upRootNutrition/dotfiles
upRootNutrition/dotfiles
1
0
Fork 0
mirror of https://gitlab.com/upRootNutrition/dotfiles.git synced 2025-12-13 18:10:54 -06:00
Code Issues Projects 1 Releases Packages Wiki Activity Actions

feat: project vaultwarden unfucked

Browse source
This commit is contained in:
Nick 2025-12-11 00:43:45 -06:00
parent a262bd483d
commit 2b1a44d591
6 changed files with 34 additions and 17 deletions
Download patch file Download diff file Expand all files Collapse all files

2
modules/config/instances/config/vaultwarden.nix
View file

@ -70,7 +70,7 @@ in
macUser = "02:00:00:00:00:01"; macUser = "02:00:00:00:00:01";
ip = "192.168.50.111"; ip = "192.168.50.111";
gate = "192.168.50.1"; gate = "192.168.50.1";
ssh = 2201; ssh = 2685;
}; };
paths = { paths = {
varPaths = { varPaths = {

14
modules/nixos/homelab/guests/vaultwarden/config/default.nix
View file

@ -19,6 +19,10 @@ in
host, host,
mnt, mnt,
inter, inter,
smtpFrom,
smtpHost,
smtpPort,
smtpUser,
}: }:
{ {
microvm.vms = { microvm.vms = {
@ -40,11 +44,11 @@ in
# Email Configuration # Email Configuration
SMTP_AUTH_MECHANISM = "Plain"; SMTP_AUTH_MECHANISM = "Plain";
SMTP_EMBED_IMAGES = true; SMTP_EMBED_IMAGES = true;
SMTP_FROM = smtpCfg.interfaces.interface0.email; SMTP_FROM = smtpFrom;
SMTP_FROM_NAME = serviceCfg.label; SMTP_FROM_NAME = serviceCfg.label;
SMTP_HOST = smtpCfg.interfaces.interface0.domain; SMTP_HOST = smtpHost;
SMTP_PORT = smtpCfg.ports.port0; SMTP_PORT = smtpPort;
SMTP_USERNAME = smtpCfg.interfaces.interface0.email; SMTP_USERNAME = smtpUser;
SMTP_SECURITY = "starttls"; SMTP_SECURITY = "starttls";
# Security Configuration # Security Configuration
@ -78,7 +82,9 @@ in
}; };
networking.firewall.allowedTCPPorts = [ networking.firewall.allowedTCPPorts = [
22 22
465
587 587
2525
serviceCfg.ports.port0 serviceCfg.ports.port0
]; ];
systemd = { systemd = {

19
modules/nixos/homelab/guests/vaultwarden/vaultwardenCeres/default.nix
View file

@ -7,20 +7,25 @@ let
inherit (import ../../../helpers.nix { inherit flake; }) labHelpers; inherit (import ../../../helpers.nix { inherit flake; }) labHelpers;
inherit (labHelpers) mntPath; inherit (labHelpers) mntPath;
inherit (import ../config { inherit flake; }) vaultwardenVM; inherit (import ../config { inherit flake; }) vaultwardenVM;
inherit (flake.config.people) user0; inherit (flake.config.services) instances;
inherit (flake.config.services.instances) vaultwarden;
interface0Cfg = vaultwarden.interfaces.interface1; interface0Cfg = instances.vaultwarden.interfaces.interface1;
smtpCfg = instances.smtp;
host = flake.inputs.linkpage.secrets.domains.projectsite;
vaultwardenNick = vaultwardenVM { vaultwardenProject = vaultwardenVM {
user = user0; user = "project";
ip = interface0Cfg.microvm.ip; ip = interface0Cfg.microvm.ip;
mac = interface0Cfg.microvm.mac; mac = interface0Cfg.microvm.mac;
userMac = interface0Cfg.microvm.macUser; userMac = interface0Cfg.microvm.macUser;
ssh = interface0Cfg.microvm.ssh; ssh = interface0Cfg.microvm.ssh;
mnt = mntPath; mnt = mntPath;
inter = "enp0s5"; inter = "enp0s5";
host = "${interface0Cfg.subdomain}.${flake.inputs.linkpage.secrets.domains.projectsite}"; host = "${interface0Cfg.subdomain}.${host}";
smtpFrom = "noreply@${host}";
smtpHost = smtpCfg.interfaces.interface0.domain;
smtpPort = smtpCfg.ports.port1;
smtpUser = "noreply@${host}";
}; };
in in
vaultwardenNick vaultwardenProject

9
modules/nixos/homelab/guests/vaultwarden/vaultwardenEris/default.nix
View file

@ -8,9 +8,10 @@ let
inherit (labHelpers) guestPath; inherit (labHelpers) guestPath;
inherit (import ../config { inherit flake; }) vaultwardenVM; inherit (import ../config { inherit flake; }) vaultwardenVM;
inherit (flake.config.people) user0; inherit (flake.config.people) user0;
inherit (flake.config.services.instances) vaultwarden; inherit (flake.config.services) instances;
interface0Cfg = vaultwarden.interfaces.interface0; interface0Cfg = instances.vaultwarden.interfaces.interface0;
smtpCfg = instances.smtp;
vaultwardenNick = vaultwardenVM { vaultwardenNick = vaultwardenVM {
user = user0; user = user0;
@ -21,6 +22,10 @@ let
mnt = guestPath user0; mnt = guestPath user0;
inter = "enp0s5"; inter = "enp0s5";
host = interface0Cfg.domain; host = interface0Cfg.domain;
smtpFrom = smtpCfg.interfaces.interface0.email;
smtpHost = smtpCfg.interfaces.interface0.domain;
smtpPort = smtpCfg.ports.port1;
smtpUser = smtpCfg.interfaces.interface0.email;
}; };
in in

5
secrets/secrets.yaml
View file

@ -28,6 +28,7 @@ minecraft:
nick-world02: ENC[AES256_GCM,data:tEh+uThkn8VczSjviU58/vBUmyKBfiA7tnYiBsIlgjSb,iv:yfQvffZ3AlT4lpfEkBT5gVacogaQoIZSim+gpoD7LkU=,tag:E7matzOY08rapIxaW9lOdg==,type:str] nick-world02: ENC[AES256_GCM,data:tEh+uThkn8VczSjviU58/vBUmyKBfiA7tnYiBsIlgjSb,iv:yfQvffZ3AlT4lpfEkBT5gVacogaQoIZSim+gpoD7LkU=,tag:E7matzOY08rapIxaW9lOdg==,type:str]
vaultwarden: vaultwarden:
nick-env: ENC[AES256_GCM,data:lG7pqpLJ7OsFZhWCJcPnvDxkR4Ob78buazUeLWlRSAPYEv8KarymYduecJNWCZUjUlysoU5YrHaat8tny+Vl2rYdef8oPfqlf7fITofsdmjHhAGUBJEEVQWLyEXqrEebEyeNKZwI+u8=,iv:SNptt0CPcSCTs6AAWLcC+U0/94oQapqmT1K8ZN/bIfM=,tag:2/1A+DwuWOIr0eoJmZTnwA==,type:str] nick-env: ENC[AES256_GCM,data:lG7pqpLJ7OsFZhWCJcPnvDxkR4Ob78buazUeLWlRSAPYEv8KarymYduecJNWCZUjUlysoU5YrHaat8tny+Vl2rYdef8oPfqlf7fITofsdmjHhAGUBJEEVQWLyEXqrEebEyeNKZwI+u8=,iv:SNptt0CPcSCTs6AAWLcC+U0/94oQapqmT1K8ZN/bIfM=,tag:2/1A+DwuWOIr0eoJmZTnwA==,type:str]
project-env: ENC[AES256_GCM,data:WPn7jfCTsG67AIz4wawJeThK4kzMRaq6aPQ2W1Pcc2afNXtCWe0f9JuzH9ld6zgiO2wDu1SHQBT2Aagdt4vop/mBDq15YnpzEL30afiRtFjKJPu5BxMU9mEjerE=,iv:vVVmN6Tx1tNUODdb+6lz2L1cnLHwUwsETb3WMCKb2rY=,tag:twOhJmx/B+k4Zqb566KKCw==,type:str]
dns: dns:
namecheap: ENC[AES256_GCM,data:Afxyf4cHvdnPIXYoPN3viBOzzqUOeRs3YjQ5ugerlnL9H4iSf/iAsxyzHYysOgZ/9xc0OWt6G6A7cEZHW4i82MX1+mLbvWN5ir1iHL73RtesC14=,iv:3XMTQ4TNL7iXPYFLSa+BapSgqILYuM6ZaQLMQZSJ2pc=,tag:PO69wRhCoey+CwPgnOOR6A==,type:str] namecheap: ENC[AES256_GCM,data:Afxyf4cHvdnPIXYoPN3viBOzzqUOeRs3YjQ5ugerlnL9H4iSf/iAsxyzHYysOgZ/9xc0OWt6G6A7cEZHW4i82MX1+mLbvWN5ir1iHL73RtesC14=,iv:3XMTQ4TNL7iXPYFLSa+BapSgqILYuM6ZaQLMQZSJ2pc=,tag:PO69wRhCoey+CwPgnOOR6A==,type:str]
cloudflare: ENC[AES256_GCM,data:H0ODjZvDZpaicYwM1qX1V05iaiCsJMUo5aIZYVzQ2bGvsVA+nQYKy7i1qCNbG796WmBOvUJOo1XJHsceTyfGB7rQpgs103RA0CXmc9WfvU74tsER+sVbnCxsGrG1kvyZvD80ACsx53s6j9nXkZO2m7uZgdM8LbEEaj/CVOMDg39YWWKwug==,iv:EALcT+2ES7q/4zEwUXDsyrDzSZnUCsYtYZLIU3xNJQs=,tag:RTyPzUpMcrQtDT4UKn4SNw==,type:str] cloudflare: ENC[AES256_GCM,data:H0ODjZvDZpaicYwM1qX1V05iaiCsJMUo5aIZYVzQ2bGvsVA+nQYKy7i1qCNbG796WmBOvUJOo1XJHsceTyfGB7rQpgs103RA0CXmc9WfvU74tsER+sVbnCxsGrG1kvyZvD80ACsx53s6j9nXkZO2m7uZgdM8LbEEaj/CVOMDg39YWWKwug==,iv:EALcT+2ES7q/4zEwUXDsyrDzSZnUCsYtYZLIU3xNJQs=,tag:RTyPzUpMcrQtDT4UKn4SNw==,type:str]
@ -88,7 +89,7 @@ sops:
bXBOa1VSakoyaWxpODJEOU11QUZCaUEK8Ch9Ten3DdrPHF1DTH2qei85AlHUOaLD bXBOa1VSakoyaWxpODJEOU11QUZCaUEK8Ch9Ten3DdrPHF1DTH2qei85AlHUOaLD
aNfzakake7ej+MxJYdKEU0bcWofNMKzIlZa2uM10KZSENDP8d8qlig== aNfzakake7ej+MxJYdKEU0bcWofNMKzIlZa2uM10KZSENDP8d8qlig==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2025-12-10T06:36:31Z" lastmodified: "2025-12-11T06:23:26Z"
mac: ENC[AES256_GCM,data:8juvjbgS2dM8KMJwRjXlf7GH5pSPkn9y+RmJ6ZNJLPeUKl7OONY/0iAKCdzLJUyT2lWszRAuL0lLahumqjT/DowwBODBv4RmkM8z/FYpY6emEe9PY8ZLs+QXGfiUavJX2Y98QIkEQCp3Ad+dmQzwHpYm2iYV2gUBtX2QH+NkfEk=,iv:ty71OQjZC0Z+G8verBOBUIKx+aZ9NDwx6sf5BbmYcW0=,tag:uAdU1a5g0elRGyCTH0PETA==,type:str] mac: ENC[AES256_GCM,data:VrgQfX3d83bU2pF5XCj/el8wKa/9rYTWEDy2ALFOc6dmMpV9zFNlnld4lJAyms9MfkXXxG2oLv5flT8NN+JAy0Wr8tEFyS2hUOJ8Q/l1GEwuf8pqdafzKuG4VaeViBC7oIcPM3kiQHEHiNg3GUKynEUl9/eiKzU7Y20qLvUQDcc=,iv:phTXlKjFryRwUnZARtsdoTrK5bfmI3NC7qPvFXezfpc=,tag:3I3/QvdREv+1ZLOhMOJV1A==,type:str]
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.11.0 version: 3.11.0

2
systems/mars/config/wireguard.nix
View file

@ -17,7 +17,7 @@ in
sops = sops =
let let
sopsPath = secret: { sopsPath = secret: {
path = "${service.sops.path0}/${service.name}-${secret}"; # path = "${service.sops.path0}/${service.name}-${secret}";
owner = "root"; owner = "root";
mode = "600"; mode = "600";
}; };