From ba9f2ccceef9bdbc95c951a3fb75f337f131a13e Mon Sep 17 00:00:00 2001 From: Myned Date: Sun, 9 Feb 2025 18:34:48 -0600 Subject: [PATCH] containers: add vaultwarden Signed-off-by: Myned --- options/custom/containers/vaultwarden.nix | 40 ++++++++++++++++++++++ profiles/server/default.nix | 1 + secrets/secrets.nix | 1 + secrets/server/vaultwarden/.env | Bin 0 -> 2463 bytes 4 files changed, 42 insertions(+) create mode 100644 options/custom/containers/vaultwarden.nix create mode 100644 secrets/server/vaultwarden/.env diff --git a/options/custom/containers/vaultwarden.nix b/options/custom/containers/vaultwarden.nix new file mode 100644 index 0000000..c972508 --- /dev/null +++ b/options/custom/containers/vaultwarden.nix @@ -0,0 +1,40 @@ +{ + config, + inputs, + lib, + ... +}: +with lib; let + cfg = config.custom.containers.vaultwarden; +in { + options.custom.containers.vaultwarden = { + enable = mkOption {default = false;}; + menu = mkOption {default = true;}; + }; + + config = mkIf cfg.enable { + age.secrets = let + secret = filename: { + file = "${inputs.self}/secrets/${filename}"; + }; + in { + "${config.custom.profile}/vaultwarden/.env" = secret "${config.custom.profile}/vaultwarden/.env"; + }; + + #?? arion-vaultwarden pull + environment.shellAliases.arion-vaultwarden = "sudo arion --prebuilt-file ${config.virtualisation.arion.projects.vaultwarden.settings.out.dockerComposeYaml}"; + + virtualisation.arion.projects.vaultwarden.settings.services = { + # https://github.com/dani-garcia/vaultwarden + # https://github.com/dani-garcia/vaultwarden/wiki + vaultwarden.service = { + container_name = "vaultwarden"; + env_file = [config.age.secrets."${config.custom.profile}/vaultwarden/.env".path]; + image = "vaultwarden/server:1.33.1"; + ports = ["8008:80"]; + restart = "unless-stopped"; + volumes = ["${config.custom.containers.directory}/vaultwarden/data:/data"]; + }; + }; + }; +} diff --git a/profiles/server/default.nix b/profiles/server/default.nix index b172170..9d485bf 100644 --- a/profiles/server/default.nix +++ b/profiles/server/default.nix @@ -24,6 +24,7 @@ #// owncast.enable = true; #// redlib.enable = true; #// searxng.enable = true; + vaultwarden.enable = true; }; services = { diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 9d64ac3..4d384a3 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -87,4 +87,5 @@ in { "server/searxng/.env".publicKeys = server; "server/users/myned.pass".publicKeys = server; "server/users/root.pass".publicKeys = server; + "server/vaultwarden/.env".publicKeys = server; } diff --git a/secrets/server/vaultwarden/.env b/secrets/server/vaultwarden/.env new file mode 100644 index 0000000000000000000000000000000000000000..9747da2a5536e274b1eede74adc2a53c943b7064 GIT binary patch literal 2463 zcmV;Q31IeNXJsvAZewzJaCB*JZZ2 z#OA~KMU<9Y61@KHaKMXbn^dX2&|okj;ssSfYfTK zS@m_fRJVM`F{1m`Ku5bXN?G3qx*u&}t~K!NaE319_{PTw##y-%hW+L^+j zu0=lBc1$<)oML~{>7INj$9US+ycn?=cq6)Q&&F_txzy%l9;yY9P28fK@)3xTVrJxK zf8Ul^1pMrUH^LZ0-}ZhTLzmYQ+EtF{ujcb-6-rC~cv6A(<@9 ztL0LgfQg7;6a?TnVH}^3(;WB--I@m;u#Ntb31BWR>8ZSoSrx!z>3ZajpJ zKW>{=p#a?D3^+kino5WDqf6ninfBg;X8Xk9FXa2B=&kZaOB_?wZ;~tu^-R~NzSXuy zZTT|%9#6NlU{u_5A#L?iDTHDLAeJM@XG^g z!Uh5_7dJG@Kr)tn%W3tPJ*0N>FM9(7%qZs8{TF%;gl18~ zgN}b`DERc}GpgLG%WCdP6IQ(a+g;@Y_}aSWaV+TW=dF=~##QU3;s#vlV9Nt)Zg110 z#_32uG&+NPDTjj78TC3}>rg_!I%urY0mYV;2mMOwp6U4<-S(KH;D(LZu#;S5w z!W5+G$XAGJfiCe#UgkgK#_T=ED?qsif7I_}`aE%YhUH{>pEq<*FXpT3&M1S46y&!; zp>^?FL>wq|joCu~cBYeJPAP1AOEaLzWaUfl_Ze zF27SKgXr%qkd(klIYMS-Y~1-ZKxR~?zJrQO6`VPLpU^+>g%3(Yiq#_iiyYkRY7{zF;(Eliuv z*KRFm5y<79!*${MK({+Tgvp}Jjv!$)3fbDtp69X<;1dF`cOlt=T&VcT#&-GUYsnZI za3dfXPY6O8rmchfHo!1$z}5(=v?5tmZD&A|zQtQjYkCC zXg4i8o<xU1kU$XP zfz6QP1?MoFrF=b-p|R#rN{Jr>cTaD*>+`vQ(AcfF5MXbMLD3($#GxRhQ3)OGO7L_n__(b zQrGrL-$=MZV==aj*NOec4vF{IuPG&Z2w%uAtx&Q9ZGFLT-uzKBce@8q>NbDJLS|;p zq5t<*#