okk.moe / homelab
🏡 my personal home lab
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

add vaultwarden

Jen Stehlik f023bce3 e166835a

+47 -2
+1
hosts/rk1-node-2.nix
··· 9 9 ../modules/fusion.nix 10 10 ../modules/wallos.nix 11 11 ../modules/bambuddy.nix 12 + ../modules/vaultwarden.nix 12 13 ]; 13 14 14 15 system.stateVersion = "25.11";
+3
modules/caddy.nix
··· 151 151 "wallos.goo.garden" = vhost '' 152 152 reverse_proxy rk1-node-2:8282 153 153 ''; 154 + "vault.goo.garden" = vhost '' 155 + reverse_proxy rk1-node-2:8222 156 + ''; 154 157 "bambu.goo.garden" = vhost '' 155 158 route /oauth2/* { 156 159 authenticate with bambuddy_portal
+38
modules/vaultwarden.nix
··· 1 + { config, ... }: 2 + { 3 + services.vaultwarden = { 4 + enable = true; 5 + dbBackend = "sqlite"; 6 + domain = "vault.goo.garden"; 7 + backupDir = "/var/backup/vaultwarden"; 8 + environmentFile = config.sops.templates."vaultwarden.env".path; 9 + config = { 10 + ROCKET_ADDRESS = "::"; 11 + ROCKET_PORT = 8222; 12 + SIGNUPS_ALLOWED = true; 13 + INVITATIONS_ALLOWED = false; 14 + 15 + SSO_ENABLED = true; 16 + SSO_ONLY = false; 17 + SSO_AUTHORITY = "https://id.goo.garden"; 18 + SSO_SCOPES = "email profile"; 19 + SSO_PKCE = true; 20 + SSO_SIGNUPS_MATCH_EMAIL = true; 21 + }; 22 + }; 23 + 24 + sops.templates."vaultwarden.env" = { 25 + content = '' 26 + ADMIN_TOKEN=${config.sops.placeholder.vaultwarden-admin-token} 27 + SSO_CLIENT_ID=${config.sops.placeholder.vaultwarden-oidc-client-id} 28 + SSO_CLIENT_SECRET=${config.sops.placeholder.vaultwarden-oidc-client-secret} 29 + ''; 30 + owner = "vaultwarden"; 31 + group = "vaultwarden"; 32 + }; 33 + sops.secrets.vaultwarden-admin-token = { }; 34 + sops.secrets.vaultwarden-oidc-client-id = { }; 35 + sops.secrets.vaultwarden-oidc-client-secret = { }; 36 + 37 + networking.firewall.allowedTCPPorts = [ 8222 ]; 38 + }
+5 -2
secrets/secrets.yaml
··· 39 39 garage-oidc-client-id: ENC[AES256_GCM,data:J5D3levHmxeWhmgMAjS9wPDk1SQ7u7vkY6nb8+iKozjsj/eI,iv:VcK/sGX+EXLBC6WVRFeWVp60xxDnnohzsVL8f7UGv9I=,tag:xRAxdeUr07xPa9aiNRK37Q==,type:str] 40 40 garage-oidc-client-secret: ENC[AES256_GCM,data:gxnreI30zNytCYJetu5YHA28QFnJeBbvgZVzhwAPtSM=,iv:05L77VFDETER3LH0zcPkf0FF5Y2DuXsX6huQYrEUGY4=,tag:9gKw2gOaDax9lev45+1+mA==,type:str] 41 41 garage-jwt-shared-key: ENC[AES256_GCM,data:tipooVIAIfyjkDB9r1fIjktUTfAfHYh0LehWTuTWI/qt6BLPROLfJWc+Zb9bGQMBCjACPWVWz0xc00d5Va6Neg==,iv:DcAb8LjE/TYzkZq79xJjAy3hjGgZ0XnAVtUFI5HbO7k=,tag:mpm7v73hVOhGU14ZSgvMBw==,type:str] 42 + vaultwarden-admin-token: ENC[AES256_GCM,data:sm4B+1koFQSwkjOx1ub+vh9msg0ktdyjrIWKqPwQD3Nz1TNFq6ZZJsqJ1ZbzlosL+FJFRpJqKIxH1fCqU9siChvAf5U2XSisPq1qwwaPnqinEySULTlRNaul1PAzf4T9to3/q6As72ZSREGxT88u722bEc3LlA==,iv:+H9n1e9bsuB2rqDeaT6G3RW7aze84tnU3ljCL+x2t0U=,tag:5N+GE/l/GmEqCRtEf0mNeg==,type:str] 43 + vaultwarden-oidc-client-id: ENC[AES256_GCM,data:qC+/znFvYK7+k1XAZ5PMrCah5NvQRVFJOokPqVXDiDLolMmc,iv:IS5V7XvpyB6+fs9plNliDUkwUJ8o9J8EExa2/rEZjf4=,tag:H2hc2UYsnRvw/ZxpPi62hg==,type:str] 44 + vaultwarden-oidc-client-secret: ENC[AES256_GCM,data:8768G1aahatoGO/p93uze0p+bH/qh5dSv0Fmoyk+fRM=,iv:Aa6TLX2+P+v68Lt15Lbln1Y/m+Cd52BB5O6rstNpOys=,tag:B1B2Srp51kYGDXZnPCuxhQ==,type:str] 42 45 mumble-password: ENC[AES256_GCM,data:/GA5G4CEVQ==,iv:Ri70GW9Ln7vv3Nf0CSNW0PwypLUNvh+kvJjUqu393ig=,tag:NY+u/RxcKudlaZStgnGVTw==,type:str] 43 46 backup-repository: ENC[AES256_GCM,data:v6tUjTwVsym8i52jcapjSRXPIjX2xNFY+bZRkHnVsp4AebcksHzHEDX6N4BF3OuQ2KepOfHngMn61Mk=,iv:HPV+8aCPpvFnytja6RUA7hJdtz2BMI1zsH01w1J9r2w=,tag:znMIFmrcsKTIq2TowhAV0w==,type:str] 44 47 backup-identity: ENC[AES256_GCM,data:8TJP7vSWJAj56AcczQhMRoQqahxM4EGzPm+wk1apMD+L3pybXh/4LPp0DNcGugOb3RPTyjki6jZArDgiirS+ltbldaNQPZaZ4cFrtiJVt8D/iQlsgM9tR8oC7bcR4KV+UoVeeXJN0fWqy5U+IzJ87ZRKKyb9i8WKhPuWFIftb4KqZRyada7jhl/SzwuoIcw9BagMJPLv6BaUmNp1j5fOHvo7RseImiIqsbVo37NTqMMQf7PKM5gsMU6bbeAMjtdeC2RNVG21eop8JlO5uYVyjGxyl5wfU+PwMSRc+XNpgeVEv9mjdo6dkG3QC2poHZ77ot4py6HzQPUZjwLyFsr0ccC4e6e0PNOBtTPtku/LnXHsV45LB9Q3X7t9VSYCTtlJul2W8huZuCRnv7crvIUW21ZMTWiwMbqNEqDUJTBcPLDi42Ea4CvA+I6ODJP8n5g7GTHW0ggy6FtjVXH5DzhzJJULQ27kq97EWi43bSRv0N+N5C1viM+j+hs6tM5eQ15niRVB,iv:YpRoGlD8YFxZ+RChb6T4Eh665AMTTeTJXRFR0xa7l3k=,tag:FWOVonF+SYbbgQoopa2lhA==,type:str] ··· 89 92 ajA5bDZCY1BnblVYRGQ1QTE2S2I4M2cKSIGmFBP6sqiiM+cvTMQuZHit9fN5Vffk 90 93 1pWz8xSen/tqoywqipRf3LqzFb2K7Bx15vwazHbm6LJJa+ZQaruVMg== 91 94 -----END AGE ENCRYPTED FILE----- 92 - lastmodified: "2026-04-07T21:05:32Z" 93 - mac: ENC[AES256_GCM,data:8cwQ2EvFwhLXHleSsa0LOXOrC2+p9tsk5KrkWX0Vm+fQhiNqEahihUCD0n30Ju4koBp3PaRHY1n+xOhlPGroeB8GF1J1Wsb0O1rWnOW80D98xE5NTdwuIPi+9RhtI3QuH9rVheFNfTzBNP4YZ7EIxWYSmWaEbptckivSSIoTrjM=,iv:OaK3axSjmv7HQDAOC5Wg8KH58ucco7Ix3OT6yNZgzhA=,tag:y9jbAFwc5a2FvwTPr6L4tg==,type:str] 95 + lastmodified: "2026-04-07T22:18:18Z" 96 + mac: ENC[AES256_GCM,data:eHfEGx5iWl4DJNFbtRpkJFEY/C0arAgQIZADl9a326KSYHX6NRmKkdsMLRbyuGYppatusNMdCkv/YlbKzHF1ljKXYp18EPwINRPwzO/XQKiFGs+vflT6/BvfHiZLhuqvthpmcXq1yXzbOfzubUIQAWBolO9AQdizzRgepQwoKu8=,iv:jRMHiagNb/N7g+54TOrzms5z1vZNMDiLnGvQwcXctM8=,tag:HqA5Qy2yqO6HDxZZlmPFww==,type:str] 94 97 unencrypted_suffix: _unencrypted 95 98 version: 3.12.2