From 633e0939695b3a9370cab5d9cc07ed200613770f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Motiejus=20Jak=C5=A1tys?= Date: Thu, 7 Sep 2023 13:04:38 +0300 Subject: [PATCH] vaultwarden: smtp and secrets --- flake.nix | 2 +- hosts/vno1-oh2/configuration.nix | 16 ++++++++++++---- secrets.nix | 2 +- .../{admin.env.age => secrets.env.age} | Bin 4 files changed, 14 insertions(+), 6 deletions(-) rename secrets/vaultwarden/{admin.env.age => secrets.env.age} (100%) diff --git a/flake.nix b/flake.nix index 050aa6f..b8fcb9e 100644 --- a/flake.nix +++ b/flake.nix @@ -64,7 +64,7 @@ age.secrets.borgbackup-password.file = ./secrets/vno1-oh2/borgbackup/password.age; age.secrets.grafana-oidc.file = ./secrets/grafana.jakstys.lt/oidc.age; age.secrets.letsencrypt-account-key.file = ./secrets/letsencrypt/account.key.age; - age.secrets.vaultwarden-admin-env.file = ./secrets/vaultwarden/admin.env.age; + age.secrets.vaultwarden-secrets-env.file = ./secrets/vaultwarden/secrets.env.age; age.secrets.synapse-jakstys-signing-key.file = ./secrets/synapse/jakstys_lt_signing_key.age; age.secrets.synapse-registration-shared-secret.file = ./secrets/synapse/registration_shared_secret.age; diff --git a/hosts/vno1-oh2/configuration.nix b/hosts/vno1-oh2/configuration.nix index 31de8be..ff2360c 100644 --- a/hosts/vno1-oh2/configuration.nix +++ b/hosts/vno1-oh2/configuration.nix @@ -419,6 +419,7 @@ ROCKET_LOG = "critical"; DOMAIN = "https://bitwarden.jakstys.lt"; SIGNUPS_ALLOWED = true; + INVITATION_ORG_NAME = "jakstys"; # TODO remove after 1.29.0 WEBSOCKET_ENABLED = true; @@ -428,12 +429,17 @@ SMTP_HOST = "127.0.0.1"; SMTP_PORT = 25; SMTP_SECURITY = "off"; - SMTP_FROM = "admin@jakstys.lt"; - SMTP_FROM_NAME = "jakstys.lt Bitwarden server"; + + #USE_SENDMAIL = true; + #SENDMAIL_COMMAND = "${pkgs.postfix}/bin/sendmail"; + #SMTP_FROM = "admin@jakstys.lt"; + #SMTP_FROM_NAME = "jakstys.lt Bitwarden server"; }; }; }; + users.users.vaultwarden.extraGroups = ["postdrop"]; + systemd.services = { caddy = let grafana = config.mj.services.nsd-acme.zones."grafana.jakstys.lt"; @@ -474,10 +480,12 @@ }; vaultwarden = { + preStart = "ln -sf $CREDENTIALS_DIRECTORY/secrets.env /run/vaultwarden/secrets.env"; serviceConfig = { - EnvironmentFile = ["$CREDENTIALS_DIRECTORY/admin.env"]; + EnvironmentFile = ["-/run/vaultwarden/secrets.env"]; + RuntimeDirectory = "vaultwarden"; LoadCredential = [ - "admin.env:${config.age.secrets.vaultwarden-admin-env.path}" + "secrets.env:${config.age.secrets.vaultwarden-secrets-env.path}" ]; }; }; diff --git a/secrets.nix b/secrets.nix index aff9633..248b86a 100644 --- a/secrets.nix +++ b/secrets.nix @@ -26,7 +26,7 @@ in "secrets/grafana.jakstys.lt/oidc.age" "secrets/letsencrypt/account.key.age" "secrets/headscale/oidc_client_secret2.age" - "secrets/vaultwarden/admin.env.age" + "secrets/vaultwarden/secrets.env.age" "secrets/synapse/jakstys_lt_signing_key.age" "secrets/synapse/registration_shared_secret.age" diff --git a/secrets/vaultwarden/admin.env.age b/secrets/vaultwarden/secrets.env.age similarity index 100% rename from secrets/vaultwarden/admin.env.age rename to secrets/vaultwarden/secrets.env.age