECIkhWqVYnAtyhr,iv:UTrKoA8uhNaUT7nDfBMzMkHpLq/gpl9+nrx5ySnNGEc=,tag:dQgR4m9neYKvLzwMlzHGag==,type:str]",
+ "SMTP_PASSWORD": "ENC[AES256_GCM,data:UdICw05COL/YmQ3x6JUuIQTyde1/XGK916DSpHpCf7xOOV5j/yjMNXQWh0J46lPMLwoKPqjx4L8oPEDr,iv:5QMUlTXWCUlCiqqCsc5t8En3wZitH5ygWXf9O3wNZoE=,tag:TIQtGWNfsRv1WgKzAmfJNg==,type:str]",
+ "YUBICO_SECRET_KEY": "ENC[AES256_GCM,data:AfUPdtEYUMPLLm3omfTD4IhHG4B5SQ6df1ZfvQ==,iv:rP66dYyeOsqkN+ZD80U/5jj//PWn7Ox++1L4OETX4m0=,tag:EiujU9WcLs7M1hMMR5UIHQ==,type:str]",
+ "HIBP_API_KEY": "ENC[AES256_GCM,data:ZODeXVLFsw==,iv:lEybxmKCQ8SbssGWE3UqSagz5M97o2CWGW0HAiqJyD8=,tag:c0uT1dKtln5frysnjS0UPA==,type:str]",
+ "sops": {
+ "kms": null,
+ "gcp_kms": null,
+ "azure_kv": null,
+ "hc_vault": null,
+ "age": [
+ {
+ "recipient": "age15mv77dpnh5762gk5rsw2u79uza4tg8cu6r3nlwjudlzmdqqck3ss6mg9dy",
+ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRSUI4bURzU1drY3d6MXBX\nckltTHBObUVQWG9lWHNEamlMWEJNT05ZckNrCjNCYzYya3Z6ZEFrb0k2OXRqZ3hh\ndFo5SS8zcml3WWl1WWs0bmgwNkx6UzAKLS0tIFFHQndIY1hPUTdFUldweGNHTXlM\nQ3U4WlR5TFM0Q3I3RWVUT29MaUowUUkKSYUHWRvFfqy+enKlEEoNIQ6Ri4MXp+VH\n9iFdhVK78dYXtP44SukMbzCiDczm/mY6s4GUPt+2im5gSnPSnTeSzQ==\n-----END AGE ENCRYPTED FILE-----\n"
+ },
+ {
+ "recipient": "age19tnceu3prhg6pyyl7cm6rpg27tdu3xg4vr672pw6czdwq0xvw9tszwc6rn",
+ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzRGo4cElleTUrL09kTlBH\nY0FEMXY3Mm4zWUVodTBBUjBmV0JjbWZQZG1FCnNpMjFhdE80TEJ4OUZybmkveHJt\nSzhEbjAvV0xEUkRETEFteFVDajFGalkKLS0tIFBkUHVsTnZxYkhqR0prckl2S0hw\nS2thMXZqL05NSXhCdUprN1l0Rm41REUKsHoaD4Y6uUeVFVwkhATQ1/M3ebskpQ7F\nkX1ebw6Cmz259BsrMiDB9KSQ3wyheb7zvMrc0iSb2VXeW7ZVpfRjyA==\n-----END AGE ENCRYPTED FILE-----\n"
+ },
+ {
+ "recipient": "age1fxxnmkeuqhhct93c43pwkzhuzzq8857s5hye6pgfpku70kjn4ecqtamfqr",
+ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIQnRzdG52NVZqNkwzQXRr\nWlZYdC92SFFXT1lYTjZqQjhpR0FNL2gxMkVNCjRiaHQzZEFxTndFNHZTOFZEbGw3\nUG5xNnIxNFdjdGpSL3F0UDg5S0xhVDQKLS0tIGVDSHo4eDNSYTIxejV6YzhobUFV\nL3h4emlNQWc4YkRvNFNjc2d0MDBPTzQK+SNP9B1FtnjADXEaelBJdxnouQ+JbS+F\nkmtBoid2EcRtvdnBr+qD9kabsXfYwRiTFxcPHnyAN0Jx8bJyuMW7aQ==\n-----END AGE ENCRYPTED FILE-----\n"
+ }
+ ],
+ "lastmodified": "2023-06-13T16:56:57Z",
+ "mac": "ENC[AES256_GCM,data:WbnHPT/N4XUdTsUb4ousd7Tt/3FY+yHEwMt0PEQAySnjudQBO0ygtZoQHl9ot/9TUMgb12w35nx3pG4BGmS/BBDUuMNiUsmzG6ct1a1Wa6o60VbSSjftXJ36Jipz6rse7o708UlJd3D7xWcUOxA6xgwHZfNgG//dLmVjpLkIG6E=,iv:SckbBqSi7n79Km/GeG4LkpedSZ6tl4jyqSnjr/1r/3g=,tag:oCdW2dpzrChjwL9k6g8GcA==,type:str]",
+ "pgp": null,
+ "unencrypted_suffix": "_unencrypted",
+ "version": "3.7.3"
+ }
+}
\ No newline at end of file