split up hopper lab configuration into multiple files

2025-02-22 18:52:16 +01:00 · 2025-02-22 18:52:16 +01:00 · b69fbbcde9
commit b69fbbcde9
parent f077fbe3fd
14 changed files with 435 additions and 404 deletions
--- a/sys/machines/hopper/lab/vaultwarden.nix
+++ b/sys/machines/hopper/lab/vaultwarden.nix
@ -0,0 +1,22 @@
+{config, ...}: {
+  systemd.services.vaultwarden = {
+    serviceConfig.EnvironmentFile = config.sops.secrets.vaultwarden-env.path;
+    vpnConfinement = {
+      enable = true;
+      vpnNamespace = "wg";
+    };
+  };
+  # NOTE send doesnt work, probably due to my cloudflare port rewriting rules
+  services.vaultwarden = {
+    enable = true;
+    config = {
+      DOMAIN = "https://${config.services.caddy.virtualHosts.vw.hostName}";
+      ROCKET_ADDRESS = "127.0.0.1";
+      ROCKET_PORT = 35381;
+      ROCKET_LOG = "critical";
+      SIGNUPS_ALLOWED = false;
+    };
+  };
+
+  services.restic.backups.hopper.paths = ["/var/lib/bitwarden_rs"];
+}