add drive paths, update vaultwarden.nix in prep for scalpel
diff --git a/flake.nix b/flake.nix
index 8dab2a3..3b81fe7 100644
--- a/flake.nix
+++ b/flake.nix
@@ -60,7 +60,7 @@
users.mutableUsers = false;
}
];
- specialArgs = { base = null; };
+ specialArgs = { base = null; drive_paths = import ./variables/drive_paths.nix; };
};
in
base.extendModules {
diff --git a/modules/vaultwarden.nix b/modules/vaultwarden.nix
index c02d2f1..ca7893e 100644
--- a/modules/vaultwarden.nix
+++ b/modules/vaultwarden.nix
@@ -1,4 +1,4 @@
-{ pkgs, ... }: {
+{ pkgs, drive_paths, ... }: {
environment.systemPackages = with pkgs; [ vaultwarden ];
services.vaultwarden.enable = true;
@@ -17,20 +17,20 @@
SIGNUPS_DOMAINS_WHITELIST="clicks.codes,coded.codes,thecoded.prof,starrysky.fyi,hopescaramels.com,pinea.dev";
# TODO: Set folder locations for storing data.
- # RSA_KEY_FILENAME=data/rsa_key
- # ICON_CACHE_FOLDER=data/icon_cache
- # ATTACHMENTS_FOLDER=data/attachments
- # SENDS_FOLDER=data/sends
- # TMP_FOLDER=data/tmp
+ RSA_KEY_FILENAME="${drive_paths.root}/bitwarden/rsa_key";
+ ICON_CACHE_FOLDER="${drive_paths.root}/bitwarden/icon_cache";
+ ATTACHMENTS_FOLDER="${drive_paths.External4000HDD}/bitwarden/attachments";
+ SENDS_FOLDER="${drive_paths.External4000HDD}/bitwarden/sends";
+ TMP_FOLDER="${drive_paths.External4000HDD}/bitwarden/tmp";
DISABLE_2FA_REMEMBER=true;
# Admin Account
- ADMIN_TOKEN="$argon2id$v=19$m=100,t=2,p=10$dWVoN1llNTFpVHRXZXNicA$oXSZOeoCRxgA6aXBmRj0Ow";
+ ADMIN_TOKEN="!!ADMIN_TOKEN!!";
# Database Settings
- DATABASE_URL="postgresql://FILL_ME_IN:FILL_ME_IN@127.0.0.1:FILL_ME_IN/bitwarden";
+ DATABASE_URL="postgresql://bitwarden:!!clicks_bitwarden_db_secret!!@127.0.0.1:${}/bitwarden";
# Mail Settings
@@ -41,18 +41,18 @@
SMTP_PORT = 587;
SMTP_USERNAME="FILL_ME_IN";
- SMTP_PASSWORD="FILL_ME_IN";
+ SMTP_PASSWORD="!!SMTP_PASSWORD!!";
REQUIRE_DEVICE_EMAIL=true;
# YubiKey Settings
YUBICO_CLIENT_ID="89788";
- YUBICO_SECRET_KEY="FILL_ME_IN";
+ YUBICO_SECRET_KEY="!!YUBICO_SECRET_KEY!!";
# TODO: Buy a license
# HIBP Settings
- # HIBP_API_KEY="FILL_ME_IN";
+ # HIBP_API_KEY="!!HIBP_API_KEY!!";
};
}
\ No newline at end of file
diff --git a/secrets/postgres.json b/secrets/postgres.json
index 07c6fcd..0ef90cf 100644
--- a/secrets/postgres.json
+++ b/secrets/postgres.json
@@ -1,5 +1,6 @@
{
"clicks_grafana_db_password": "ENC[AES256_GCM,data:tFByC3OyhRLkDlfjwq3Kmc7PnTHWmkXpXuqOGb2AzA9dkAijPggPhgvCrbkY8/oL8QwQDaI24+XV3U/8A2UwLbzu0L5oaWV/E4EJbyvi8UKp8Wg8Au25E0nD5tJZm7QQ3FVERgoUefcB8AEPJ4Z8Rgx1PuoBeun9toT1GkJtmuYNNHpOcFrbmaI/Qf1MP+yFZLYjvB1jz07V04RGTv4jow61lWFknS2aPJyat43Ogp64lIkfjen7zCvj3CWghfJx87uxeXsnFHMrRwfONozUdw19Bq1uLUJ7xvPqDtr/1WKi1xvBe5ez7/PkPslNJlIToIlL89xN/lOm2iQR2BNeXg==,iv:ruC4PzKpWYsz2qe0KImUo0YhRt2cisYx306yfPtzi6c=,tag:U8vg7w1zyqXAWH3WzNAHFA==,type:str]",
+ "clicks_bitwarden_db_password": "ENC[AES256_GCM,data:57vOGaSralBt6w==,iv:b4ujdo16fqA3Ln277ubqp8cLeRlgldUoe5rFNjUmY5U=,tag:Ak79yTs6BkqwuyfYo3i4vg==,type:str]",
"sops": {
"kms": null,
"gcp_kms": null,
@@ -19,8 +20,8 @@
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByN0hMaXF2S2xiTTNqbm9h\nSGNieGNjNThJTk0wZXNQejBXaW9MOEp2akNFCm8rWVc3WG9pVndERFZzUnFOZnVG\naFBxTENlQ0x0ZjdqUHF6SFBPKzQ4bUEKLS0tIGVJTmdveTZrNTRiSTl0cHRQeWhl\nY2RmUTVQVTNoMFhLdkc3WFZEcHAycnMKqr42TSx7Pqcu62XgX4gj/iq2tbkZjFxg\nOcWBsLzqOsu/r0w5cK2Ple6JFGIJwmT2SqVqZh1pPbPwYHHXHbEphg==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
- "lastmodified": "2023-05-20T19:42:49Z",
- "mac": "ENC[AES256_GCM,data:UgiFqVr7UMXZUsbYtx7Q09Z9BwqXtAfqvaXybzsvT1XKFRaXnWT/XwjihU7EPjsDO9KzG3lXKln9DMzshAFJw3hjpN4D0LOmFySyduZl2qt5O/yKL7rrxhGgs57hITYB53DQvbkJ87W2sRAdpJlKWB1rrJ5J6RCqoxG/A3HjDAY=,iv:earJ7dyBUR2BGUVG7OhxgWMsPJl+JRB5xbKCe64AA7Q=,tag:UcuGo+aSfMkCHWtg8IDOSA==,type:str]",
+ "lastmodified": "2023-06-13T18:27:44Z",
+ "mac": "ENC[AES256_GCM,data:bonRKaRPC5oSlNll4gA2vcOFz2qhmN7JOQftTsHOvsoWjxbFk6gUbvwcc0qHXEClgqnRvbhcKu/ngBlp/w8NpmpzwOhWc023xDOsSheS5U3PwCfh5UIhxWEkaTtxvSScqN5EdwWAAPuSPB6Pdwg1oaS25dI5YCh0tHR56Soizu0=,iv:+pcWDLpEHw/BiTBucYbPTvju1W6sYa1+sW+FIuc6+Qw=,tag:kAjxBms7dXP04TaMRalbAA==,type:str]",
"pgp": null,
"unencrypted_suffix": "_unencrypted",
"version": "3.7.3"
diff --git a/variables/drive_paths.nix b/variables/drive_paths.nix
new file mode 100644
index 0000000..e75cdd9
--- /dev/null
+++ b/variables/drive_paths.nix
@@ -0,0 +1,7 @@
+{
+ root = "/";
+ Internal120SSD = "/mnt/120InternalSSD"; # /dev/disk/by-uuid/3051c23d-143a-4344-8ad9-e0a8cf3b8a3d
+ External1000SSD = "/mnt/1000ExternalSSD"; # /dev/disk/by-uuid/24d30ffe-91ed-4e41-b40d-f42b02e144a9
+ External2000HDD = "/mnt/2000ExternalHDD"; # /dev/disk/by-uuid/77866be0-869c-44f7-b375-0edb76fb1895
+ External4000HDD = "/mnt/4000ExternalHDD"; # /dev/disk/by-uuid/dda57e4d-81b7-4f52-b3ac-f14544b3aaf4
+}
\ No newline at end of file