hunner/nix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add bitwarden

Browse source
This commit is contained in:
Hunter Haugen 2026-02-26 13:41:57 -08:00
parent 978ae01302
commit 77b18f8490
Signed by: hunner
GPG key ID: EF99694AA599DDAD
5 changed files with 34 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

2
hosts/liminal/configuration.nix
View file

@ -325,6 +325,8 @@
awww.packages.${pkgs.stdenv.hostPlatform.system}.awww awww.packages.${pkgs.stdenv.hostPlatform.system}.awww
nix-index # for nix-locate nix-index # for nix-locate
sops sops
bitwarden-desktop
bitwarden-cli
]; ];
}; };
systemd.user.services = { systemd.user.services = {

1
hosts/ruil/configuration.nix
View file

@ -3,6 +3,7 @@
{ {
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
./modules/vaultwarden.nix
(modulesPath + "/virtualisation/digital-ocean-config.nix") (modulesPath + "/virtualisation/digital-ocean-config.nix")
]; ];

24
hosts/ruil/modules/vaultwarden.nix Normal file
View file

@ -0,0 +1,24 @@
{ config, ... }:
{
sops.secrets.vaultwarden-env = {
owner = "vaultwarden";
mode = "0400";
};
# Vaultwarden on warden.hunner.dev
services.vaultwarden = {
enable = true;
configureNginx = true;
domain = "warden.hunner.dev";
# SMTP and admin token are sourced from the sops-managed env file.
environmentFile = [ config.sops.secrets.vaultwarden-env.path ];
config = {
SIGNUPS_ALLOWED = true;
INVITATIONS_ALLOWED = true;
};
};
# ACME certificate for Cloudflare Full (strict) origin TLS.
services.nginx.virtualHosts."warden.hunner.dev".enableACME = true;
}

5
hosts/ruil/secrets/config.yaml
View file

@ -4,6 +4,7 @@ hashedPassword-root: ENC[AES256_GCM,data:E/T3LBreiSZaC/qZ2QNxz3prGHoj47zS3ILsa7l
openclaw-env: ENC[AES256_GCM,data:pJq+HdqlNjx0qeVHhPcnZk9FNm7/eMWm8vZ3ROnQ00qR4lXo3f86wL3vH9UQjVtdKSGDQj171b88nCVWqLY/h9YP2ld/1AwI7K06bzCRTjAYXzcpCfLyDEc0x3olSNTwsyKN4avI1x+9xciE36b53VVFpLNhGsRz9pT+jWx1jeVIUNbh6OGu4CGA1I2L4TaAiGEfEh29mDrAzqPLzIkyaSvay3+fun4X0SbpbE0bLnd6NnVUjff0HCgiDDDckc/O33G/k6OcLaN04hDnnCVIfGxPkRQKB02QC33mb35T5N4T,iv:DNNbwHGfQjY9Uvw4QXUz6IqtNQWZKLDD0GtvnoowxB0=,tag:+cu3ZVjo2xUg/wyIlUvD0Q==,type:str] openclaw-env: ENC[AES256_GCM,data:pJq+HdqlNjx0qeVHhPcnZk9FNm7/eMWm8vZ3ROnQ00qR4lXo3f86wL3vH9UQjVtdKSGDQj171b88nCVWqLY/h9YP2ld/1AwI7K06bzCRTjAYXzcpCfLyDEc0x3olSNTwsyKN4avI1x+9xciE36b53VVFpLNhGsRz9pT+jWx1jeVIUNbh6OGu4CGA1I2L4TaAiGEfEh29mDrAzqPLzIkyaSvay3+fun4X0SbpbE0bLnd6NnVUjff0HCgiDDDckc/O33G/k6OcLaN04hDnnCVIfGxPkRQKB02QC33mb35T5N4T,iv:DNNbwHGfQjY9Uvw4QXUz6IqtNQWZKLDD0GtvnoowxB0=,tag:+cu3ZVjo2xUg/wyIlUvD0Q==,type:str]
searx-env: ENC[AES256_GCM,data:dJ8JGxTWBdrli340Yjs5bA7X25NjExj5Mxp2T49jVEv/pafTtyMWf7Tvonzv+krCe1k/Zsh7KuWoJxXXOOGjRLPP1eQMMJunoL/P6JXruX+ZkBN5XbYB/UdWdkUrcvdDSyMcofZwgqYdDUy6J5ZlvcnmvuIM,iv:DuzG234PInaT/2CYQp9fzGh0EBYrxA7cto5uI4tGSkQ=,tag:1PNQKboKl6N7SULlUeAcgA==,type:str] searx-env: ENC[AES256_GCM,data:dJ8JGxTWBdrli340Yjs5bA7X25NjExj5Mxp2T49jVEv/pafTtyMWf7Tvonzv+krCe1k/Zsh7KuWoJxXXOOGjRLPP1eQMMJunoL/P6JXruX+ZkBN5XbYB/UdWdkUrcvdDSyMcofZwgqYdDUy6J5ZlvcnmvuIM,iv:DuzG234PInaT/2CYQp9fzGh0EBYrxA7cto5uI4tGSkQ=,tag:1PNQKboKl6N7SULlUeAcgA==,type:str]
searx-nginx-basic-auth: ENC[AES256_GCM,data:v22LhW/PksCnfheQ5dYF4n0pLNdGEe8q/bp0aoP/ZRcUFsSWZSdt6Wuj3BdpW7Hl/vJiWysxDX/0mi1GQ7flZz0+lmIWe29hSroJljAccMrafL6CY7r2awk+IC5Z2hNmbvLxbHzyN9U8mExazeNuWq0=,iv:OpSkH4C0eAF6CrRJRmQRtC9j+0WEKLM1a0rNeGtROaY=,tag:7nbFtk02bgB0glANehZXTw==,type:str] searx-nginx-basic-auth: ENC[AES256_GCM,data:v22LhW/PksCnfheQ5dYF4n0pLNdGEe8q/bp0aoP/ZRcUFsSWZSdt6Wuj3BdpW7Hl/vJiWysxDX/0mi1GQ7flZz0+lmIWe29hSroJljAccMrafL6CY7r2awk+IC5Z2hNmbvLxbHzyN9U8mExazeNuWq0=,iv:OpSkH4C0eAF6CrRJRmQRtC9j+0WEKLM1a0rNeGtROaY=,tag:7nbFtk02bgB0glANehZXTw==,type:str]
vaultwarden-env: ENC[AES256_GCM,data:C1oXLf+XchounepkJdGskeh3mlIvZYNFOK8Ec7wkPUnysEBXpVjtdfvbWZLkIzlcIn9BxM7pQLGDpn+7vogZA47JA07TkIVef9xrYYytLDYkox6+G/Acd36tuMKrTRWNko/wWX/YQQdHTGLLlBvP56YMQOSQ6mq5w86VK7QDmPFZTeobt3n4neHDIRjxkEWqNQg5x8zVPYbRqeg6rN2ES/hnd9jTzetx2lYH1zU8IncIGnkzw5C/5L8TysmHygWE5cX2CsA+2slkQHMYdQ3cZNFswP793jiAQB2BWXKUE8jyRc7S5XeUzfhFsg6pFdo9m0Om1nF2Hku/sYKaml3U+Fcma5BctuMpaPMAWh20n4wGS9rcIaF3SxwhCTHmk/IFOX/s8eK4,iv:B4DpR2JZQTuDOfCCR9x4uPWH4HyfXVDVYEZ2JZCdDf0=,tag:jwovvzMPLInaQHCxV4fTGw==,type:str]
sops: sops:
age: age:
- recipient: age17sdp0gguexd88qel74fa4zeckxh93gqpkayz366fz6yvjauw7vcq7w6y45 - recipient: age17sdp0gguexd88qel74fa4zeckxh93gqpkayz366fz6yvjauw7vcq7w6y45
@ -24,7 +25,7 @@ sops:
VHorQzNrMFJLaFpSalZZdjNraXhlSVUKwWLesTzMxsEB45hWWzhZGWc1cDm/gmvF VHorQzNrMFJLaFpSalZZdjNraXhlSVUKwWLesTzMxsEB45hWWzhZGWc1cDm/gmvF
MAytSLiBcieAkRKZoklyk/llbnq7kycvpZCU/sQrjKqmoHkC+TF3BQ== MAytSLiBcieAkRKZoklyk/llbnq7kycvpZCU/sQrjKqmoHkC+TF3BQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2026-02-24T07:16:51Z" lastmodified: "2026-02-24T23:59:42Z"
mac: ENC[AES256_GCM,data:sOhZnDFUDSEgoAuj3JKntckpu/2wQ2GrNxU7As855i+zT8zkEJlatf5Lw4Mr5NnYQMu6Jtgq26+6ucY7VcMxlqEdm0+jWMSA9Q2iPFZspgvZHqfoqpKlAjqKP90IcPYuieZm53FQSBdTvD0TlCk5ZNG7DyErAdfPSjqozPPsuk4=,iv:QNXCvwcUvug+rfPJnVGnVs42/hBHOnaEd9FpwhJMJkU=,tag:h8v/W+gt9LFspAty/3zZrg==,type:str] mac: ENC[AES256_GCM,data:qnbTTnrl84U55wzKMrp7e/gvxrj5TZCH4LC7X+waPEVEpz7jsJ/10gezCU5H6v6lkXCrfJ9CZgupRrFMI+yrndLVtqXyrdUkMWeq6GehzKd9Li2VbnfVu1zfjF5gRX4xyOxjfa3NDvHhfWQOUrTlXQyd4YIJUs0Q4cLjpaT1DH0=,iv:7CGp7qqWNdRsnFfLyqstkxledpWH7b0PuPdVxvWxcQg=,tag:8t2iyWYshX0YMWtRtccclA==,type:str]
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.11.0 version: 3.11.0

4
justfile
View file

@ -24,6 +24,10 @@ deploy-ruil:
deploy-liminal: deploy-liminal:
just deploy-sudo liminal just deploy-sudo liminal
# Shortcut: deploy zima (local)
deploy-zima:
just deploy-sudo zima
# Update flake lock file # Update flake lock file
update: update:
nix flake update nix flake update