felixalb/nixos-config
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

defiant/vaultwarden: unpublish

Browse Source
This commit is contained in:
Felix Albrigtsen
2026-03-29 15:52:03 +02:00
parent d117a6422c
commit d3776db311
3 changed files with 21 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
hosts/defiant/services/nginx.nix
View File

@@ -31,6 +31,15 @@ in {
defaults.email = "felix@albrigtsen.it"; defaults.email = "felix@albrigtsen.it";
}; };
# security.acme.certs."domainname" = {
# dnsProvider = "domeneshop";
# environmentFile = config.sops.secrets."domeneshop/acme".path;
# webroot = null;
# }
sops.secrets."domeneshop/acme" = {
group = "nginx";
};
# Publicly exposed services: # Publicly exposed services:
services.nginx.virtualHosts = let services.nginx.virtualHosts = let

12
hosts/defiant/services/vaultwarden.nix
View File

@@ -1,7 +1,7 @@
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }:
let let
cfg = config.services.vaultwarden; cfg = config.services.vaultwarden;
domain = "pw.feal.no"; domain = "pw.home.feal.no";
address = "127.0.1.2"; address = "127.0.1.2";
port = 3011; port = 3011;
wsPort = 3012; wsPort = 3012;
@@ -43,13 +43,17 @@ in {
services.postgresqlBackup.databases = [ "vaultwarden" ]; services.postgresqlBackup.databases = [ "vaultwarden" ];
security.acme.certs."pw.home.feal.no" = {
dnsProvider = "domeneshop";
environmentFile = config.sops.secrets."domeneshop/acme".path;
webroot = null;
};
services.nginx.virtualHosts."${domain}" = { services.nginx.virtualHosts."${domain}" = {
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
listen = [ listen = [
{ addr = "192.168.10.175"; port = 43443; ssl = true; } { addr = "192.168.10.175"; port = 443; ssl = true; }
{ addr = "192.168.10.175"; port = 43080; ssl = false; } { addr = "192.168.10.175"; port = 80; ssl = false; }
]; ];
extraConfig = '' extraConfig = ''

7
secrets/defiant/defiant.yaml
View File

@@ -5,6 +5,7 @@ matrix:
slidingsyncsecret: ENC[AES256_GCM,data:bMBTXsLhXCj0Divy2mXZQ3zv5WBLut47pOzEQ1elOD1uDaKZMX8wX/EjGrrfmPZvUfLrvqEn8zEda++VtwPBonmQQ0CZraZeEKGgStQrFw==,iv:EulqNNtkNUFxO/LQ1qtYL/IXWu71L5cuJ1pY6eK85vc=,tag:uVoi42sq4S34bErASGJOAA==,type:str] slidingsyncsecret: ENC[AES256_GCM,data:bMBTXsLhXCj0Divy2mXZQ3zv5WBLut47pOzEQ1elOD1uDaKZMX8wX/EjGrrfmPZvUfLrvqEn8zEda++VtwPBonmQQ0CZraZeEKGgStQrFw==,iv:EulqNNtkNUFxO/LQ1qtYL/IXWu71L5cuJ1pY6eK85vc=,tag:uVoi42sq4S34bErASGJOAA==,type:str]
domeneshop: domeneshop:
netrc: ENC[AES256_GCM,data:35HTN/L7FfKTdsnu73Vqcf9NEc/ybV9CtEYVh/3VFuge5LEviubcqR2ljkdh22HzMjzbzO9WZVTLo0K8oqrR+8zCbKmi4+4n8ZsnGrqdnx2/Bl2KGdNXTbvfkIqZMD7xRBJtSB2IVyXcB1u7JYd9jvr2xVek3IC8C1Zf,iv:XeqZZYWHD9Sww+IUoRs5+BEKZK80cDF1o4zdUlztA94=,tag:dHQe6Rqst75VTmXSiqTeTw==,type:str] netrc: ENC[AES256_GCM,data:35HTN/L7FfKTdsnu73Vqcf9NEc/ybV9CtEYVh/3VFuge5LEviubcqR2ljkdh22HzMjzbzO9WZVTLo0K8oqrR+8zCbKmi4+4n8ZsnGrqdnx2/Bl2KGdNXTbvfkIqZMD7xRBJtSB2IVyXcB1u7JYd9jvr2xVek3IC8C1Zf,iv:XeqZZYWHD9Sww+IUoRs5+BEKZK80cDF1o4zdUlztA94=,tag:dHQe6Rqst75VTmXSiqTeTw==,type:str]
acme: ENC[AES256_GCM,data:hESj6E3E9QI3mo0WxkLtk9elQNJ/878cecjHDCQJz9OQTG+rnlsCG5GhLOENcKlbhtZTkV8qsRSDO+3L2sdOEpe4eNuPnytxJycOrwZ3pr1F1FOBoWbkWX9F0xSf/7RxsetbrtlscnjaXYYdMBAAe3thkAXvca+0ZkZC/R4=,iv:/++qO2N4xczNvGjyZfG8JBF7KABa+GB+diO0jLTeQeA=,tag:08E7O/voRSNc7wt8upJojQ==,type:str]
hedgedoc: hedgedoc:
env: ENC[AES256_GCM,data:30kDNwJA/nL2/l1gSVPWgFYIrrxnhKbsQPaS1MqeaggjDpPxyNOhSLf5/p5Z5S/jDuJapevpQR70hfAM8g3gLRNIFtP38V/8w0lUngpuz6MzL7THdNfbabOKsHpNht+nxwGXE1YSd0D4OuX5ll5pLWT8nQtNhhOzuYmDIJ/Xc01lmcGc2ThsA0GlkWZxUw==,iv:ht6BiCYJReWFoR1zpo/X0bcgMV9tYfXUM7Re2ngEk4M=,tag:XrlYHyhVujhhWul3czSTDg==,type:str] env: ENC[AES256_GCM,data:30kDNwJA/nL2/l1gSVPWgFYIrrxnhKbsQPaS1MqeaggjDpPxyNOhSLf5/p5Z5S/jDuJapevpQR70hfAM8g3gLRNIFtP38V/8w0lUngpuz6MzL7THdNfbabOKsHpNht+nxwGXE1YSd0D4OuX5ll5pLWT8nQtNhhOzuYmDIJ/Xc01lmcGc2ThsA0GlkWZxUw==,iv:ht6BiCYJReWFoR1zpo/X0bcgMV9tYfXUM7Re2ngEk4M=,tag:XrlYHyhVujhhWul3czSTDg==,type:str]
vaultwarden: vaultwarden:
@@ -58,7 +59,7 @@ sops:
ZVp5RHU2U1ppakJCMFozWUNGSXhvNkkKDVPJGjPDaX+n3v27PBdMyk9kuzXnRIop ZVp5RHU2U1ppakJCMFozWUNGSXhvNkkKDVPJGjPDaX+n3v27PBdMyk9kuzXnRIop
h5XGRkJHTC4emo8zgKpBfByEb2fkBSL3k2ffZbVYtxrpupVBmT1Uqw== h5XGRkJHTC4emo8zgKpBfByEb2fkBSL3k2ffZbVYtxrpupVBmT1Uqw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2025-11-14T22:36:00Z" lastmodified: "2026-03-29T13:20:56Z"
mac: ENC[AES256_GCM,data:H//LCiMw1wE7IDFvKf/QEhOlAjx83R4bxGCE9g4lG0dg2V9LD2bWOq2FVGUrMxw350Rj8CFIWaS5ZolGOvUetbDiQTlqayXi7OArGKBkJphoAdr2rskGYVULmB90a4wp1Fq9oIW2ZjbeURQkwybGJzBTCXFRNWp1VcY1STxzlR8=,iv:DWNLKAcscWIUZ9n46I3dssCM7416oGdsY/mPy1YzrJA=,tag:Q03jAMKSDJw5HmFb9i3Hxg==,type:str] mac: ENC[AES256_GCM,data:1nf8TodfK9B85SOql0enViCNQGU+diIfWhBWN+RrUFVX/5snso76j+/XlhSU7vck9Z+LB2f+2p4GyMbC0Y8CRMyiiszoINlOE1EljYI+iUZuj8iKUfOvtOAEUk1MXahu7Z8yYDD89aFQ47CoHEVaYnIzZQIrqvJauKilt9TpiO0=,iv:fC8wInBTPnUa+6L04nfv3tt5ohggwjZrnrO5vjiGIYo=,tag:jcjWezEriykPl44iRxgd0Q==,type:str]
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.11.0 version: 3.12.1