From a6acaf9b173f0443ab2ea0d7917ba40244779ef2 Mon Sep 17 00:00:00 2001
From: Nettika <git@nettika.cat>
Date: Thu, 26 Dec 2024 22:28:21 -0800
Subject: [PATCH] Setup vaultwarden on monolith

---
 hosts/monolith/default.nix |   1 +
 hosts/monolith/vault.nix   |  20 ++++++++++++++++++++
 secrets.json               | Bin 641 -> 730 bytes
 3 files changed, 21 insertions(+)
 create mode 100644 hosts/monolith/vault.nix

diff --git a/hosts/monolith/default.nix b/hosts/monolith/default.nix
index 18ec6cd..778a0b5 100755
--- a/hosts/monolith/default.nix
+++ b/hosts/monolith/default.nix
@@ -6,6 +6,7 @@
     self.nixosModules.server
     self.nixosModules.zerotier
     ./dns.nix
+    ./vault.nix
   ];
 
   networking = {
diff --git a/hosts/monolith/vault.nix b/hosts/monolith/vault.nix
new file mode 100644
index 0000000..c717a88
--- /dev/null
+++ b/hosts/monolith/vault.nix
@@ -0,0 +1,20 @@
+{ secrets, ... }:
+{
+  services.vaultwarden = {
+    enable = true;
+    config = {
+      domain = "https://vault.leaf.ninja";
+      signupsAllowed = false;
+      rocketAddress = "0.0.0.0";
+      rocketPort = 8222;
+      smtpHost = "smtp.migadu.com";
+      smtpFrom = "vaultwarden@leaf.ninja";
+      smtpPort = 587;
+      smtpSecurity = "starttls";
+      smtpUsername = "vaultwarden@leaf.ninja";
+      smtpPassword = secrets.vaultwarden.smtpPassword;
+    };
+  };
+
+  networking.firewall.allowedTCPPorts = [ 8222 ];
+}
diff --git a/secrets.json b/secrets.json
index 7fb8fcef1b047ddc8d40e4a384edcebb81568207..6ef87476c60d7a0cb6c30294b0312987dca8c669 100755
GIT binary patch
literal 730
zcmZQ@_Y83kiVO&0n85$G=h`$s#yI^M3vX<w+4Jnj-Lol)j+rx#x`rjzIT>ff<zA`m
zYrPustNHWQX=UFFlb5gF)c9oWpQ$X*XKhw#@XvfNs`~xZ%dhAE-`MfvZstLi_LY{W
z6j<gzIiHzqGS5C{Qptz;hcldgP2bOE+xx$7kz>=zz28?YF8XJ}d)$qCuL$D>M%l&e
zb%LjbI~iJ*`<8n9ubq4Ka`~F3ipa%<BA?XDu2%^xeK*O3uja7itTVe;9j;94Nx5FH
zE~J0@u5$L1hw9ps3KaJJ)77_J(XoC9kNKznvrB$dzOIS>q8a>V<;L@+b^C7#?3B8H
zmOof9t7Mb=gP9j3#0_T1rv#o;S}~L7=cXezNnQ+p)o$-lom$4W^rXCB<}>@iyBT%6
zS7b-H%J{akZ`gNkftu<y|GaPQldRuecyp#cPt0?A<g<I~n&EM2EY%KX3xeeStCU>0
zw=_!T{IiRnL$}<~S2i|s{gV*MU+sN!`IU^@H@AL1w76!efv;3;=%19bBu=r(N7*Na
zDxHro>6xl<m+@x2L10a7?zOViH_oM93!98HO8#;PoL$VL6~Z)4;qOw}#5vwqrfB|~
z+}^!I*kZB__l~sdM~naFJo8MrFFE^`*UsA;|CmfMwb9O8XSrV}AU^(t-cp6x=2gGB
zt5|Z(PItc7IC)PuRdm|Kn5+*AH*Z?8&{c-%#Df1<nVxT0t^DQ<OP036yBoD_$F{$|
zsM8vF{rQYP{cm53O?}L%`sztUiQqo1j(6;QrTgL^HkKZ%Tlz<%j^pS5mzTO_!h^a4
zg6(wo_gvp57r)@yU*iXI;X9Yy3Oq8?QPusss-~~|{oJ=Iwk=FoZ6@r~QP`>-vZM6I
zma`YEVt$@25<S{&z#V@=TlTHTA0JijJMw?0*GqOh|7fuB^_!&=+lz1h3+pJ4OxW<3
xQ}oZ0^^t}xmkJ%YXC%0ZN6W;dEs$k-$}@Y%ERN6#7J)6d?#ivaDY8F!2>@DJZUO)R

literal 641
zcmZQ@_Y83kiVO&0VBR+`bH$v!Y-}8xJRH62dbeFUv%^kc`j?h|q1P<u#SSi)R=N>8
z!9lfrwdTEa)s?-Q%Wn(+t1jO8^X5@giB&W9=l`GoZ%L4-8B6{?yS9!$h6nCk&`Lh5
zy=6g-M3`vbi|gGd7iXTcGtAZ6-uG(L?tia06m|W%y6+A@Z|ND+h$vsz`LAEzGdp^4
z>2&{`xP6i7y$#9%Od6klS?_x~OE97=$xlP6u5)E=Xz(is@z?X2g4RB*mrOiW|NndM
zJD$bjsvQMC5B^YnFtPhFhw;0IzOKnerCWNGqvuYWkhA{u%niP(2N(SOoRg+-P3zsd
zKQU*YZ{NMsD6m;5*q__}TFkZm8<!mWYOr^Hz`|=+#V6d4ICf-KunL1^S=^iwdxN#-
zA~?nRe=lIYDw4GC$-ND)|HR(2*&oZR{c7cQef=ZHkDR@c$l};tRuaG;w%e}6jpHt_
zg~R6;m7z0_2p#w3+kU*p+o1VdF6Z8LX*N$*oxHJcs_WXCHr<D-!YrlK6xj0eS=5`p
zoxDH6!tGl7@z6~lLQWK(zWiz4<6?%>s{8$Gjvstx?)N)}H|Ujvqgl1P%Q5}8$7^^l
z+`T@nEuDu)JYK}_c<;<8`$c6Fbi0o5yWD)IntSWTb|xmrJU8i3r3I~Lr{7*Xja5%F
zS@$7d#M%$#Qi8$WoyK;Id)Kw?nzdxxe6^I1d0W^nM!%h9rFhZgc~aNp)QY<dW=;1E
zg@S(ecorFF@A-1a@XX3PGhg3JHjcWzvqr1l>8t+REuVDe-r@dU_EK<JRdkEZpBu)F
z2VJ(`+H}R{y{GBY*E^Eh%c=@Qe=^rClX&j_>y`4>jd#{7A3yDRD5$7<Q$fI)mY((b
H=HEO3aS23!