From ba9f2ccceef9bdbc95c951a3fb75f337f131a13e Mon Sep 17 00:00:00 2001
From: Myned <dev@bjork.tech>
Date: Sun, 9 Feb 2025 18:34:48 -0600
Subject: [PATCH] containers: add vaultwarden
Signed-off-by: Myned <dev@bjork.tech>
---
options/custom/containers/vaultwarden.nix | 40 ++++++++++++++++++++++
profiles/server/default.nix | 1 +
secrets/secrets.nix | 1 +
secrets/server/vaultwarden/.env | Bin 0 -> 2463 bytes
4 files changed, 42 insertions(+)
create mode 100644 options/custom/containers/vaultwarden.nix
create mode 100644 secrets/server/vaultwarden/.env
diff --git a/options/custom/containers/vaultwarden.nix b/options/custom/containers/vaultwarden.nix
new file mode 100644
index 0000000..c972508
--- /dev/null
+++ b/options/custom/containers/vaultwarden.nix
@@ -0,0 +1,40 @@
+{
+ config,
+ inputs,
+ lib,
+ ...
+}:
+with lib; let
+ cfg = config.custom.containers.vaultwarden;
+in {
+ options.custom.containers.vaultwarden = {
+ enable = mkOption {default = false;};
+ menu = mkOption {default = true;};
+ };
+
+ config = mkIf cfg.enable {
+ age.secrets = let
+ secret = filename: {
+ file = "${inputs.self}/secrets/${filename}";
+ };
+ in {
+ "${config.custom.profile}/vaultwarden/.env" = secret "${config.custom.profile}/vaultwarden/.env";
+ };
+
+ #?? arion-vaultwarden pull
+ environment.shellAliases.arion-vaultwarden = "sudo arion --prebuilt-file ${config.virtualisation.arion.projects.vaultwarden.settings.out.dockerComposeYaml}";
+
+ virtualisation.arion.projects.vaultwarden.settings.services = {
+ # https://github.com/dani-garcia/vaultwarden
+ # https://github.com/dani-garcia/vaultwarden/wiki
+ vaultwarden.service = {
+ container_name = "vaultwarden";
+ env_file = [config.age.secrets."${config.custom.profile}/vaultwarden/.env".path];
+ image = "vaultwarden/server:1.33.1";
+ ports = ["8008:80"];
+ restart = "unless-stopped";
+ volumes = ["${config.custom.containers.directory}/vaultwarden/data:/data"];
+ };
+ };
+ };
+}
diff --git a/profiles/server/default.nix b/profiles/server/default.nix
index b172170..9d485bf 100644
--- a/profiles/server/default.nix
+++ b/profiles/server/default.nix
@@ -24,6 +24,7 @@
#// owncast.enable = true;
#// redlib.enable = true;
#// searxng.enable = true;
+ vaultwarden.enable = true;
};
services = {
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 9d64ac3..4d384a3 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -87,4 +87,5 @@ in {
"server/searxng/.env".publicKeys = server;
"server/users/myned.pass".publicKeys = server;
"server/users/root.pass".publicKeys = server;
+ "server/vaultwarden/.env".publicKeys = server;
}
diff --git a/secrets/server/vaultwarden/.env b/secrets/server/vaultwarden/.env
new file mode 100644
index 0000000000000000000000000000000000000000..9747da2a5536e274b1eede74adc2a53c943b7064
GIT binary patch
literal 2463
zcmV;Q31IeNXJsvAZewzJaCB*JZZ2<fXD@a!3N1b$b8~1dWn?lnH8D9LI7K#UI8h))
zS4UD!YBfesb45*Mb9PryMS4zTa!6Hpcy)73OfhjUZdF1#SyE;%MKB6waCdq|Qc!6|
zXIg1ST5eEmNlZp@SWISQZfkBhGi_9OL1$T4FF0^FGG_`cJ|J^*Xf0)AGBq_ZIUsXp
zczSP9AWm#laav|#crtBhH90m)M@m+3R9HEAaBx*bT6JMBS7dWbQ(<~zS$0)b3O904
zcuYBZYhi9@P)AEvZf9;mdO1)@Fn2XkL31%fPc%hwWnpbHD_1r+3N1b$b8~1dWn?ln
zH8D9LX?Hegac3Yhc5Y@`Rc&)NV_8LPRaa+jP;7Q{T4Q=SMOSw#Q*SF}NKsm8W^PtS
zFfa;ENN7iEGgd=qa(6*<QbKEHW_o!_cUd)9P<Cr{S#V2MFE}$)Hfnl8XHg0*EiE8J
zXjL|KYcX$cNqRCxIZ<|5N<~6LadvocbVgQFNj6GNR#bU-Rx@j8XIToC)1#Nl$&GB>
z#OA~KMU<Q<poE5-6n|_)vIAre=8^qgq8clUaHn!segPj_MH*uiw38<f?Ter$@~aax
z=93iikKMn!jUL13_olA~vKL?Ys{X3_s!><9Y61@KHaKMXbn^dX2&|okj;ssSfYfTK
zS@m_fRJVM<tMd4Ct>`F{1m`Ku5bXN?G3qx*u&}t~K!NaE319_{PTw##y-%hW+L^+j
zu0=lBc1$<)oML~{>7INj$9US+ycn?=cq6)Q&&F_txzy%l9;yY9P28fK@)3xTVrJxK
zf8Ul^1pMrUH^L<PrVE{)UlnEby}Py$lz~V3IT!|W#zcgK=?b}UD{(OO9npMff#!AA
zWQnVgE|?-yv$t?3XA)qmwx}EiX~z?dWBmAS?b=damwvo`GH`E6B8TGQmjtZpu6?1{
zp~GUC4LLB_`Vp}|MeB>Z0-}ZhTLzmYQ+EtF{<N^x_WIyughGBn0Q9`SyvesH-rSV5
zsfId;sKUdhDWoyj(7xtjW=ND<8-m?{tO4q)f26p_u7nYTNiE&#?9B2IGren8DuPJ<
z5TzC|Ic$;ywKGMzF{dHJ+a*Vv)|Af<lH`{iwB{Cj-jVgo(WzQ20C{PlrXdvM2VAEz
zUve2}GWg+(jW{Sj5R<V*y(KJ!?%{M=wfSRSL?rD5RIcRem>ujcb-6-rC~cv6A(<@9
ztL0LgfQg7;6a?TnVH}^3(;WB--I@m;u#Ntb31BWR><A3AEV;*36OE=MPC<PfeylRu
z2ge-d@-Kb2d@$Dns~6&jj!Op=_cyHVkN`2{z86Z*BT;_PqlE0J{mm3MY<0+81~t;+
zC3F=AcF|K-+%0gl?MMpBV<AtG1M)#m?DH&V<|B6W!dPQ+FK#dA(DaChYF<a?e-;)6
z#o97bbuDrJl`fJgrYXS@<{FyaQ@FSS<;xt(9rBceMGMDxkjr~R1)9Y8VpgfjjY7F0
z1U|*+{PY&|J`^-KQfes<JB!FzNZBu1@@AL(WWS(?q-jtHm(}r<VS=hT_i-#*LR*a2
zz965okyr1=GyOf+^H<ykI&wqx7qUq^Gg9cPDWim{zn`Rj5Q8>8ZSoSrx!z>3ZajpJ
zKW>{=p#a?D3^+kino5WDqf6ninfBg;X8Xk9FXa2B=&kZaOB_?wZ;~tu^-R~NzSXuy
zZTT|%9#6NlU{u_5A#L?i<!~$bI4%QN7f_ehflulAVs{}!)-E9}3~y+?kyfb@VH6YF
zY00OBuPoKk0P3;Q<j9%Eq)VM+jHPg<#z1Mw`!Noq;~JDR$a(~_>DTHDLAeJM@XG^g
z<f-FYXk`%Cf;!0Lb%mI>!Uh5_7dJG@Kr)tn%W3tPJ*0N>FM9(7%qZs8{TF%;gl18~
zgN}b`DERc}GpgLG%WCdP6IQ(a+g;@Y_}aSWaV+TW=dF=~##QU3;s#vlV9Nt)Zg110
z#_32uG&+NPDTjj<fkRFvRP6Ec+Rxgqzs2M1t#hYjef@pI^79#t!)*r<jYgkncJHVc
z&L1Eq-AxEV$-+kzcQ>78TC3}>rg_!I%urY0mYV;2mMOwp6U4<-S(KH;D(LZu#;S5w
z!W5+G$XAGJfiCe#UgkgK#_T=ED?qsif7I_}`aE%YhUH{>pEq<*FXpT3&M1S46y&!;
zp>^?F<fcyGBHOb~R~ROiC*VR7(RqLwB>L>wq|joCu~cBYeJPAP1AOEaLzWaUfl_Ze
zF27SKgXr%qk<VQe@<4A<AMW46RVfJ%(cYZ_xZd^JP&U(fXc|+cUH$b9R=tlp60W03
z<k;>d(klIYMS-Y~1-ZKxR~?zJrQO6`VPLpU^+>g%3(Yiq#_iiyYkRY7{zF;(Eliuv
z*KRFm5y<79!*${MK({+Tgvp}Jjv!$)3fbDtp69X<;1dF`cOlt=T&VcT#&-GUYsnZI
za3dfXPY6O8rmchfHo!1$z}5(=v?5tmZD&A|zQ<d|wZ75Il?^cDMJ`YN6TPfBdil|2
zP0j}~F5+eGx4V!T{v}kIBcV}?JblL<n%Z-mfh&kO2m%e&G)NVMdZ%+6n3ODwhGJ%0
z-1Z1t?=KB2AdUe;Q`ts%Tvnwsk71JeYA0EOpmnn5T&gH5BwuhcO`BSQBtTJZjjksa
z*J3b6Sh*@MmMn&YM7cN_s#Z}c3R5#7?E}$+n5KTdI5Bp8iq*Yf=*4=mTe>tQjYkCC
zXg4i8o<<!q)AoP6u;@`l6`!4Oi{TVb<xp;mEd5jP%(lOjT{Ni$Z?&ZxRmNv%MH7iH
zwXbO`V)4kvqlaFYvr9hx!C#3#;%dB{=Xum-Bx5!HZSu;F{N#C#oPFk<l>xU1kU$XP
zfz6QP1?MoFrF=b-p|R#rN{Jr>cTaD*>+`vQ(AcfF5MXbMLD3(<k(#yVyi<Yai*tkA
zLPOaaE*+X;NgMTPr`y*C_1J%?7;GCb?33|AqQoE9(pRBR$cw;oe_iAtJxEeP<H%ti
zu{M{974MH0dE;GuZFkm7qc52{K5;V$8B}S$9KFlRg<}v>$#GxRhQ3)OGO7L_n__(b
zQrGrL-$=MZV==aj*NOec4vF{IuPG&Z2w%uAtx&Q9ZGFLT-uzKBce@8q>NbDJLS|;p
zq5t<*#<yb3O9Nn5fdxqLA$pN*i;hwueh=c3DfOL1=-eH7YSY=EIV+m+PjVA~n-n}v
d%xVc}N8fo?sMHjeE2!7hR1%jvoL<m@6$9|Bk@)}s
literal 0
HcmV?d00001