From 58f52d3ecb18c3b0f4918ea3a0e0cbd90a21d405 Mon Sep 17 00:00:00 2001 From: m3tam3re Date: Tue, 4 Jul 2023 09:18:47 +0200 Subject: [PATCH] +vaultwarden --- hosts/lkk-nix-1/default.nix | 5 +++++ hosts/lkk-nix-1/services/default.nix | 1 + hosts/lkk-nix-1/services/traefik.nix | 11 +++++++++++ secrets.nix | 7 +++++-- 4 files changed, 22 insertions(+), 2 deletions(-) diff --git a/hosts/lkk-nix-1/default.nix b/hosts/lkk-nix-1/default.nix index 604c716..07a2255 100644 --- a/hosts/lkk-nix-1/default.nix +++ b/hosts/lkk-nix-1/default.nix @@ -32,6 +32,11 @@ mj-smtp-pass.file = ../../secrets/mj-smtp-pass.age; tailscale-key.file = ../../secrets/tailscale-key.age; + vaultwarden-env = { + file = ../../secrets/vaultwarden-env.age; + mode = "770"; + }; + n8n-env = { file = ../../secrets/n8n-env.age; mode = "770"; diff --git a/hosts/lkk-nix-1/services/default.nix b/hosts/lkk-nix-1/services/default.nix index d83e5c9..a65b070 100644 --- a/hosts/lkk-nix-1/services/default.nix +++ b/hosts/lkk-nix-1/services/default.nix @@ -12,5 +12,6 @@ ./syncthing.nix ./tailscale.nix ./traefik.nix + ./vaultwarden.nix ]; } diff --git a/hosts/lkk-nix-1/services/traefik.nix b/hosts/lkk-nix-1/services/traefik.nix index 3308776..36e2fba 100644 --- a/hosts/lkk-nix-1/services/traefik.nix +++ b/hosts/lkk-nix-1/services/traefik.nix @@ -85,6 +85,8 @@ minio-console.loadBalancer.servers = [{ url = "http://localhost:9001/"; }]; metabase.loadBalancer.servers = [{ url = "http://localhost:3013/"; }]; + vaultwarden.loadBalancer.servers = + [{ url = "http://localhost:3014/"; }]; }; routers = { api = { @@ -273,6 +275,15 @@ service = "metabase"; entrypoints = "websecure"; }; + vaultwarden = { + rule = "Host(`vw.lanakk.com`)"; + tls = { + certResolver = "godaddy"; + domains = "vw.lanakk.com"; + }; + service = "metabase"; + entrypoints = "websecure"; + }; }; }; }; diff --git a/secrets.nix b/secrets.nix index cf52cb4..ca7b4e9 100644 --- a/secrets.nix +++ b/secrets.nix @@ -1,5 +1,6 @@ let - system = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC3YEmpYbM+cpmyD10tzNRHEn526Z3LJOzYpWEKdJg8DaYyPbDn9iyVX30Nja2SrW4Wadws0Y8DW+Urs25/wVB6mKl7jgPJVkMi5hfobu3XAz8gwSdjDzRSWJrhjynuaXiTtRYED2INbvjLuxx3X8coNwMw58OuUuw5kNJp5aS2qFmHEYQErQsGT4MNqESe3jvTP27Z5pSneBj45LmGK+RcaSnJe7hG+KRtjuhjI7RdzMeDCX73SfUsal+rHeuEw/mmjYmiIItXhFTDn8ZvVwpBKv7xsJG90DkaX2vaTk0wgJdMnpVIuIRBa4EkmMWOQ3bMLGkLQeK/4FUkNcvQ/4+zcZsg4cY9Q7Fj55DD41hAUdF6SYODtn5qMPsTCnJz44glHt/oseKXMSd556NIw2HOvihbJW7Rwl4OEjGaO/dF4nUw4c9tHWmMn9dLslAVpUuZOb7ykgP0jk79ldT3Dv+2Hj0CdAWT2cJAdFX58KQ9jUPT3tBnObSF1lGMI7t77VU="; + system = + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC3YEmpYbM+cpmyD10tzNRHEn526Z3LJOzYpWEKdJg8DaYyPbDn9iyVX30Nja2SrW4Wadws0Y8DW+Urs25/wVB6mKl7jgPJVkMi5hfobu3XAz8gwSdjDzRSWJrhjynuaXiTtRYED2INbvjLuxx3X8coNwMw58OuUuw5kNJp5aS2qFmHEYQErQsGT4MNqESe3jvTP27Z5pSneBj45LmGK+RcaSnJe7hG+KRtjuhjI7RdzMeDCX73SfUsal+rHeuEw/mmjYmiIItXhFTDn8ZvVwpBKv7xsJG90DkaX2vaTk0wgJdMnpVIuIRBa4EkmMWOQ3bMLGkLQeK/4FUkNcvQ/4+zcZsg4cY9Q7Fj55DD41hAUdF6SYODtn5qMPsTCnJz44glHt/oseKXMSd556NIw2HOvihbJW7Rwl4OEjGaO/dF4nUw4c9tHWmMn9dLslAVpUuZOb7ykgP0jk79ldT3Dv+2Hj0CdAWT2cJAdFX58KQ9jUPT3tBnObSF1lGMI7t77VU="; in { "mj-smtp-user.age".publicKeys = [ system ]; "mj-smtp-pass.age".publicKeys = [ system ]; @@ -13,7 +14,7 @@ in { "tailscale-key.age".publicKeys = [ system ]; "wg-key.age".publicKeys = [ system ]; - + "briefkasten-env.age".publicKeys = [ system ]; "littlelink-lanakk-env.age".publicKeys = [ system ]; @@ -22,4 +23,6 @@ in { "traefik-env.age".publicKeys = [ system ]; "minio-system-cred.age".publicKeys = [ system ]; + + "vaultwarden-env.age".publicKeys = [ system ]; }