From b3cb0c18de83d7c3096bca8faf92aad8cbb20a37 Mon Sep 17 00:00:00 2001 From: blake Date: Tue, 7 Oct 2025 22:15:26 -0500 Subject: [PATCH] 58 current 2025-10-07 22:06:01 25.05.20251001.5b5be50 6.12.49 * --- flake.nix | 2 +- modules/homelab/services/vaultwarden/default.nix | 8 ++++++++ secrets/secrets.yaml | 6 ++++-- 3 files changed, 13 insertions(+), 3 deletions(-) diff --git a/flake.nix b/flake.nix index f670045..c19769f 100644 --- a/flake.nix +++ b/flake.nix @@ -1,6 +1,6 @@ # flake for blakes nixos config # define new devices in outputs -# generation: 57 current 2025-10-07 22:04:21 25.05.20251001.5b5be50 6.12.49 * +# generation: 58 current 2025-10-07 22:06:01 25.05.20251001.5b5be50 6.12.49 * { description = "blakes nix config"; inputs = { diff --git a/modules/homelab/services/vaultwarden/default.nix b/modules/homelab/services/vaultwarden/default.nix index 5ba287f..01ad236 100644 --- a/modules/homelab/services/vaultwarden/default.nix +++ b/modules/homelab/services/vaultwarden/default.nix @@ -49,6 +49,7 @@ in ROCKET_ADDRESS = "0.0.0.0"; ROCKET_PORT = cfg.port; SIGNUPS_ALLOWED = true; + ADMIN_TOKEN = "${toString config.sops.secrets."vaultwarden_admin_token".path}"; EXPERIMENTAL_CLIENT_FEATURE_FLAGS = "fido2-vault-credentials,autofill-overlay,autofill-v2,inline-menu-positioning-improvements,ssh-key-vault-item"; # The following flags are available: # - "autofill-overlay": Add an overlay menu to form fields for quick access to credentials. @@ -89,6 +90,13 @@ in }; }; + sops.secrets = { + "vaultwarden_admin_token" = { + owner = "vaultwarden"; + group = "vaultwarden"; + }; + }; + # add to backups modules.system.backups.paths = lib.mkIf cfg.backup [ data_dir ]; }; diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml index f47bad6..801c36f 100644 --- a/secrets/secrets.yaml +++ b/secrets/secrets.yaml @@ -15,6 +15,8 @@ openvpn_pia_mexico_config: ENC[AES256_GCM,data:VsxrXpdrBpjP,iv:PIOTk/dADStM19EMw openvpn_pia_mexico_crt: "" #ENC[AES256_GCM,data:J5hSg63gcIAm6zwkfF6Q9rfbuPRN5c8=,iv:fHteY1NVvGRqpJUZ1LVOSfRh44OQM2UvuzJXgV8zsIY=,tag:UO6MmQwDzA/wYDwh+um6bw==,type:comment] openvpn_pia_mexico_crl: ENC[AES256_GCM,data:zmamIuZLOknT0GaEOxiwLSTAVRICxELuSgyJRigw4F3K368pttp07Frrt78ifVNMwtlCZMcMf0vMnXzsoWRvZv4VykgURVzlp/l66uYKmXuLtk349sNe79M/msLkZZEIlMtG47YxYZ92TKZdo0/u42nN3TtRNk2qt9V26AfOdcUxbz48AjFGnrxCHnsNGFES2EE5+6XRLRogsM3mBiozGjGA6S3xtOYpfXlQyyeNcI0I8a6qUWKkdRCOjTt4RsZ+aRiAB8bAXh/5MrYlZAUGUmRfmhlCXOGNNPSBHsqyOanWsi6jZkGJ61Y2qZMLj8VginFDWGbruK/lE3i6h8vBb40NxeoDNUPkcMGWRbUcdnFMUDCPrMMu80eRT2qe41806Dtx9C9nnyyl7MSeQ59Pk/fxXUeDUEzAew6xlcGPX1CtQQgUCCvUTarkWUNzZZqoveurT5k1GuVInASwWEjb+rTIYzjNBuFs55lIQhA+RuyzrdzY3Xfss4O7agREQCY4OqECT2IdtRhQvWch02gmFhjlsy8qk20pfkRo/uZBHOPZa+I9MB9ciNEFNN3FSg3/eJ0lfwZ6ZzcfPgs8FEsQVQzayaNpg8foLV9Ea0MQ87asSG+8nw6nc5KcVbsvkOBbWm5dojZ0laGvcQuSOxT12DFeNEjwCy3zi7M7b3keJvbx74YljUWXBnAN6HzTtLiJ3yLwE4ry/sDown9sHqoTaLSEXysIh2gUdDCU0CU1NY8baSlmeiToUw1GKFZg6EwdknT17Qj3tqNIa75V/cc+lmH9Lj1eAVONZUoFVBk4I0dDyZzVdfyyl2KyvM3iA90LGX6D3/2KX+vx23J+Ev7pcU537bXBesuZxVDQgLsRwnZDAre2AVkSdD4N9GM+qX6TpMR7XuwJ3YD1z39Jlg6dg4XAnh/EIlX3uYe75hxCEzRJsu/6xeYRsav59VJ9Kx7sxtOSpWhXl2TVYnmFWRwxy9Q5wwZs83mrDATtuSh+9BlT/9Pf1oRL1CnnTrrZLHotkKyD7bs80y5UFV03kgGwUbSCuk7S0YJI/PxKW7Mr1OZeUxh9OhcAqNxHV0wipLWqcJwQJ0pDiHOcySWASf6YadhHWxnBwUH8cy1XJ8mIkVAmWcJivzo4Z8CVyojPmTJicF4fp3/9gLj4yyzC+l5zQhJ8eAeh61mJyp/2tgSSEwPiPwr+vTsF8laYw+5hGhywFeuAxxhZ+5pQS9240um6EQ/Vf1UI1TOyyzHAPAdTMZmxS7tBAqajZLsMHR103Z1Fp8S/JRmExR+45jhKq9zLq14ngVAeffhCJzaHstQmtqR6sh/t3lUapk3K6yvIL3TfERNNi4D6yNuFq3ZJBSVgjjF/aqz7qFDevOWhmNgPoex9nivktnMnyPny9yJiZ1Miau8Ig58d0ERT3dcr+CqwxeZ1VKDIX9BAFt/vXYYJjrD9BwGRs5/CWJflkekuRtFPrWHybvs/nzudJ8ttdkJkkf1LwDN/pIwgv/AOCb6Ssjz2yg+gQRgPZ4kcmraHfF9U8damDoGGSGk6OnkOIoVhm5ytiZdgPSbT2KxvdllskF0rfZQPwKfgBygNLKcGMxJJthlQSWNKYLIUsn4/hVu3kAJb,iv:3aP68RCGWePhZC60IL1J5/d8kSPGzktfaDCek0NliQo=,tag:THNqQ501I4ERq/C4vXjg4A==,type:str] +#ENC[AES256_GCM,data:CO5nrcDbgymnEmCvuTexOBEMncuNM5lQ,iv:6HrxqSN6e7ODuz09MIFgPbIqDCKQySRDaKk5Wdu4HoQ=,tag:JBRjZeEdOg+trohfanO6Mg==,type:comment] +vaultwarden_admin_token: ENC[AES256_GCM,data:H+3DDWenelCooGAeXT4QjUOZDkTRN9xjfaVGkDrbB7TlHztqRpNBKreMmXVDvVabH49O9SvWDwNWRMSBOgFK5DHLfNld84l08qRpDrcyyUhaTIu2ksxM+f7eXbig/tZPjB81GD2LxeSVS6D61uWNP0U7FSuFIQ==,iv:VW1mojUn8u6WBPoAEPtHYSsfh7jL9N8iFeY8o+9/Hcc=,tag:Tnx5+Rk8H5bzFCPiKZmsRQ==,type:str] sops: age: - recipient: age14gfh682a7m7jfp3qrulql03x5rs7yedwmxwksxrrmgjsunstyuksqx93pz @@ -26,7 +28,7 @@ sops: U0tmdFBuZnJES3piOTZNV0VKQmQ0eVUKCWRQ/flLzmpC64WyLoipklZBmrkpYiUg PRu+itNolpPTHm96pe+P93g2iP0wgekG0cX21wkiU2xaLF3dY2FEIA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-10-08T00:52:48Z" - mac: ENC[AES256_GCM,data:sMxjWyci3hWpc4yMUl9SUMrvrnThGwIyqJYJzKQdMs85O8LhTryKOx0eK20jcIGY920i9j12PJVJ1O60pUYp2NZxqjM/0dhnMljKlIZI1ajfaJLWasgXcsPrWbx8Ihs3bzCupZQYKm+5hlOQJOeMtILYFyKjLcK75BhwzL/GbBA=,iv:tra1y2NCeUTjJYarssf30DOPUauH/sVWZil4z6+EoMI=,tag:wf6o1lDREhBFauF0+0R3/g==,type:str] + lastmodified: "2025-10-08T03:14:39Z" + mac: ENC[AES256_GCM,data:CIF0trgomPgDJToQoZsBB9PASTtZ8RU3fozz62Ju9r3LThbvU5irddZuxU3R4fpbAJTyy/nL5zqgYKJWfZc7oU/RqydkwJXBogIb8DmHhRxhIvlW5oLk2NaK//Fvk2+Pqen095myIqLaupyfeUqrSVeqWGF2zpGxDtJzb5o93yI=,iv:s+1Aja7QEemxQtukPMtMMdluejsZbg4cDa21JEP++7g=,tag:0XgJRyTNJ83gLWzCT4NtXg==,type:str] unencrypted_suffix: _unencrypted version: 3.10.2