Add vaultwarden
diff --git a/modules/vaultwarden.nix b/modules/vaultwarden.nix
index d209813..771f16c 100644
--- a/modules/vaultwarden.nix
+++ b/modules/vaultwarden.nix
@@ -1,4 +1,5 @@
-{ base, pkgs, drive_paths, lib, config, ... }: {
+{ base, pkgs, drive_paths, lib, config, ... }:
+lib.recursiveUpdate {
environment.systemPackages = with pkgs; [ vaultwarden ];
services.vaultwarden.enable = true;
@@ -16,7 +17,7 @@
}))
builtins.listToAttrs
];
-} // (
+} (
let
isDerived = base != null;
in
@@ -26,7 +27,7 @@
then
with lib;
let
- cfg = services.vaultwarden;
+ cfg = config.services.vaultwarden;
vaultwarden_config = {
# Server Settings
@@ -39,12 +40,13 @@
SIGNUPS_ALLOWED = false;
INVITATIONS_ALLOWED = true;
SIGNUPS_DOMAINS_WHITELIST = "clicks.codes,coded.codes,thecoded.prof,starrysky.fyi,hopescaramels.com,pinea.dev";
+ SIGNUPS_VERIFY = true;
- RSA_KEY_FILENAME = "${drive_paths.External1000SSD}/bitwarden/rsa_key";
- ICON_CACHE_FOLDER = "${drive_paths.External1000SSD}/bitwarden/icon_cache";
- ATTACHMENTS_FOLDER = "${drive_paths.External4000HDD}/bitwarden/attachments";
- SENDS_FOLDER = "${drive_paths.External4000HDD}/bitwarden/sends";
- TMP_FOLDER = "${drive_paths.External4000HDD}/bitwarden/tmp";
+ RSA_KEY_FILENAME = "${drive_paths.External1000SSD.path}/bitwarden/rsa_key";
+ ICON_CACHE_FOLDER = "${drive_paths.External1000SSD.path}/bitwarden/icon_cache";
+ ATTACHMENTS_FOLDER = "${drive_paths.External4000HDD.path}/bitwarden/attachments";
+ SENDS_FOLDER = "${drive_paths.External4000HDD.path}/bitwarden/sends";
+ TMP_FOLDER = "${drive_paths.External4000HDD.path}/bitwarden/tmp";
DISABLE_2FA_REMEMBER = true;
@@ -53,17 +55,18 @@
# Database Settings
- DATABASE_URL = "postgresql://vaultwarden:!!clicks_bitwarden_db_secret!!@127.0.0.1:${config.services.postgresql.port}/vaultwarden";
+ DATABASE_URL =
+ "postgresql://vaultwarden:!!clicks_bitwarden_db_secret!!@127.0.0.1:${toString config.services.postgresql.port}/vaultwarden";
# Mail Settings
- SMTP_HOST = "127.0.0.1";
+ SMTP_HOST = "mail.clicks.codes";
SMTP_FROM = "bitwarden@clicks.codes";
SMTP_FROM_NAME = "Clicks Bitwarden";
SMTP_SECURITY = "starttls";
SMTP_PORT = 587;
- SMTP_USERNAME = "FILL_ME_IN";
+ SMTP_USERNAME = "bitwarden@clicks.codes";
SMTP_PASSWORD = "!!SMTP_PASSWORD!!";
REQUIRE_DEVICE_EMAIL = true;
diff --git a/secrets/vaultwarden.json b/secrets/vaultwarden.json
index 4de32f1..310e3b9 100644
--- a/secrets/vaultwarden.json
+++ b/secrets/vaultwarden.json
@@ -1,6 +1,6 @@
{
"ADMIN_TOKEN": "ENC[AES256_GCM,data:kbtCkvQJcIZ4sQbnTXCYj864WQywrd/98v3VOynoiIw8xd/H0orOX0QZ7zZDuHbbAukOul5ZUzjPah5razGMEECIkhWqVYnAtyhr,iv:UTrKoA8uhNaUT7nDfBMzMkHpLq/gpl9+nrx5ySnNGEc=,tag:dQgR4m9neYKvLzwMlzHGag==,type:str]",
- "SMTP_PASSWORD": "ENC[AES256_GCM,data:UdICw05COL/YmQ3x6JUuIQTyde1/XGK916DSpHpCf7xOOV5j/yjMNXQWh0J46lPMLwoKPqjx4L8oPEDr,iv:5QMUlTXWCUlCiqqCsc5t8En3wZitH5ygWXf9O3wNZoE=,tag:TIQtGWNfsRv1WgKzAmfJNg==,type:str]",
+ "SMTP_PASSWORD": "ENC[AES256_GCM,data:nwCyO8kOgipt6jPNJVYb45IwiBB2MDRu3qMnPs88VMgW19xW4Yfv3aRvmr6C3huPP7UbSaay2WlrPXin,iv:ur5g8wu4MTMIjbSc3vfMJvdkz7ue0hCRgApFVn9jY4s=,tag:cG3gPyrcOl+ubGwMEcSgkg==,type:str]",
"YUBICO_SECRET_KEY": "ENC[AES256_GCM,data:AfUPdtEYUMPLLm3omfTD4IhHG4B5SQ6df1ZfvQ==,iv:rP66dYyeOsqkN+ZD80U/5jj//PWn7Ox++1L4OETX4m0=,tag:EiujU9WcLs7M1hMMR5UIHQ==,type:str]",
"HIBP_API_KEY": "ENC[AES256_GCM,data:ZODeXVLFsw==,iv:lEybxmKCQ8SbssGWE3UqSagz5M97o2CWGW0HAiqJyD8=,tag:c0uT1dKtln5frysnjS0UPA==,type:str]",
"sops": {
@@ -22,8 +22,8 @@
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUd2ZiN1F6Q25IN3BpbTRG\nSXI4OW1PdG5rb2krai94ck0wZFh5enBJSFZBCjRnNHB5c1BmNEJIb3FiUEFmQjlV\nKzNpOUJBYzhvd1JSZDZidWVLMVpnZjAKLS0tIFBsOXllU0VZS3NmZDJTZm80bzNp\nazlOUjFPT0MxREVFNVhINVliYm5vRG8KSWa74oUBA4XnnN296zlRvCyhUr2qkm1j\nXlMbq8gYpoL8ttqqyoXfevY7ifezt+U2ookzlONXe52ZENShLofqZg==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
- "lastmodified": "2023-06-13T16:56:57Z",
- "mac": "ENC[AES256_GCM,data:WbnHPT/N4XUdTsUb4ousd7Tt/3FY+yHEwMt0PEQAySnjudQBO0ygtZoQHl9ot/9TUMgb12w35nx3pG4BGmS/BBDUuMNiUsmzG6ct1a1Wa6o60VbSSjftXJ36Jipz6rse7o708UlJd3D7xWcUOxA6xgwHZfNgG//dLmVjpLkIG6E=,iv:SckbBqSi7n79Km/GeG4LkpedSZ6tl4jyqSnjr/1r/3g=,tag:oCdW2dpzrChjwL9k6g8GcA==,type:str]",
+ "lastmodified": "2023-06-14T22:17:50Z",
+ "mac": "ENC[AES256_GCM,data:Lsg0g+pF2vP5PYg2dcECQ6lMhlzv7K/vTI8oUCZ54U+UAJwewLlg3jIe7dfaonhn/rVUVQO3DQ1jfzNKEmccZCjAmOvRyAse/yk2wtHbQ8MoctQuk3rgc7ElD+7fU6UUabC505VqNvEM4t8n1Q83Jtye8fynYZRy5G2TLgRCZIc=,iv:S01rfpLSIURdc74AhyQe6R/uw3HWH0PDsX6xn36MT1Q=,tag:JrAuO9QR4pwehyjIB41meA==,type:str]",
"pgp": null,
"unencrypted_suffix": "_unencrypted",
"version": "3.7.3"