motiejus
/
config
1
Fork 0
Code Packages Releases Activity

vaultwarden: smtp and secrets

This commit is contained in:
Motiejus Jakštys 2023-09-07 13:04:38 +03:00
parent 83a20aa69a
commit 633e093969
4 changed files with 14 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
flake.nix
View File

@ -64,7 +64,7 @@
age.secrets.borgbackup-password.file = ./secrets/vno1-oh2/borgbackup/password.age; age.secrets.borgbackup-password.file = ./secrets/vno1-oh2/borgbackup/password.age;
age.secrets.grafana-oidc.file = ./secrets/grafana.jakstys.lt/oidc.age; age.secrets.grafana-oidc.file = ./secrets/grafana.jakstys.lt/oidc.age;
age.secrets.letsencrypt-account-key.file = ./secrets/letsencrypt/account.key.age; age.secrets.letsencrypt-account-key.file = ./secrets/letsencrypt/account.key.age;
age.secrets.vaultwarden-admin-env.file = ./secrets/vaultwarden/admin.env.age; age.secrets.vaultwarden-secrets-env.file = ./secrets/vaultwarden/secrets.env.age;
age.secrets.synapse-jakstys-signing-key.file = ./secrets/synapse/jakstys_lt_signing_key.age; age.secrets.synapse-jakstys-signing-key.file = ./secrets/synapse/jakstys_lt_signing_key.age;
age.secrets.synapse-registration-shared-secret.file = ./secrets/synapse/registration_shared_secret.age; age.secrets.synapse-registration-shared-secret.file = ./secrets/synapse/registration_shared_secret.age;

16
hosts/vno1-oh2/configuration.nix
View File

@ -419,6 +419,7 @@
ROCKET_LOG = "critical"; ROCKET_LOG = "critical";
DOMAIN = "https://bitwarden.jakstys.lt"; DOMAIN = "https://bitwarden.jakstys.lt";
SIGNUPS_ALLOWED = true; SIGNUPS_ALLOWED = true;
INVITATION_ORG_NAME = "jakstys";
# TODO remove after 1.29.0 # TODO remove after 1.29.0
WEBSOCKET_ENABLED = true; WEBSOCKET_ENABLED = true;
@ -428,12 +429,17 @@
SMTP_HOST = "127.0.0.1"; SMTP_HOST = "127.0.0.1";
SMTP_PORT = 25; SMTP_PORT = 25;
SMTP_SECURITY = "off"; SMTP_SECURITY = "off";
SMTP_FROM = "admin@jakstys.lt";
SMTP_FROM_NAME = "jakstys.lt Bitwarden server"; #USE_SENDMAIL = true;
#SENDMAIL_COMMAND = "${pkgs.postfix}/bin/sendmail";
#SMTP_FROM = "admin@jakstys.lt";
#SMTP_FROM_NAME = "jakstys.lt Bitwarden server";
}; };
}; };
}; };
users.users.vaultwarden.extraGroups = ["postdrop"];
systemd.services = { systemd.services = {
caddy = let caddy = let
grafana = config.mj.services.nsd-acme.zones."grafana.jakstys.lt"; grafana = config.mj.services.nsd-acme.zones."grafana.jakstys.lt";
@ -474,10 +480,12 @@
}; };
vaultwarden = { vaultwarden = {
preStart = "ln -sf $CREDENTIALS_DIRECTORY/secrets.env /run/vaultwarden/secrets.env";
serviceConfig = { serviceConfig = {
EnvironmentFile = ["$CREDENTIALS_DIRECTORY/admin.env"]; EnvironmentFile = ["-/run/vaultwarden/secrets.env"];
RuntimeDirectory = "vaultwarden";
LoadCredential = [ LoadCredential = [
"admin.env:${config.age.secrets.vaultwarden-admin-env.path}" "secrets.env:${config.age.secrets.vaultwarden-secrets-env.path}"
]; ];
}; };
}; };

2
secrets.nix
View File

@ -26,7 +26,7 @@ in
"secrets/grafana.jakstys.lt/oidc.age" "secrets/grafana.jakstys.lt/oidc.age"
"secrets/letsencrypt/account.key.age" "secrets/letsencrypt/account.key.age"
"secrets/headscale/oidc_client_secret2.age" "secrets/headscale/oidc_client_secret2.age"
"secrets/vaultwarden/admin.env.age" "secrets/vaultwarden/secrets.env.age"
"secrets/synapse/jakstys_lt_signing_key.age" "secrets/synapse/jakstys_lt_signing_key.age"
"secrets/synapse/registration_shared_secret.age" "secrets/synapse/registration_shared_secret.age"

0
secrets/vaultwarden/admin.env.age → secrets/vaultwarden/secrets.env.age
View File