update common secrets add vaultwarden env

hosts/h001/containers/zitadel.nix

@@ -80,8 +80,6 @@ in
       };
     };
 
-    networking.firewall.allowedTCPPorts = [ 8080 ];
-
     # Ensure users exist on host machine
     inherit users;
 

hosts/oracle/o001/containers/vaultwarden.nix

@@ -1,4 +1,5 @@
 {
+  config,
   ...
 }:
 let
@@ -38,6 +39,10 @@ in
         hostPath = "${hostDataDir}/backups";
         isReadOnly = false;
       };
+      "/var/secrets/vaultwarden.env" = {
+        hostPath = config.age.secrets.vaultwarden_env.path;
+        readOnly = true;
+      };
     };
     config =
       { ... }:
@@ -56,6 +61,7 @@ in
           enable = true;
           dbBackend = "sqlite";
           backupDir = "/var/lib/backups/vaultwarden";
+          environmentFile = "/var/secrets/vaultwarden.env";
           config = {
             DOMAIN = "https://vault.joshuabell.xyz";
             SIGNUPS_ALLOWED = false;

hosts/oracle/o001/flake.nix

@@ -60,6 +60,7 @@
 
                 ringofstorms_common = {
                   systemName = configuration_name;
+                  secrets.enable = true;
                   general = {
                     disableRemoteBuildsOnLio = true;
                     readWindowsDrives = false;