vaultwarden: add admin secret

This commit is contained in:
Motiejus Jakštys 2023-09-07 10:51:27 +03:00
parent 9163143204
commit 721a9b2c5c
4 changed files with 14 additions and 2 deletions

View File

@ -64,6 +64,7 @@
age.secrets.borgbackup-password.file = ./secrets/vno1-oh2/borgbackup/password.age; age.secrets.borgbackup-password.file = ./secrets/vno1-oh2/borgbackup/password.age;
age.secrets.grafana-oidc.file = ./secrets/grafana.jakstys.lt/oidc.age; age.secrets.grafana-oidc.file = ./secrets/grafana.jakstys.lt/oidc.age;
age.secrets.letsencrypt-account-key.file = ./secrets/letsencrypt/account.key.age; age.secrets.letsencrypt-account-key.file = ./secrets/letsencrypt/account.key.age;
age.secrets.vaultwarden-admin-env.file = ./secrets/vaultwarden/admin.env.age;
age.secrets.synapse-jakstys-signing-key.file = ./secrets/synapse/jakstys_lt_signing_key.age; age.secrets.synapse-jakstys-signing-key.file = ./secrets/synapse/jakstys_lt_signing_key.age;
age.secrets.synapse-registration-shared-secret.file = ./secrets/synapse/registration_shared_secret.age; age.secrets.synapse-registration-shared-secret.file = ./secrets/synapse/registration_shared_secret.age;

View File

@ -412,12 +412,13 @@
vaultwarden = { vaultwarden = {
enable = true; enable = true;
config = { config = {
ROCKET_ADDRESS = "127.0.0.1"; ROCKET_ADDRESS = "127.0.0.1";
ROCKET_PORT = myData.ports.vaultwarden; ROCKET_PORT = myData.ports.vaultwarden;
DOMAIN = "https://bitwarden.jakstys.lt";
SIGNUPS_ALLOWED = false;
ROCKET_LOG = "critical"; ROCKET_LOG = "critical";
DOMAIN = "https://bitwarden.jakstys.lt";
SIGNUPS_ALLOWED = true;
# TODO remove after 1.29.0 # TODO remove after 1.29.0
WEBSOCKET_ENABLED = true; WEBSOCKET_ENABLED = true;
@ -472,6 +473,15 @@
requires = ["nsd-acme-irc.jakstys.lt.service"]; requires = ["nsd-acme-irc.jakstys.lt.service"];
}; };
vaultwarden = {
serviceConfig = {
environmentFile = ["$CREDENTIALS_DIRECTORY/admin.env"];
LoadCredential = [
"admin.env:${config.age.secrets.vaultwarden-admin-env.path}"
];
};
};
grafana = { grafana = {
preStart = "ln -sf $CREDENTIALS_DIRECTORY/oidc /run/grafana/oidc-secret"; preStart = "ln -sf $CREDENTIALS_DIRECTORY/oidc /run/grafana/oidc-secret";
serviceConfig = { serviceConfig = {

View File

@ -26,6 +26,7 @@ in
"secrets/grafana.jakstys.lt/oidc.age" "secrets/grafana.jakstys.lt/oidc.age"
"secrets/letsencrypt/account.key.age" "secrets/letsencrypt/account.key.age"
"secrets/headscale/oidc_client_secret2.age" "secrets/headscale/oidc_client_secret2.age"
"secrets/vaultwarden/admin.env.age"
"secrets/synapse/jakstys_lt_signing_key.age" "secrets/synapse/jakstys_lt_signing_key.age"
"secrets/synapse/registration_shared_secret.age" "secrets/synapse/registration_shared_secret.age"

Binary file not shown.