my nixos dotfiles :3 (git.koi.rip mirror)
git.koi.rip/koi/dotfiles
linux
dotfiles
neovim
nixos
catppuccin
seber: vaultwarden thing
+13
-14
+5
-4
secrets/email-pass-noreply.age
+5
-4
secrets/email-pass-noreply.age
···
1
1
age-encryption.org/v1
2
-
-> ssh-ed25519 IU0gwQ N77PqFkZAQmnkC3gd/ogr5wK25KxhNrticrFeA2Ogzc
3
-
+QxVc8IJ+s+Sh+znsDefnmab6UaAGm7HiVgC1sc+eMA
4
-
--- npO/2WmIs+WvKQli0vxMZ+k2Uv7NmJFV/OvtFWzE5n8
5
-
�
��*����|C���MY
�<� }�
��0F��mB�p�p~\j����E�1�
2
+
-> ssh-ed25519 IU0gwQ QylBSden7PZqCgBNAbOvpY0cskykhdU8IbbKg6zMVEs
3
+
UgJo1fzBMKYJHKDPWay+/UVGOQtYIprwuvD+6RBZcJE
4
+
--- xTEo5EA+CNlFbSISmZmzif6MYAePZFS2HExuRI1PwXg
5
+
Œ
�V����e��e�4W�y
6
+
,&@�F�hxQ��s�3�
������zA>���Y
+1
-4
secrets/secrets.nix
+1
-4
secrets/secrets.nix
···
7
7
"jellyfin-rpc.json.age".publicKeys = [ koi ];
8
8
9
9
"email-pass-me.age".publicKeys = [ koi ];
10
-
"email-pass-noreply.age".publicKeys = [
11
-
koi
12
-
seber
13
-
];
10
+
"email-pass-noreply.age".publicKeys = [ koi ];
14
11
15
12
"vaultwarden.env.age".publicKeys = [ seber ];
16
13
"ssl-koi.cert.pem.age".publicKeys = [ seber ];
-5
systems/seber/default.nix
-5
systems/seber/default.nix
···
49
49
age = {
50
50
identityPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
51
51
secrets = {
52
-
vaultwarden-env = {
53
-
file = ../../secrets/vaultwarden.env.age;
54
-
mode = "0400";
55
-
owner = "vaultwarden";
56
-
};
57
52
ssl-koi-cert = {
58
53
file = ../../secrets/ssl-koi.cert.pem.age;
59
54
mode = "0440";
+7
-1
systems/seber/services/vaultwarden.nix
+7
-1
systems/seber/services/vaultwarden.nix
···
1
+
{ config, ... }:
1
2
{
3
+
age.secrets.vaultwarden-env = {
4
+
file = ../../../secrets/vaultwarden.env.age;
5
+
owner = "vaultwarden";
6
+
};
7
+
2
8
services.vaultwarden = {
3
9
enable = true;
4
-
environmentFile = "/run/agenix/vaultwarden-env";
10
+
environmentFile = config.age.secrets.vaultwarden-env.path;
5
11
config = {
6
12
DOMAIN = "https://vault.koi.rip";
7
13
SIGNUPS_ALLOWED = false;