diff --git a/hosts/hitsugibune/vaultwarden.nix b/hosts/hitsugibune/vaultwarden.nix index 143ce6d..ef3276c 100644 --- a/hosts/hitsugibune/vaultwarden.nix +++ b/hosts/hitsugibune/vaultwarden.nix @@ -4,10 +4,15 @@ let domain = "vaultwarden.sprechtl.me"; in { + age.secrets.vaultwarden-env = { + file = ../../secrets/authentik.age; + }; + networking.firewall.allowedTCPPorts = [ 80 443 ]; services.vaultwarden = { enable = true; + environmentFile = config.age.secrets.vaultwarden-env.path; config = { DOMAIN = "https://${domain}"; SIGNUPS_ALLOWED = false; diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 648ebe4..db4a207 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -18,4 +18,5 @@ in { "coturn.age".publicKeys = [hitsugibune key]; "mail-admin.age".publicKeys = [hitsugibune key]; "authentik.age".publicKeys = [hitsugibune key]; + "vaultwarden.age".publicKeys = [hitsugibune key]; } diff --git a/secrets/vaultwarden.age b/secrets/vaultwarden.age new file mode 100644 index 0000000..0c65bfa --- /dev/null +++ b/secrets/vaultwarden.age @@ -0,0 +1,15 @@ +age-encryption.org/v1 +-> ssh-ed25519 7PLkJg LfdNf7f5IgCPzA7dhJ4Ce28qcnTeouO7Ab6UlZ2LXyQ +iguzDvH/DnM6BmfpsUDYUY9wcHcIqpDFocoAO+lEG6Y +-> ssh-rsa LgF3EQ +Tl1NY3O3Bbl25Qqd3lO29H1UGlqFRArxdkFzSts4I5HRHSrBR45qNIKEeVcO1cV4 +zC/cVV6oVQFoTsfgulMJ9luFeYBrtOlgB4CBaNrY6Dd/nafHT8KOmXCqgf6TuQib +85uLZYkwxwt1JJygR1Wsv0nLJwJtqhI35fbA+rR/MFwLE5J+fi3f8SOlLyzwaHMa +OAHoc1+ZCnQdfJRkAIWQTJr51QuofJP/+dPgW9Uk0Nw+XWOmoMo9dUeWhXZfIkQS +Gr7rGJ0dOotTCMz5JcJO0jDUY4Jxd+OS+xnZYQ5j8Tb8x3ckYa0VaiYCK8ikEH2a +4Bb9dc3Myb8NAbdaSyqZ0n/ACWhLlXHxpIKw+888MZAtdI6sOwRO+vHPuk/8Bnwo +f5YzTDiSxf2EkeUBO8zQBcywLCJOHdQMBZij96r3pgqFDNGF6sQy2bp1CGSTFOIN +JPVt1T50l0Jd3OdbDkIFiwPrDUkMrkSRAWYqtZc7wuX6JeVoU2WffALSiJds19Wo + +--- QRrkAQoTVgu1I+Xs19F1Y6/4R9F7F1KwGaOC/3ircHI ++0swլȡF|ۑlgO2dFޱ,>"#1&2- J,gG1Z 4lR@^U!`¥=E;dd|YupBn0ґeR@[P=Ŝ0^ϧ^ta׀TV.`2B\vڢndNNYG簃̔%|lQ^)b]saSR6cm3WGDZhi/0Y\ǀ9W -PUӼ \ No newline at end of file