WIP vault

2025-03-10 17:58:34 -05:00 · 2025-03-10 17:58:34 -05:00 · 8742487c0b
commit 8742487c0b
parent 55a61b7777
3 changed files with 29 additions and 9 deletions
--- a/hosts/oracle/o001/flake.nix
+++ b/hosts/oracle/o001/flake.nix
@ -54,6 +54,7 @@
              ./configuration.nix
              ./hardware-configuration.nix
              ./nginx.nix
+              ./vaultwarden.nix
              ../../../components/nix/tailscale.nix
              (
                { pkgs, ... }:
--- a/hosts/oracle/o001/nginx.nix
+++ b/hosts/oracle/o001/nginx.nix
@ -56,6 +56,7 @@
                <html>
                  <body style="width:100vw;height:100vh;overflow:hidden">
                    <div style="display: flex;width:100vw;height:100vh;justify-content: center;align-items:center;text-align:center;overflow:hidden">
+
                      In the void you roam,</br>
                      A page that cannot be found-</br>
                      Turn back, seek anew.
--- a/hosts/oracle/o001/vaultwarden.nix
+++ b/hosts/oracle/o001/vaultwarden.nix
@ -6,13 +6,15 @@
 let
  name = "vaultwarden";
  hostDataDir = "/var/lib/${name}";
+  hostAddress = "192.168.100.2";
  localAddress = "192.168.100.111";

  binds = [
    {
      host = "${hostDataDir}";
      container = "/data";
-      user = config.users.users.vaultwarden.name;
+      user = "vaultwarden";
+      uid = 114;
    }
  ];
 in
@ -25,8 +27,9 @@ in
        home = bind.host;
        createHome = true;
        group = bind.user;
+        uid = bind.uid;
      };
-      groups.${bind.user} = { };
+      groups.${bind.user}.gid = bind.uid;
    }
    // acc
  ) { } binds;
@ -35,8 +38,7 @@ in
    ephemeral = true;
    autoStart = true;
    privateNetwork = true;
-    hostAddress = "192.168.100.2";
-    localAddress = localAddress;
+    inherit localAddress hostAddress;
    bindMounts = lib.foldl (
      acc: bind:
      {
@ -50,18 +52,34 @@ in
    config =
      { ... }:
      {
+        system.stateVersion = "24.11";
+        users = lib.foldl (
+          acc: bind:
+          {
+            users.${bind.user} = {
+              isSystemUser = true;
+              home = bind.container;
+              uid = bind.uid;
+              group = bind.user;
+            };
+            groups.${bind.user}.gid = bind.uid;
+          }
+          // acc
+        ) { } binds;
+
        services.vaultwarden = {
          enable = true;
          dbBackend = "sqlite";
          backupDir = "/data/backups";
          config = {
            DOMAIN = "https://vault.joshuabell.xyz";
-            SIGNUPS_ALLOWED = true;
+            SIGNUPS_ALLOWED = false;
          };
        };
-        networking.firewall.allowedTCPPorts = [
-          8222 # web http
-        ];
+        networking.firewall = {
+          enable = true;
+          allowedTCPPorts = [ 8222 ];
+        };
      };
  };

@ -71,7 +89,7 @@ in
    locations = {
      "/" = {
        proxyWebsockets = true;
-        proxyPass = "http://${localAddress}:8222"; # vaultwarden
+        proxyPass = "http://${localAddress}:8222"; # vaultwarden TODO left off here the port is 8000 depsite the docs showing 8222 as default, set ecplisit
      };
    };
  };