diff --git a/nixos/boxes/colony/vms/shill/containers/vaultwarden.nix b/nixos/boxes/colony/vms/shill/containers/vaultwarden.nix index 0dd19d6..95b2f40 100644 --- a/nixos/boxes/colony/vms/shill/containers/vaultwarden.nix +++ b/nixos/boxes/colony/vms/shill/containers/vaultwarden.nix @@ -21,7 +21,6 @@ inherit (lib.my) networkdAssignment; vwData = "/var/lib/vaultwarden"; - vwSecrets = "vaultwarden.env"; in { config = mkMerge [ @@ -31,12 +30,12 @@ server.enable = true; secrets = { - key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILakffcjRp6h6lxSOADOsTK5h2MCkt8hKDv0cvchM7iw"; - files."${vwSecrets}" = {}; + key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFP2mF50ENpnJnr+VTnG9P+JFPjgwvoIxCLyJPzXRpVy"; + files."vaultwarden.env" = {}; }; firewall = { - tcp.allowed = [ 80 3012 ]; + tcp.allowed = with config.services.vaultwarden.config; [ ROCKET_PORT WEBSOCKET_PORT ]; }; tmproot.persistence.config.directories = [ @@ -57,14 +56,30 @@ vaultwarden = { enable = true; config = { - dataFolder = vwData; - webVaultEnabled = true; + DATA_FOLDER = vwData; - rocketPort = 80; - websocketEnabled = true; - websocketPort = 3012; + WEB_VAULT_ENABLED = true; + + WEBSOCKET_ENABLED = true; + WEBSOCKET_ADDRESS = "::"; + WEBSOCKET_PORT = 3012; + + SIGNUPS_ALLOWED = false; + + DOMAIN = "https://pass.${lib.my.pubDomain}"; + + ROCKET_ADDRESS = "::"; + ROCKET_PORT = 80; + + SMTP_HOST = "mail.nul.ie"; + SMTP_FROM = "pass@nul.ie"; + SMTP_FROM_NAME = "Vaultwarden"; + SMTP_SECURITY = "starttls"; + SMTP_PORT = 587; + SMTP_USERNAME = "pass@nul.ie"; + SMTP_TIMEOUT = 15; }; - environmentFile = config.age.secrets."${vwSecrets}".path; + environmentFile = config.age.secrets."vaultwarden.env".path; }; }; } diff --git a/secrets/dhparams.pem.age b/secrets/dhparams.pem.age index 7e40522..e1af127 100644 Binary files a/secrets/dhparams.pem.age and b/secrets/dhparams.pem.age differ diff --git a/secrets/estuary/netdata/powerdns.conf.age b/secrets/estuary/netdata/powerdns.conf.age index 4e829be..2ac2ea6 100644 Binary files a/secrets/estuary/netdata/powerdns.conf.age and b/secrets/estuary/netdata/powerdns.conf.age differ diff --git a/secrets/estuary/netdata/powerdns_recursor.conf.age b/secrets/estuary/netdata/powerdns_recursor.conf.age index 31c2249..27dacbf 100644 --- a/secrets/estuary/netdata/powerdns_recursor.conf.age +++ b/secrets/estuary/netdata/powerdns_recursor.conf.age @@ -1,10 +1,9 @@ age-encryption.org/v1 --> ssh-ed25519 n8CpUw z/wgsbTnvMwnFg5jjtMDHkQ7wPz2SY8oCdNFIFEuuBo -DM1P19QwM8TmG0fBw52BjUPfCkimf7dvMMu86KZg2Eo --> X25519 xdsqtPpZaQJN3yvgulASl0OdIy+HH5BzXkRGrK0Sakg -KR4gj4pafDrInLyz1WhV/AAuEbDWLrOKP9O7dzBnsQg --> y.-grease G5C+_ u7nR &.w1r}G 8tS -VUr+ZkK8wWhZwwhRGFVRXjnjiW1c5BIArlNylTrK8OwCNQ ---- fIl+/aQf4mqtRC0gTbQQkRLtFCIB9UiP4BxxTyYG4y4 -��@��0AQ��A�8lh;%���T� *D��s�B�u>ۼ�l�z݁F�U -�r�ߙ �V=���[�-s9�SG�ߚ�ǝ������s�'�pu�!�"��ה�Y{�<~����Qu#e����J�����g�%�N \ No newline at end of file +-> ssh-ed25519 n8CpUw +a8D5DCZQCK5Yv/U+ApOAP8TxcA7cjAXG2aulHdQG2I +9WDr8i1YxZ29daFIeT0yDwhHPNvx87JmBp/Rg5cFOJI +-> X25519 tDJjrmPEM9C5JmjhCkXo2a15u0pGubRRuae1xxaFPD8 +tGH3wzDZJzK4BbozX2z9T2yXabriR2fdg4ZVO3KZk/g +-> SQa:-&-grease g ~"{ :m <Jo\5dz +o9KTHn70+oFLRHA +--- i/1z+jWIvlhCTq08UYqceDpaRe6CJJr8remSB6LVAH0 +L����e�S�C���ނ��[��ȡcѴ��C@ټjvvy��ל1����a�c�z�n7Ya=~"�J'���H��RZ��,����{���F�1[�KI^����|��%Yh`�Gx��$�5�RC�z0�t�0�u���Ɠ5^��� \ No newline at end of file diff --git a/secrets/estuary/pdns/auth.conf.age b/secrets/estuary/pdns/auth.conf.age index 5e27ccf..43f4fac 100644 --- a/secrets/estuary/pdns/auth.conf.age +++ b/secrets/estuary/pdns/auth.conf.age @@ -1,10 +1,9 @@ age-encryption.org/v1 --> ssh-ed25519 n8CpUw vrmqoaNTgD3vR/JjMEzDtFtuJdOgOG1cAF/K4wVxpAA -ICuTWokXdt8vKHwFO/HsAOSR4mdjP1XtG2dRpwReQe4 --> X25519 O3v69z65PU313Q9V9OFwpIVfgffCn3AEbIRZemogMVo -3UqbO6tA+e0kWGxgR1NyomaA9asEkUbDUvTCdHcvJ1c --> N-grease Y3 a[ -PBZW+W7X/tuOu1IF8spvn59M1kNAGUP7+DTbLUjlqndzGMaBJ84CJw+CAPC+Md1I -1iqulKt6UAAFkpY ---- DQ8K63M3As26s09GVGc/nEUm/qstY0AN5yiCQ1PXKaM -��������pf����5.�-y��i������a�1�ʕ�J�O��"�K��Bȋ-�EJ _\_�y�={]YQ"�� \ No newline at end of file +-> ssh-ed25519 n8CpUw DOBT0UVIyRCCL6hLk/F1El4MbtNYskMz+IMjD4UuOns +NT0PRGlEpQ3YcxHEUdw/90QhD8xGar6id17maVwUdb0 +-> X25519 c/SwQBGz826ezLHbZfOPNr0uhqFK6RTvxEA8HDb7+xY +rZa2TqG0icjqMLFE79ouCFqsInQHe7a4FsaY8sPiDl8 +-> 0A*gt-grease F:X-O^ + +--- 6nJnd0CERDygNJnpVCIrKQhpmUQJisAV/HgX1RYyf9Q +���<�*��IR� iq��D��O��k�O�s���:-����]�@ch.��O� UMEW%kV�C[�r� \ No newline at end of file diff --git a/secrets/estuary/pdns/recursor.conf.age b/secrets/estuary/pdns/recursor.conf.age index b5ac83d..97f501d 100644 --- a/secrets/estuary/pdns/recursor.conf.age +++ b/secrets/estuary/pdns/recursor.conf.age @@ -1,10 +1,9 @@ age-encryption.org/v1 --> ssh-ed25519 n8CpUw p36/Gp3jTdXE3AGFhHm9J2p0KuPRKq372go8Rplee34 -VV7OAGrst1gVp4oiFBMHRQzRrPYKQVOiTKJY/uxGPSQ --> X25519 zVxW9hWqbNkZwkxbmr+84vx/ePe6SMob8Nn3lQ5NXFY -YwbLgoNYDYmtHfeFyBR7YwpqHrYN2AV2w7zACz4px0U --> R;D)YDog-grease l 5Im2tR&` -/dg2cnvcyLH/LvhFQTukBOgqLv+nYrzyDJimzS9SqY2scN7q0V9lDrx/KYKVeeWi -jUnKsIt9bq2gXAXKnT2GqnHWBbixMUrqLxax/nSTVOT4g0fjrBkWPg ---- bkRusUuDjD0EzR2YvikUhjbFQ86HeGUluxSuf/kfbH0 -v�!��SL�����[�^}�ya+�ɓ�a�I'��(��+�zu�e�#��e�q`�:�n��� \ No newline at end of file +-> ssh-ed25519 n8CpUw WXvPv4yho+cwBrLItO/C+ilUzV2OW9ok+JOZJFPXnCs +hJWK6VyAs3BWeLelIfYSmncY9DNqfyxFg8zn3iFsnNY +-> X25519 oJvXbZqzokFmN+5WpH/G0KMQvY2UFkZ7SEQEXzpNeAY +F7GBoHwPKSfioaR4YLsH7WTBeopUVXH8FYAzIy1C8Sg +-> Vvm6>F-grease y =5;b4O4 (%y Pp& +ULDWg4Kh5gcCpSSsi9vXqXSYkPEtyrvfoTxSaY59gA +--- 95OJTatGi3+dxqaTpHfqZc4987YDyi3TNGTNEwjQe+Y +�*S����C/�O�!�S^:B*K[F��A��q;�昸�WT�&s7�X��M��τ�Ԉ�p;��|�0SJ� \ No newline at end of file diff --git a/secrets/jackflix-wg-privkey.txt.age b/secrets/jackflix-wg-privkey.txt.age index 752e508..c443dc1 100644 --- a/secrets/jackflix-wg-privkey.txt.age +++ b/secrets/jackflix-wg-privkey.txt.age @@ -1,10 +1,9 @@ age-encryption.org/v1 --> ssh-ed25519 vf+WVg KhusLFATFrmnujHs1WV+VR+MPktHASs+Wj82s35pfig -IXeX1fHQ/0CbC2D22aQLY9TnaPnW0u6iMPr0aimAxvs --> X25519 4hQH9z/z4JF7chKf7P3L+eorQHojuEf51YukjyKaf2Q -Ce623tTN1jGwbKnHPbnDpJMGG3KdZCd3kM1fBzC+mqI --> :(-grease mxbrVm> -rZKeB2I+ThUqHOB43Icv91gDI6J+1yYknWHul0/Uv0LDSgSKBpIhYv4Gkd/mOnPS -Ow ---- bEHjGQBQ60BLD9cnDjg+oR0W3HOwLgADCqX3yqrwjHk -�����y�M��㤁�X�Ϛ�&u(���Hq�f�dzR�x(G�t�{���r� �v?��3�ɷ����Ղ� Yː+� \ No newline at end of file +-> ssh-ed25519 vf+WVg 46AUsv9pdxNRa3OqRbBhNCZ4mtmeoQ2/DPBTSiEiZTQ +Ib4PHWRKr1x9hcxjY+DQMpahA3dpTyFzYRZ9JFzcLNc +-> X25519 lm03ugY8fnUPThuqOA1zkDjLgF7swWURECXYD+lXZlY +dW9tb6Bv+7ofIhZHV0E5Hq4jhtHMDC0wgQ+trMaPLUE +-> @-grease {3]QG.2I OR(T <FkdN$|= +3ktwWgIO8kgJ1GPY +--- aOCS82AO1gSIkgDRP4ISFP9Q/XVzyjzl9ShgpxPoWLk +%��0��_K�A���p��9l�i��ޱ�D=3�ڝ�Ƽ�?/��%�]5Y��r�}�S�a����|�1J���F�� \ No newline at end of file diff --git a/secrets/middleman/cloudflare-credentials.conf.age b/secrets/middleman/cloudflare-credentials.conf.age index 7afdd58..5c23cd3 100644 Binary files a/secrets/middleman/cloudflare-credentials.conf.age and b/secrets/middleman/cloudflare-credentials.conf.age differ diff --git a/secrets/middleman/nginx-sso.yaml.age b/secrets/middleman/nginx-sso.yaml.age index e7c079e..8988c25 100644 Binary files a/secrets/middleman/nginx-sso.yaml.age and b/secrets/middleman/nginx-sso.yaml.age differ diff --git a/secrets/pdns-file-records.key.age b/secrets/pdns-file-records.key.age index 7957dbb..f0f95e3 100644 Binary files a/secrets/pdns-file-records.key.age and b/secrets/pdns-file-records.key.age differ diff --git a/secrets/synapse.yaml.age b/secrets/synapse.yaml.age index d936c7b..524c5bf 100644 Binary files a/secrets/synapse.yaml.age and b/secrets/synapse.yaml.age differ diff --git a/secrets/user-passwd.txt.age b/secrets/user-passwd.txt.age index 22d0bd0..19c9517 100644 Binary files a/secrets/user-passwd.txt.age and b/secrets/user-passwd.txt.age differ diff --git a/secrets/vaultwarden.env.age b/secrets/vaultwarden.env.age index 9ba340d..97bcf4c 100644 Binary files a/secrets/vaultwarden.env.age and b/secrets/vaultwarden.env.age differ