From 57e08d101ddf061759e2de14e849a49fb253bf2e Mon Sep 17 00:00:00 2001
From: min <minish@riseup.net>
Date: Sun, 22 Dec 2024 02:11:19 -0500
Subject: [PATCH] Deploy Vaultwarden

---
 nixos/hosts/eidola/mounts.nix                  |  2 ++
 nixos/hosts/eidola/services/default.nix        |  1 +
 nixos/hosts/eidola/services/vaultwarden.nix    | 18 ++++++++++++++++++
 nixos/hosts/silver/services/default.nix        |  2 ++
 .../hosts/silver/services/shim-vaultwarden.nix | 14 ++++++++++++++
 5 files changed, 37 insertions(+)
 create mode 100644 nixos/hosts/eidola/services/vaultwarden.nix
 create mode 100644 nixos/hosts/silver/services/shim-vaultwarden.nix

diff --git a/nixos/hosts/eidola/mounts.nix b/nixos/hosts/eidola/mounts.nix
index 6098361..28d54ce 100644
--- a/nixos/hosts/eidola/mounts.nix
+++ b/nixos/hosts/eidola/mounts.nix
@@ -13,6 +13,8 @@
 
       "/etc/zfs"
       "/var/lib/samba"
+
+      "/var/lib/bitwarden_rs"
     ];
     files = [
       "/etc/machine-id"
diff --git a/nixos/hosts/eidola/services/default.nix b/nixos/hosts/eidola/services/default.nix
index 70956a6..ddfbc90 100644
--- a/nixos/hosts/eidola/services/default.nix
+++ b/nixos/hosts/eidola/services/default.nix
@@ -1,5 +1,6 @@
 {...}: {
   imports = [
     ./samba.nix
+    ./vaultwarden.nix
   ];
 }
diff --git a/nixos/hosts/eidola/services/vaultwarden.nix b/nixos/hosts/eidola/services/vaultwarden.nix
new file mode 100644
index 0000000..5b03b13
--- /dev/null
+++ b/nixos/hosts/eidola/services/vaultwarden.nix
@@ -0,0 +1,18 @@
+{...}: let
+  ipInternal = "10.13.1.1";
+
+  dom = "pw.min.rip";
+in {
+  services.vaultwarden = {
+    enable = true;
+
+    config = {
+      DOMAIN = "https://${dom}";
+      SIGNUPS_ALLOWED = false;
+      SHOW_PASSWORD_HINT = false;
+
+      ROCKET_ADDRESS = ipInternal;
+      ROCKET_PORT = 14210;
+    };
+  };
+}
diff --git a/nixos/hosts/silver/services/default.nix b/nixos/hosts/silver/services/default.nix
index dbd218e..0002cd9 100644
--- a/nixos/hosts/silver/services/default.nix
+++ b/nixos/hosts/silver/services/default.nix
@@ -8,6 +8,8 @@
     ./nebula.nix
     ./prometheus.nix
     ./grafana.nix
+
+    ./shim-vaultwarden.nix
   ];
 
   security.acme = {
diff --git a/nixos/hosts/silver/services/shim-vaultwarden.nix b/nixos/hosts/silver/services/shim-vaultwarden.nix
new file mode 100644
index 0000000..020822c
--- /dev/null
+++ b/nixos/hosts/silver/services/shim-vaultwarden.nix
@@ -0,0 +1,14 @@
+{...}: let
+  httpIntAddr = "10.13.1.1";
+  httpIntPort = 14210;
+  dom = "pw.min.rip";
+in {
+  services.nginx.virtualHosts.${dom} = {
+    forceSSL = true;
+    enableACME = true;
+
+    locations."/" = {
+      proxyPass = "http://${toString httpIntAddr}:${toString httpIntPort}";
+    };
+  };
+}