ringofstorms/dotfiles
ringofstorms/dotfiles
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

WIP vault

Browse source
This commit is contained in:
RingOfStorms (Joshua Bell) 2025-03-10 17:58:34 -05:00
parent 55a61b7777
commit 8742487c0b
3 changed files with 29 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

1
hosts/oracle/o001/flake.nix
View file

@ -54,6 +54,7 @@
./configuration.nix ./configuration.nix
./hardware-configuration.nix ./hardware-configuration.nix
./nginx.nix ./nginx.nix
./vaultwarden.nix
../../../components/nix/tailscale.nix ../../../components/nix/tailscale.nix
( (
{ pkgs, ... }: { pkgs, ... }:

1
hosts/oracle/o001/nginx.nix
View file

@ -56,6 +56,7 @@
<html> <html>
<body style="width:100vw;height:100vh;overflow:hidden"> <body style="width:100vw;height:100vh;overflow:hidden">
<div style="display: flex;width:100vw;height:100vh;justify-content: center;align-items:center;text-align:center;overflow:hidden"> <div style="display: flex;width:100vw;height:100vh;justify-content: center;align-items:center;text-align:center;overflow:hidden">
In the void you roam,</br> In the void you roam,</br>
A page that cannot be found-</br> A page that cannot be found-</br>
Turn back, seek anew. Turn back, seek anew.

36
hosts/oracle/o001/vaultwarden.nix
View file

@ -6,13 +6,15 @@
let let
name = "vaultwarden"; name = "vaultwarden";
hostDataDir = "/var/lib/${name}"; hostDataDir = "/var/lib/${name}";
hostAddress = "192.168.100.2";
localAddress = "192.168.100.111"; localAddress = "192.168.100.111";
binds = [ binds = [
{ {
host = "${hostDataDir}"; host = "${hostDataDir}";
container = "/data"; container = "/data";
user = config.users.users.vaultwarden.name; user = "vaultwarden";
uid = 114;
} }
]; ];
in in
@ -25,8 +27,9 @@ in
home = bind.host; home = bind.host;
createHome = true; createHome = true;
group = bind.user; group = bind.user;
uid = bind.uid;
}; };
groups.${bind.user} = { }; groups.${bind.user}.gid = bind.uid;
} }
// acc // acc
) { } binds; ) { } binds;
@ -35,8 +38,7 @@ in
ephemeral = true; ephemeral = true;
autoStart = true; autoStart = true;
privateNetwork = true; privateNetwork = true;
hostAddress = "192.168.100.2"; inherit localAddress hostAddress;
localAddress = localAddress;
bindMounts = lib.foldl ( bindMounts = lib.foldl (
acc: bind: acc: bind:
{ {
@ -50,18 +52,34 @@ in
config = config =
{ ... }: { ... }:
{ {
system.stateVersion = "24.11";
users = lib.foldl (
acc: bind:
{
users.${bind.user} = {
isSystemUser = true;
home = bind.container;
uid = bind.uid;
group = bind.user;
};
groups.${bind.user}.gid = bind.uid;
}
// acc
) { } binds;
services.vaultwarden = { services.vaultwarden = {
enable = true; enable = true;
dbBackend = "sqlite"; dbBackend = "sqlite";
backupDir = "/data/backups"; backupDir = "/data/backups";
config = { config = {
DOMAIN = "https://vault.joshuabell.xyz"; DOMAIN = "https://vault.joshuabell.xyz";
SIGNUPS_ALLOWED = true; SIGNUPS_ALLOWED = false;
}; };
}; };
networking.firewall.allowedTCPPorts = [ networking.firewall = {
8222 # web http enable = true;
]; allowedTCPPorts = [ 8222 ];
};
}; };
}; };
@ -71,7 +89,7 @@ in
locations = { locations = {
"/" = { "/" = {
proxyWebsockets = true; proxyWebsockets = true;
proxyPass = "http://${localAddress}:8222"; # vaultwarden proxyPass = "http://${localAddress}:8222"; # vaultwarden TODO left off here the port is 8000 depsite the docs showing 8222 as default, set ecplisit
}; };
}; };
}; };