From 0983318065efcd2220d94ded7811f68b6db46bf6 Mon Sep 17 00:00:00 2001
From: Infinidoge <infinidoge@inx.moe>
Date: Thu, 31 Aug 2023 13:47:19 -0400
Subject: [PATCH] Infini-SERVER: setup vaultwarden

---
 hosts/Infini-SERVER/default.nix     |  24 ++++++++++++++++++++++++
 hosts/Infini-SERVER/filesystems.nix |   6 ++++++
 secrets/secrets.nix                 |   1 +
 secrets/vaultwarden.age             | Bin 0 -> 1426 bytes
 4 files changed, 31 insertions(+)
 create mode 100644 secrets/vaultwarden.age

diff --git a/hosts/Infini-SERVER/default.nix b/hosts/Infini-SERVER/default.nix
index 4880349..9175791 100644
--- a/hosts/Infini-SERVER/default.nix
+++ b/hosts/Infini-SERVER/default.nix
@@ -42,6 +42,7 @@
       "/var/log"
       "/var/lib/systemd/coredump"
       "/var/lib/tailscale"
+      "/var/lib/bitwarden_rs"
 
       "/srv"
     ];
@@ -61,6 +62,8 @@
   age.secrets."inx.moe.pem".group = "nginx";
   age.secrets."inx.moe.key".owner = "nginx";
   age.secrets."inx.moe.key".group = "nginx";
+  age.secrets."vaultwarden".owner = "vaultwarden";
+  age.secrets."vaultwarden".group = "vaultwarden";
 
   services = {
     nginx =
@@ -95,9 +98,30 @@
               proxyPass = "http://localhost:8000";
             };
           };
+          "bitwarden.inx.moe" = ssl // {
+            locations."/" = {
+              proxyPass = "http://localhost:${toString config.services.vaultwarden.config.ROCKET_PORT}";
+            };
+          };
         };
       };
 
+    vaultwarden = {
+      enable = true;
+      environmentFile = config.secrets."vaultwarden";
+      config = {
+        DOMAIN = "https://bitwarden.inx.moe";
+        SIGNUPS_ALLOWED = false;
+
+        ROCKET_ADDRESS = "localhost";
+        ROCKET_PORT = 8222;
+        ROCKET_LOG = "critical";
+
+        PUSH_ENABLED = true;
+        PUSH_RELAY_URI = "https://push.bitwarden.com";
+      };
+    };
+
     nitter = rec {
       enable = true;
       server = {
diff --git a/hosts/Infini-SERVER/filesystems.nix b/hosts/Infini-SERVER/filesystems.nix
index e47d012..de827e9 100644
--- a/hosts/Infini-SERVER/filesystems.nix
+++ b/hosts/Infini-SERVER/filesystems.nix
@@ -53,6 +53,12 @@ in
       neededForBoot = true;
     };
 
+    "/persist/var/lib/bitwarden_rs" = lib.mkIf (data != null) {
+      device = data;
+      fsType = "btrfs";
+      options = [ "subvol=root/var/lib/bitwarden_rs" ] ++ commonOptions;
+    };
+
     "/nix" = {
       device = main;
       fsType = "btrfs";
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index cc3face..5d9d484 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -22,4 +22,5 @@ in
   "binary-cache-private-key.age".publicKeys = allKeys;
   "inx.moe.pem.age".publicKeys = allKeys;
   "inx.moe.key.age".publicKeys = allKeys;
+  "vaultwarden.age".publicKeys = allKeys;
 }
diff --git a/secrets/vaultwarden.age b/secrets/vaultwarden.age
new file mode 100644
index 0000000000000000000000000000000000000000..aa245f9e7116d601a411f79a5b00cde24cdb5a38
GIT binary patch
literal 1426
zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCSH4%9b@bW}(#&rHgR
z@+}O@56;X93oX_zGS~MnD{=9R^wH0BDJc)nDmORwDoFKqEax(>$k+GK&NWI*^70Jx
zcg+aQ$;>v*&UQ-63Gg(_%krtT@F_{GO!fA6GeNg4)3U<d+fgCOEL}U&+snfvvDn3<
zFwZ$NBHSaw&@?;MKQbURCB-`@EzK}B!`sUu*pn+++s`StAk(NSDb>9yEhyYH&%df7
zEUz@RG|jO}JJ>SVJu%Izs?^y#$QRwVj4U7h%5nwcOc!&%D3{8LDt&zu<D^t4&!W(h
z5Yyy<tjZ`O6HmAFLj91S3=`Khw`?v?ixfkn?5xnzfV}KtAN?rjil|6~z>u^6gTM%b
zLQ8MgkVwN+vkX&hZBKOD+(V3lOVSk*gY(T3i!<|mO{@I0ODuybe2a}UybKcagDrE)
z%kl%#9CJ&Jf`Z+>!W_ArgUsB+Q^UQo0`tAKD?=*X6GP2P(){v*^CMj<k_`<@gQ8NS
zvMZtr9WBsp%XjpxEK64?a1F>dGf0YvvIq_IEUI+!bn(hG3rI1^_DRc1_V+N#EphUW
z2u^hOcemh*iYQ8oDs%Ho&CgB?C@D!XNJ%v=^wmx*Fe|An$tukV*EjHXD+@F<D^Ewa
zEzHv+D<WMXy<FeLB&8%Pv)sEP!@JVm+a=GhtkA+NqOiob%pfShxT4%o-^Wth(a?k|
zvBEVnAjhIIF|?@4&oZ^x!_6hawZz1<xZKDsC?qO7B)HT!tir@OssbaGxH}p7Mg=N(
zhDG{jnk9yYrI%@Y73WuGR9c!Bq&PVix_aps`gr@9mY4XLmqof18n|+KxH|d;X5<8<
zmPa`H<r(K^R0VlC2UNM`MkE?J8ycipW)-HF=~udVWxAsKEhMPGBfDI|Eh{P5*tIaM
zz@Vxk$UDo`&o3y<+}$ZEDmAkx*)=1*tlTp@Jv=KTC)k(E%gf9q-!sZMJJZW4-?*^U
zJ+dGt+~35b*fT5B+drzTD8k4xt1!UbDWDwPwj%F>psGNHDCfxJN`C_rvp{W&%)so-
zsw79}$cWPL3<D#VtnB2{2p=!kg3Q4DY}azG@FF+MOtY%&g7lD(0JA*LR2O|Oi&6ti
zx1dzRz>=g;1MR#*gPfuy3u8xg+br~5stU^$GW<Qt%$!pqssbw9GK(#|{C!=5N~@fV
zwF}IAy^T!^!qY3OJbZloT(i=-3=Pb}%#A#KiUV@p6Z2EEf;`egB1&9JJ)-hFT?@=Z
zTvC#}jKV@34HC0KwmE59>!uf_CKjhERGE8cRumO;c}19-2D?O=r6)UPW#_pShie<?
z2b39b>FVk#B$ZcYdleaFh8iV%=I1#ThxkPL`X>39SvVROgy;GATKcCO76$tzx@re<
zbsec*_T$M6$9=((ahx{i%69(K_`LtHkolMF?zb8LS2BH;&p$eAy~Ru65{~INH%46V
z=91(7&hk_In(KjI^NwHn`uKsm`|2b=(~AmE)TdgBt!MO>TUljVGW+N}p@w^Eoxhzv
z?|AlnzU7)s<AYCA?ycA;cq)pa;#B`%oje_txvxVWO*7smI^UiDV$Sr4Ue{yF7a}zs
z_?S=5JF_4>O!7|c)OWK_F7I0Z@;<xh{>-+|Mg<a&eHXdOYacyva>thB>9ywbdTWo)
Uo_|96{InvA*DpS~sh58P0C>XjTL1t6

literal 0
HcmV?d00001