jordan/nix-config
1
1
Fork 0
Code Issues 10 Pull Requests Actions Projects 3 Wiki Activity

vaultwarden: move envfile to agenix-rekey
All checks were successful
Check flake / build-amd64-linux (push) Successful in 1m22s
Details

Browse Source
This commit is contained in:
Jordan Holt
2025-09-01 23:22:58 +01:00
parent d43519fc29
commit b3b46e0c2f
3 changed files with 19 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
hosts/vps1/secrets/vaultwarden-env.age Normal file
View File

@@ -0,0 +1,7 @@
age-encryption.org/v1
-> piv-p256 a1N2XA Ag/fE6bqn8kUPXEmxU7IcEaW4pRp8Ug5Tvj/49d3kN55
TNVXUZ38JKTWte+31iuyGDy7P4zJkQzYb+g4QVXu1QM
-> 0S&-grease fn plj(( ShqRnf
qZ/b2Xf2MA
--- 4HChQHR3R3I0DwDrx7DNmAa+gMhlzY18s3qyGndAitM
H<1C>h><3E><>p<08>5<EFBFBD>vybdN<64>X<EFBFBD><16>ki]<5D>)<29>!p|<7C>8HL<48><4C>OM{<7B><><0F><><EFBFBD> <0B>8<EFBFBD><38>s<EFBFBD><73>LF<4C><46>jM}<7D>:<02>]<5D><EFBFBD>Ǡk<C7A0><6B>%$<24><><EFBFBD>H<EFBFBD><48><EFBFBD>7R<37><52><EFBFBD>Q<EFBFBD>#<23>#<23>f<EFBFBD>*\<5C>X F4<46>.}<7D>0<EFBFBD><30><EFBFBD><EFBFBD><EFBFBD>{<7B>փpto<>,<2C><>yTs<54>M-<2D><><EFBFBD>X<EFBFBD><16>7<EFBFBD><37>H<EFBFBD><48>usfa [<5B>#<23>K<EFBFBD>}<7D><> <0C>:K<>0q<30><71><EFBFBD><EFBFBD>B(o#?eG<1E>50<><30>Ҹ<><D2B8>ɧ<EFBFBD>P<EFBFBD>_gC<67>F

9
hosts/vps1/vaultwarden.nix
View File

@@ -1,5 +1,4 @@
{ {
inputs,
config, config,
lib, lib,
... ...
@@ -12,8 +11,10 @@ let
domain = "vaultwarden.${baseDomain}"; domain = "vaultwarden.${baseDomain}";
in in
{ {
age.secrets."files/services/vaultwarden/envfile" = { age.secrets.vaultwarden-env = {
file = "${inputs.secrets}/files/services/vaultwarden/envfile.age"; rekeyFile = ./secrets/vaultwarden-env.age;
mode = "0440";
group = "vaultwarden";
}; };
services.vaultwarden = { services.vaultwarden = {
@@ -33,7 +34,7 @@ in
invitationOrgName = "Vaultwarden"; invitationOrgName = "Vaultwarden";
domain = "https://${domain}"; domain = "https://${domain}";
}; };
environmentFile = config.age.secrets."files/services/vaultwarden/envfile".path; environmentFile = config.age.secrets.vaultwarden-env.path;
}; };
services.nginx.virtualHosts = { services.nginx.virtualHosts = {

7
secrets/rekeyed/vps1/7e6c3b34b489200f3767ae0f1e6a9f42-vaultwarden-env.age Normal file
View File

@@ -0,0 +1,7 @@
age-encryption.org/v1
-> ssh-ed25519 lOyIlA goXUvK9rMf7kQ+UZ3aXjHxa5HukNU8pNafu5AbnDaT4
7DrqHf133Y3A3NV/tjW/jMGrim02LZ79EMM2yLNEKR8
-> }AV-grease VKakg LdQ~#
aiiVL/zHxATk1wMQ6vFN91tz1hawMBndFzE6Vl/ck6OeL9DS0GswlylbXvuCbg
--- FNJQXjKg1S56UIcgg5+jsRSbtXKVyHKXgtajpaqvqNs
<EFBFBD><EFBFBD>i<><69>L<EFBFBD><4C><EFBFBD><EFBFBD><1B>|<7C>2\<5C>g5<67>mC<1F>= ,<2C><>;<14><><EFBFBD><EFBFBD><19><><EFBFBD><EFBFBD>F<EFBFBD><46>p<EFBFBD>N<EFBFBD><4E>